MongoDB.local SF, Jan 15: See the speaker lineup & ship your AI vision faster. Use WEB50 to save 50%
Find out more >
Docs Menu
Docs Home
/ /
검색 배포 및 벡터 검색
Docs Home
/
관리
/
Kubernetes Operator용 컨트롤러
/
검색 배포 및 벡터 검색
Docs Home
/
관리
/
Kubernetes Operator용 컨트롤러
/
검색 배포 및 벡터 검색

MongoDB 엔터프라이즈 로 검색 설치 및 사용

Kubernetes Operator를 사용하여 MongoDB Search 및 Vector Search 리소스를 배포8.2.0 Kubernetes 클러스터 에서 MongoDB 엔터프라이즈 v 이상으로 실행 수 있습니다. 이 절차에서는 mongot Kubernetes 클러스터 의 신규 또는 기존 복제본 세트 와 함께 실행 프로세스 배포 하고 구성하는 방법을 보여 줍니다. 배포서버 TLS 인증서를 사용하여MongoDB 노드와 mongot 검색 프로세스 간의 보안 통신을 보장합니다.

전제 조건

MongoDB Search 및 Vector Search를 배포 하려면 다음이 필요합니다.

  • 로컬에서 사용할 수 있는 kubeconfig 가 포함 실행 Kubernetes 클러스터 입니다.

  • Kubernetes 명령줄 도구인 kubectl이(가) 클러스터 와 통신하도록 구성되었습니다.

  • Kubernetes 용 패키지 관리자인Helm을 사용하여 Kubernetes Operator를 설치합니다.

  • 이 튜토리얼의 명령을 실행 하려면 Bash v5.1 이상을 사용해야 합니다.

  • MongoDB Ops Manager 또는 MongoDB Cloud Manager 프로젝트 및 API 자격 증명.

절차

1

필수 사항입니다. 환경 변수를 설정합니다.

이 절차의 후속 단계에서 사용할 환경 변수를 설정합니다. 다음 명령을 복사하여 환경에 맞는 값을 업데이트 다음, 이를 실행 변수를 로드합니다.

1# set it to the context name of the k8s cluster
2export K8S_CTX="<local cluster context>"
3
4# the following namespace will be created if not exists
5export MDB_NS="mongodb"
6
7# name of the MongoDB Custom Resource.
8export MDB_RESOURCE_NAME="mdb-rs"
9
10export MDB_MEMBERS=3
11# OM/CM's project name to be used to manage mongodb replica set
12export OPS_MANAGER_PROJECT_NAME="<arbitrary project name>"
13
14# URL to Cloud Manager or Ops Manager instance
15export OPS_MANAGER_API_URL="https://cloud-qa.mongodb.com"
16
17# The API key can be an Org Owner - the operator can create the project automatically then.
18# The API key can also be created in a particular project that was created manually with the Project Owner scope.
19export OPS_MANAGER_API_USER="<SET API USER>"
20export OPS_MANAGER_API_KEY="<SET API KEY>"
21export OPS_MANAGER_ORG_ID="<SET ORG ID>"
22
23# minimum required MongoDB version for running MongoDB Search is 8.2.0
24export MDB_VERSION="8.2.0-ent"
25
26# root admin user for convenience, not used here at all in this guide
27export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
28# regular user performing restore and search queries on sample mflix database
29export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
30# user for MongoDB Search to connect to the replica set to synchronise data from
31export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
32
33export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
34# comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator
35export OPERATOR_ADDITIONAL_HELM_VALUES=""
36
37export MDB_TLS_CERT_SECRET_PREFIX="certs"
38export MDB_TLS_CA_CONFIGMAP="${MDB_RESOURCE_NAME}-ca-configmap"
39
40export CERT_MANAGER_NAMESPACE="cert-manager"
41export MDB_TLS_SELF_SIGNED_ISSUER="selfsigned-bootstrap-issuer"
42export MDB_TLS_CA_CERT_NAME="my-selfsigned-ca"
43export MDB_TLS_CA_SECRET_NAME="root-secret"
44export MDB_TLS_CA_ISSUER="my-ca-issuer"
45export MDB_TLS_SERVER_CERT_SECRET_NAME="${MDB_TLS_CERT_SECRET_PREFIX}-${MDB_RESOURCE_NAME}-cert"
46export MDB_SEARCH_TLS_SECRET_NAME="${MDB_RESOURCE_NAME}-search-tls"
47
48export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=${MDB_RESOURCE_NAME}&tls=true&tlsCAFile=/tls/ca.crt"
2

조건부. MongoDB Helm 리포지토리 추가합니다.

