/ /

Arquitectura Multiclúster sin Service Mesh

Docs Home

/ /

Arquitecturas de Referencia

Arquitectura Multiclúster sin Service Mesh

Docs Home

Gestión

Controladores para el Operador de Kubernetes

Arquitecturas de Referencia

Arquitectura Multiclúster sin Service Mesh

ReplicaSets multi-clúster sin un Service Mesh

Las implementaciones de MongoDB multinube en clústeres de Kubernetes permiten añadir instancias de MongoDB en clústeres globales que abarcan varias regiones geográficas para aumentar la disponibilidad y la distribución global de los datos.

Requisitos previos

Antes de comenzar el siguiente procedimiento, tome las siguientes acciones:

Instale kubectl.
Instalar mongosh
Complete el procedimiento de clústeres de GKE o el equivalente.
Complete el Procedimiento de DNS externo o el equivalente.
Completar el procedimiento de certificados TLS o el equivalente.
Completa el procedimiento Implementar el operador de MongoDB.
Completa el procedimiento de Multi-clúster Ops Manager. Puedes omitir este paso si usas Cloud Manager en lugar de Ops Manager.
Configura las variables de entorno requeridas de la siguiente manera:

# This script builds on top of the environment configured in the setup guides.
# It depends (uses) the following env variables defined there to work correctly.
# If you don't use the setup guide to bootstrap the environment, then define them here.
#  ${K8S_CLUSTER_0_CONTEXT_NAME}
#  ${K8S_CLUSTER_1_CONTEXT_NAME}
#  ${K8S_CLUSTER_2_CONTEXT_NAME}
#  ${MDB_NAMESPACE}
#  ${CUSTOM_DOMAIN}
export RS_RESOURCE_NAME=mdb
export MONGODB_VERSION="8.0.5-ent"
export MDB_CLUSTER_0_EXTERNAL_DOMAIN="${K8S_CLUSTER_0}.${CUSTOM_DOMAIN}"
export MDB_CLUSTER_1_EXTERNAL_DOMAIN="${K8S_CLUSTER_1}.${CUSTOM_DOMAIN}"
export MDB_CLUSTER_2_EXTERNAL_DOMAIN="${K8S_CLUSTER_2}.${CUSTOM_DOMAIN}"

Código fuente

Se puede encontrar todo el código fuente incluido en el repositorio de MongoDB Kubernetes operador.

Procedimiento

Cree un certificado de CA.

Ejecute el siguiente script para crear el certificado CA requerido con su emisor de certificados.

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2 apiVersion: cert-manager.io/v1
3 kind: Certificate
4 metadata:
5   name: mdb-cert
6 spec:
7   dnsNames:
8   - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
9   - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
10   - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
11   duration: 240h0m0s
12   issuerRef:
13     name: my-ca-issuer
14     kind: ClusterIssuer
15   renewBefore: 120h0m0s
16   secretName: cert-prefix-mdb-cert
17   usages:
18   - server auth
19   - client auth
20 EOF

Implemente el recurso MongoDBMultiCluster.

spec.credentialsConfigure,, quespec.opsManager.configMapRef.name definió en el procedimiento Multi-Cluster Ops Manager Without a Service Mesh; defina su configuración de seguridad e implemente el recurso MongoDBMultiCluster.

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2 apiVersion: mongodb.com/v1
3 kind: MongoDBMultiCluster
4 metadata:
5   name: ${RS_RESOURCE_NAME}
6 spec:
7   type: ReplicaSet
8   version: ${MONGODB_VERSION}
9   opsManager:
10     configMapRef:
11       name: mdb-org-project-config
12   credentials: mdb-org-owner-credentials
13   duplicateServiceObjects: false
14   persistent: true
15   backup:
16     mode: enabled
17   security:
18     certsSecretPrefix: cert-prefix
19     tls:
20       ca: ca-issuer
21     authentication:
22       enabled: true
23       modes: ["SCRAM"]
24   clusterSpecList:
25     - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
26       members: 2
27       externalAccess:
28         externalDomain: "${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
29         externalService:
30           annotations:
31              external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
32     - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
33       members: 1
34       externalAccess:
35         externalDomain: "${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
36         externalService:
37           annotations:
38              external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
39     - clusterName: ${K8S_CLUSTER_2_CONTEXT_NAME}
40       members: 2
41       externalAccess:
42         externalDomain: "${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
43         externalService:
44           annotations:
45              external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
46 EOF

Verifica que el recurso MongoDBMultiCluster esté en ejecución.

Ejecuta el siguiente comando para confirmar que el recurso MongoDBMultiCluster se está ejecutando.

1 echo; echo "Waiting for MongoDB to reach Running phase..."
2 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RS_RESOURCE_NAME}" --timeout=900s
3 echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
4 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
5 echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"
6 kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
7 echo; echo "Pods running in cluster ${K8S_CLUSTER_2_CONTEXT_NAME}"
8 kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods

Cree un usuario de MongoDB y una contraseña.