Helm 은 Kubernetes 에서 MongoDB 인스턴스의 배포서버 및 관리 자동화합니다. Kubernetes Operator 연산자 설치를 위한 Helm 차트 포함된 Helm 리포지토리 이미 추가한 경우 이 단계를 건너뜁니다. 그렇지 않으면 Helm 리포지토리 추가합니다.

다음 명령을 추가, 복사, 붙여넣기 및 실행 하려면 다음을 수행하세요.

1helm repo add mongodb https://mongodb.github.io/helm-charts
2helm repo update mongodb
3helm search repo mongodb/mongodb-kubernetes
1"mongodb" has been added to your repositories
2Hang tight while we grab the latest from your chart repositories...
3...Successfully got an update from the "mongodb" chart repository
4Update Complete. ⎈Happy Helming!⎈
5NAME                      	CHART VERSION	APP VERSION	DESCRIPTION                                       
6mongodb/mongodb-kubernetes	1.6.1        	           	MongoDB Controllers for Kubernetes translate th...
3

조건부. Kubernetes Operator용 MongoDB 컨트롤러를 설치합니다.

Kubernetes Operator는 MongoDB, MongoDBOpsManager 및 MongoDBSearch 사용자 지정 리소스를 감시하고 MongoDB deployment의 수명 주기를 관리합니다. Kubernetes Operator용 MongoDB 컨트롤러를 이미 설치한 경우 이 단계를 건너뛰세요. 그렇지 않으면 이전 단계에서 추가한 Helm 리포지토리 에서 Kubernetes Operator용 MongoDB 컨트롤러를 설치합니다.

mongodb 네임스페이스 에 Kubernetes Operator용 MongoDB 컨트롤러를 설치하려면 다음을 복사하여 붙여넣고 실행 .

1helm upgrade --install --debug --kube-context "${K8S_CTX}" \
2  --create-namespace \
3  --namespace="${MDB_NS}" \
4  mongodb-kubernetes \
5  ${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
6  "${OPERATOR_HELM_CHART}"
1Release "mongodb-kubernetes" does not exist. Installing it now.
2NAME: mongodb-kubernetes
3LAST DEPLOYED: Wed Dec 17 11:23:39 2025
4NAMESPACE: mongodb
5STATUS: deployed
6REVISION: 1
7TEST SUITE: None
8USER-SUPPLIED VALUES:
9{}
10
11COMPUTED VALUES:
12agent:
13  name: mongodb-agent
14  version: 108.0.12.8846-1
15community:
16  agent:
17    name: mongodb-agent
18    version: 108.0.2.8729-1
19  mongodb:
20    imageType: ubi8
21    name: mongodb-community-server
22    repo: quay.io/mongodb
23  registry:
24    agent: quay.io/mongodb
25  resource:
26    members: 3
27    name: mongodb-replica-set
28    tls:
29      caCertificateSecretRef: tls-ca-key-pair
30      certManager:
31        certDuration: 8760h
32        renewCertBefore: 720h
33      certificateKeySecretRef: tls-certificate
34      enabled: false
35      sampleX509User: false
36      useCertManager: true
37      useX509: false
38    version: 4.4.0
39database:
40  name: mongodb-kubernetes-database
41  version: 1.6.1
42initAppDb:
43  name: mongodb-kubernetes-init-appdb
44  version: 1.6.1
45initDatabase:
46  name: mongodb-kubernetes-init-database
47  version: 1.6.1
48initOpsManager:
49  name: mongodb-kubernetes-init-ops-manager
50  version: 1.6.1
51managedSecurityContext: false
52mongodb:
53  appdbAssumeOldFormat: false
54  name: mongodb-enterprise-server
55  repo: quay.io/mongodb
56multiCluster:
57  clusterClientTimeout: 10
58  clusters: []
59  kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
60  performFailOver: true
61operator:
62  additionalArguments: []
63  affinity: {}
64  baseName: mongodb-kubernetes
65  createOperatorServiceAccount: true
66  createResourcesServiceAccountsAndRoles: true
67  deployment_name: mongodb-kubernetes-operator
68  enableClusterMongoDBRoles: true
69  enablePVCResize: true
70  env: prod
71  maxConcurrentReconciles: 1
72  mdbDefaultArchitecture: non-static
73  name: mongodb-kubernetes-operator
74  nodeSelector: {}
75  operator_image_name: mongodb-kubernetes
76  podSecurityContext:
77    runAsNonRoot: true
78    runAsUser: 2000
79  replicas: 1
80  resources:
81    limits:
82      cpu: 1100m
83      memory: 1Gi
84    requests:
85      cpu: 500m
86      memory: 200Mi
87  securityContext: {}
88  telemetry:
89    collection:
90      clusters: {}
91      deployments: {}
92      frequency: 1h
93      operators: {}
94    send:
95      frequency: 168h
96  tolerations: []
97  vaultSecretBackend:
98    enabled: false
99    tlsSecretRef: ""
100  version: 1.6.1
101  watchedResources:
102  - mongodb
103  - opsmanagers
104  - mongodbusers
105  - mongodbcommunity
106  - mongodbsearch
107  webhook:
108    installClusterRole: true
109    registerConfiguration: true
110opsManager:
111  name: mongodb-enterprise-ops-manager-ubi
112readinessProbe:
113  name: mongodb-kubernetes-readinessprobe
114  version: 1.0.23
115registry:
116  agent: quay.io/mongodb
117  database: quay.io/mongodb
118  imagePullSecrets: null
119  initAppDb: quay.io/mongodb
120  initDatabase: quay.io/mongodb
121  initOpsManager: quay.io/mongodb
122  operator: quay.io/mongodb
123  opsManager: quay.io/mongodb
124  pullPolicy: Always
125  readinessProbe: quay.io/mongodb
126  versionUpgradeHook: quay.io/mongodb
127search:
128  name: mongodb-search
129  repo: quay.io/mongodb
130  version: 0.55.0
131versionUpgradeHook:
132  name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
133  version: 1.0.10
134
135HOOKS:
136MANIFEST:
137---
138# Source: mongodb-kubernetes/templates/database-roles.yaml
139apiVersion: v1
140kind: ServiceAccount
141metadata:
142  name: mongodb-kubernetes-appdb
143  namespace: mongodb
144---
145# Source: mongodb-kubernetes/templates/database-roles.yaml
146apiVersion: v1
147kind: ServiceAccount
148metadata:
149  name: mongodb-kubernetes-database-pods
150  namespace: mongodb
151---
152# Source: mongodb-kubernetes/templates/database-roles.yaml
153apiVersion: v1
154kind: ServiceAccount
155metadata:
156  name: mongodb-kubernetes-ops-manager
157  namespace: mongodb
158---
159# Source: mongodb-kubernetes/templates/operator-sa.yaml
160apiVersion: v1
161kind: ServiceAccount
162metadata:
163  name: mongodb-kubernetes-operator
164  namespace: mongodb
165---
166# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
167kind: ClusterRole
168apiVersion: rbac.authorization.k8s.io/v1
169metadata:
170  name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
171rules:
172  - apiGroups:
173      - mongodb.com
174    verbs:
175      - '*'
176    resources:
177      - clustermongodbroles
178---
179# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
180# Additional ClusterRole for clusterVersionDetection
181kind: ClusterRole
182apiVersion: rbac.authorization.k8s.io/v1
183metadata:
184  name: mongodb-kubernetes-operator-cluster-telemetry
185rules:
186  # Non-resource URL permissions
187  - nonResourceURLs:
188      - "/version"
189    verbs:
190      - get
191  # Cluster-scoped resource permissions
192  - apiGroups:
193      - ''
194    resources:
195      - namespaces
196    resourceNames:
197      - kube-system
198    verbs:
199      - get
200  - apiGroups:
201      - ''
202    resources:
203      - nodes
204    verbs:
205      - list
206---
207# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
208kind: ClusterRole
209apiVersion: rbac.authorization.k8s.io/v1