Ejecuta el siguiente comando para crear un usuario y una contraseña de MongoDB. Utiliza contraseñas seguras para tus implementaciones.

1 kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2 apiVersion: v1
3 kind: Secret
4 metadata:
5   name: rs-user-password
6 type: Opaque
7 stringData:
8   password: password
9 ---
10 apiVersion: mongodb.com/v1
11 kind: MongoDBUser
12 metadata:
13   name: rs-user
14 spec:
15   passwordSecretKeyRef:
16     name: rs-user-password
17     key: password
18   username: "rs-user"
19   db: "admin"
20   mongodbResourceRef:
21     name: ${RS_RESOURCE_NAME}
22   roles:
23   - db: "admin"
24     name: "root"
25 EOF
26 
27 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user --timeout=300s

Verifica la conectividad.

Ejecuta el siguiente comando mongosh para asegurarte de que puedes acceder a la instancia en ejecución de MongoDB.

1 external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RS_RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
2 
3 mkdir -p certs
4 kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt
5 
6 mongosh --host "${external_ip}" --username rs-user --password password --tls --tlsCAFile certs/ca.crt --tlsAllowInvalidHostnames --eval "db.runCommand({connectionStatus : 1})"

{
  authInfo: {
    authenticatedUsers: [ { user: 'rs-user', db: 'admin' } ],
    authenticatedUserRoles: [ { role: 'root', db: 'admin' } ]
  },
  ok: 1,
  '$clusterTime': {
    clusterTime: Timestamp({ t: 1760521386, i: 1 }),
    signature: {
      hash: Binary.createFromBase64('nCxvHqL7u+BPXpaCj480Z3H0Ilk=', 0),
      keyId: Long('7561381759598723078')
    }
  },
  operationTime: Timestamp({ t: 1760521386, i: 1 })
}

Volver

Gestor de operaciones Multi-clúster

Clúster particionado multi-clúster

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2	apiVersion: cert-manager.io/v1
3	kind: Certificate
4	metadata:
5	name: mdb-cert
6	spec:
7	dnsNames:
8	- "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
9	- "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
10	- "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
11	duration: 240h0m0s
12	issuerRef:
13	name: my-ca-issuer
14	kind: ClusterIssuer
15	renewBefore: 120h0m0s
16	secretName: cert-prefix-mdb-cert
17	usages:
18	- server auth
19	- client auth
20	EOF

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2	apiVersion: mongodb.com/v1
3	kind: MongoDBMultiCluster
4	metadata:
5	name: ${RS_RESOURCE_NAME}
6	spec:
7	type: ReplicaSet
8	version: ${MONGODB_VERSION}
9	opsManager:
10	configMapRef:
11	name: mdb-org-project-config
12	credentials: mdb-org-owner-credentials
13	duplicateServiceObjects: false
14	persistent: true
15	backup:
16	mode: enabled
17	security:
18	certsSecretPrefix: cert-prefix
19	tls:
20	ca: ca-issuer
21	authentication:
22	enabled: true
23	modes: ["SCRAM"]
24	clusterSpecList:
25	- clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
26	members: 2
27	externalAccess:
28	externalDomain: "${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
29	externalService:
30	annotations:
31	external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
32	- clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
33	members: 1
34	externalAccess:
35	externalDomain: "${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
36	externalService:
37	annotations:
38	external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
39	- clusterName: ${K8S_CLUSTER_2_CONTEXT_NAME}
40	members: 2
41	externalAccess:
42	externalDomain: "${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
43	externalService:
44	annotations:
45	external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
46	EOF

1	echo; echo "Waiting for MongoDB to reach Running phase..."
2	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RS_RESOURCE_NAME}" --timeout=900s
3	echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
4	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
5	echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"
6	kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
7	echo; echo "Pods running in cluster ${K8S_CLUSTER_2_CONTEXT_NAME}"
8	kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods

1	kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2	apiVersion: v1
3	kind: Secret
4	metadata:
5	name: rs-user-password
6	type: Opaque
7	stringData:
8	password: password
9	---
10	apiVersion: mongodb.com/v1
11	kind: MongoDBUser
12	metadata:
13	name: rs-user
14	spec:
15	passwordSecretKeyRef:
16	name: rs-user-password
17	key: password
18	username: "rs-user"
19	db: "admin"
20	mongodbResourceRef:
21	name: ${RS_RESOURCE_NAME}
22	roles:
23	- db: "admin"
24	name: "root"
25	EOF
26
27	kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user --timeout=300s

1	external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RS_RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
2
3	mkdir -p certs
4	kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt
5
6	mongosh --host "${external_ip}" --username rs-user --password password --tls --tlsCAFile certs/ca.crt --tlsAllowInvalidHostnames --eval "db.runCommand({connectionStatus : 1})"