210metadata:
211  name: mongodb-kubernetes-operator-mongodb-webhook-cr
212rules:
213  - apiGroups:
214      - "admissionregistration.k8s.io"
215    resources:
216      - validatingwebhookconfigurations
217    verbs:
218      - get
219      - create
220      - update
221      - delete
222  - apiGroups:
223      - ""
224    resources:
225      - services
226    verbs:
227      - get
228      - list
229      - watch
230      - create
231      - update
232      - delete
233---
234# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
235kind: ClusterRoleBinding
236apiVersion: rbac.authorization.k8s.io/v1
237metadata:
238  name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding
239roleRef:
240  apiGroup: rbac.authorization.k8s.io
241  kind: ClusterRole
242  name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
243subjects:
244  - kind: ServiceAccount
245    name: mongodb-kubernetes-operator
246    namespace: mongodb
247---
248# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
249# ClusterRoleBinding for clusterVersionDetection
250kind: ClusterRoleBinding
251apiVersion: rbac.authorization.k8s.io/v1
252metadata:
253  name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding
254roleRef:
255  apiGroup: rbac.authorization.k8s.io
256  kind: ClusterRole
257  name: mongodb-kubernetes-operator-cluster-telemetry
258subjects:
259  - kind: ServiceAccount
260    name: mongodb-kubernetes-operator
261    namespace: mongodb
262---
263# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
264kind: ClusterRoleBinding
265apiVersion: rbac.authorization.k8s.io/v1
266metadata:
267  name: mongodb-kubernetes-operator-mongodb-webhook-crb
268roleRef:
269  apiGroup: rbac.authorization.k8s.io
270  kind: ClusterRole
271  name: mongodb-kubernetes-operator-mongodb-webhook-cr
272subjects:
273  - kind: ServiceAccount
274    name: mongodb-kubernetes-operator
275    namespace: mongodb
276---
277# Source: mongodb-kubernetes/templates/database-roles.yaml
278kind: Role
279apiVersion: rbac.authorization.k8s.io/v1
280metadata:
281  name: mongodb-kubernetes-appdb
282  namespace: mongodb
283rules:
284  - apiGroups:
285      - ''
286    resources:
287      - secrets
288    verbs:
289      - get
290  - apiGroups:
291      - ''
292    resources:
293      - pods
294    verbs:
295      - patch
296      - delete
297      - get
298---
299# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
300kind: Role
301apiVersion: rbac.authorization.k8s.io/v1
302metadata:
303  name: mongodb-kubernetes-operator
304  namespace: mongodb
305rules:
306  - apiGroups:
307      - ''
308    resources:
309      - services
310    verbs:
311      - get
312      - list
313      - watch
314      - create
315      - update
316      - delete
317  - apiGroups:
318      - ''
319    resources:
320      - secrets
321      - configmaps
322    verbs:
323      - get
324      - list
325      - create
326      - update
327      - delete
328      - watch
329  - apiGroups:
330      - apps
331    resources:
332      - statefulsets
333    verbs:
334      - create
335      - get
336      - list
337      - watch
338      - delete
339      - update
340  - apiGroups:
341      - ''
342    resources:
343      - pods
344    verbs:
345      - get
346      - list
347      - watch
348      - delete
349      - deletecollection
350  - apiGroups:
351      - mongodbcommunity.mongodb.com
352    resources:
353      - mongodbcommunity
354      - mongodbcommunity/status
355      - mongodbcommunity/spec
356      - mongodbcommunity/finalizers
357    verbs:
358      - '*'
359  - apiGroups:
360      - mongodb.com
361    verbs:
362      - '*'
363    resources:
364      - mongodb
365      - mongodb/finalizers
366      - mongodbusers
367      - mongodbusers/finalizers
368      - opsmanagers
369      - opsmanagers/finalizers
370      - mongodbmulticluster
371      - mongodbmulticluster/finalizers
372      - mongodbsearch
373      - mongodbsearch/finalizers
374      - mongodb/status
375      - mongodbusers/status
376      - opsmanagers/status
377      - mongodbmulticluster/status
378      - mongodbsearch/status
379---
380# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
381kind: Role
382apiVersion: rbac.authorization.k8s.io/v1
383metadata:
384  name: mongodb-kubernetes-operator-pvc-resize
385  namespace: mongodb
386rules:
387  - apiGroups:
388      - ''
389    resources:
390      - persistentvolumeclaims
391    verbs:
392      - get
393      - delete
394      - list
395      - watch
396      - patch
397      - update
398---
399# Source: mongodb-kubernetes/templates/database-roles.yaml
400kind: RoleBinding
401apiVersion: rbac.authorization.k8s.io/v1
402metadata:
403  name: mongodb-kubernetes-appdb
404  namespace: mongodb
405roleRef:
406  apiGroup: rbac.authorization.k8s.io
407  kind: Role
408  name: mongodb-kubernetes-appdb
409subjects:
410  - kind: ServiceAccount
411    name: mongodb-kubernetes-appdb
412    namespace: mongodb
413---
414# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
415kind: RoleBinding
416apiVersion: rbac.authorization.k8s.io/v1
417metadata:
418  name: mongodb-kubernetes-operator
419  namespace: mongodb
420roleRef:
421  apiGroup: rbac.authorization.k8s.io
422  kind: Role
423  name: mongodb-kubernetes-operator
424subjects:
425  - kind: ServiceAccount
426    name: mongodb-kubernetes-operator
427    namespace: mongodb
428---
429# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
430kind: RoleBinding
431apiVersion: rbac.authorization.k8s.io/v1
432metadata:
433  name: mongodb-kubernetes-operator-pvc-resize-binding
434  namespace: mongodb
435roleRef:
436  apiGroup: rbac.authorization.k8s.io
437  kind: Role
438  name: mongodb-kubernetes-operator-pvc-resize
439subjects:
440  - kind: ServiceAccount
441    name: mongodb-kubernetes-operator
442    namespace: mongodb
443---
444# Source: mongodb-kubernetes/templates/operator.yaml
445apiVersion: apps/v1
446kind: Deployment
447metadata:
448  name: mongodb-kubernetes-operator
449  namespace: mongodb
450spec:
451  replicas: 1
452  selector:
453    matchLabels:
454      app.kubernetes.io/component: controller
455      app.kubernetes.io/name: mongodb-kubernetes-operator
456      app.kubernetes.io/instance: mongodb-kubernetes-operator
457  template:
458    metadata:
459      labels:
460        app.kubernetes.io/component: controller
461        app.kubernetes.io/name: mongodb-kubernetes-operator
462        app.kubernetes.io/instance: mongodb-kubernetes-operator
463    spec:
464      serviceAccountName: mongodb-kubernetes-operator
465      securityContext:
466        runAsNonRoot: true
467        runAsUser: 2000
468      containers:
469        - name: mongodb-kubernetes-operator
470          image: "quay.io/mongodb/mongodb-kubernetes:1.6.1"
471          imagePullPolicy: Always
472          args:
473            - -watch-resource=mongodb
474            - -watch-resource=opsmanagers
475            - -watch-resource=mongodbusers
476            - -watch-resource=mongodbcommunity
477            - -watch-resource=mongodbsearch
478            - -watch-resource=clustermongodbroles
479          command:
480            - /usr/local/bin/mongodb-kubernetes-operator
481          resources:
482            limits:
483              cpu: 1100m
484              memory: 1Gi
485            requests:
486              cpu: 500m
487              memory: 200Mi
488          env:
489            - name: OPERATOR_ENV
490              value: prod
491            - name: MDB_DEFAULT_ARCHITECTURE
492              value: non-static
493            - name: NAMESPACE
494              valueFrom:
495                fieldRef:
496                  fieldPath: metadata.namespace
497            - name: WATCH_NAMESPACE
498              valueFrom:
499                fieldRef:
500                  fieldPath: metadata.namespace
501            - name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY
502              value: "1h"
503            - name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY
504              value: "168h"
505            - name: CLUSTER_CLIENT_TIMEOUT
506              value: "10"
507            - name: IMAGE_PULL_POLICY
508              value: Always
509            # Database
510            - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
511              value: quay.io/mongodb/mongodb-kubernetes-database
512            - name: INIT_DATABASE_IMAGE_REPOSITORY
513              value: quay.io/mongodb/mongodb-kubernetes-init-database
514            - name: INIT_DATABASE_VERSION
515              value: "1.6.1"
516            - name: DATABASE_VERSION
517              value: "1.6.1"
518            # Ops Manager
519            - name: OPS_MANAGER_IMAGE_REPOSITORY
520              value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
521            - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
522              value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager
523            - name: INIT_OPS_MANAGER_VERSION
524              value: "1.6.1"
525            # AppDB
526            - name: INIT_APPDB_IMAGE_REPOSITORY
527              value: quay.io/mongodb/mongodb-kubernetes-init-appdb
528            - name: INIT_APPDB_VERSION
529              value: "1.6.1"
530            - name: OPS_MANAGER_IMAGE_PULL_POLICY
531              value: Always
532            - name: AGENT_IMAGE
533              value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1"
534            - name: MDB_AGENT_IMAGE_REPOSITORY
535              value: "quay.io/mongodb/mongodb-agent"
536            - name: MONGODB_IMAGE
537              value: mongodb-enterprise-server
538            - name: MONGODB_REPO_URL
539              value: quay.io/mongodb
540            - name: PERFORM_FAILOVER
541              value: 'true'
542            - name: MDB_MAX_CONCURRENT_RECONCILES
543              value: "1"
544            - name: POD_NAME
545              valueFrom:
546                fieldRef:
547                  fieldPath: metadata.name
548            - name: OPERATOR_NAME
549              value: mongodb-kubernetes-operator
550            # Community Env Vars Start
551            - name: MDB_COMMUNITY_AGENT_IMAGE
552              value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1"
553            - name: VERSION_UPGRADE_HOOK_IMAGE
554              value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.10"
555            - name: READINESS_PROBE_IMAGE
556              value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.23"
557            - name: MDB_COMMUNITY_IMAGE
558              value: "mongodb-community-server"
559            - name: MDB_COMMUNITY_REPO_URL
560              value: "quay.io/mongodb"
561            - name: MDB_COMMUNITY_IMAGE_TYPE
562              value: "ubi8"
563            # Community Env Vars End
564            - name: MDB_SEARCH_REPO_URL
565              value: "quay.io/mongodb"
566            - name: MDB_SEARCH_NAME
567              value: "mongodb-search"
568            - name: MDB_SEARCH_VERSION
569              value: "0.55.0"
4

조건부. 을(를) cert-manager 설치합니다.

TLS 인증서를 관리하려면 이(가) 필요합니다.cert-manager cert-manager 클러스터 에 이(가) 이미 설치되어 있는 경우 이 단계를 건너뛰세요. 그렇지 않으면 cert-manager Helm을 사용하여 를 설치합니다.

cert-manager 네임스페이스 에 cert-manager 를 설치하려면 터미널에서 다음 명령을 실행 .

1helm upgrade --install \
2  cert-manager \
3  oci://quay.io/jetstack/charts/cert-manager \
4  --kube-context "${K8S_CTX}" \
5  --namespace "${CERT_MANAGER_NAMESPACE}" \
6  --create-namespace \
7  --set crds.enabled=true
8
9for deployment in cert-manager cert-manager-cainjector cert-manager-webhook; do
10  kubectl --context "${K8S_CTX}" \
11    -n "${CERT_MANAGER_NAMESPACE}" \
12    wait --for=condition=Available "deployment/${deployment}" --timeout=300s
13done
14
15echo "cert-manager is ready in namespace ${CERT_MANAGER_NAMESPACE}."
5

필수입니다. 인증서 발급자 및 CA 인프라를 준비합니다.

및 리소스에 대한 TLS 인증서를 발급할 인증 기관 인프라를 MongoDB MongoDBSearch 생성합니다. 이 명령은 다음 조치를 수행합니다.

  • 자체 서명된 ClusterIssuer을 만듭니다.

  • CA 인증서를 생성합니다.

  • 모든 네임스페이스가 사용할 수 있는 클러스터 전체 CA 발급자를 게시합니다.

  • MongoDB 리소스가 사용할 수 있도록 ConfigMap 를 통해 CA 번들을 노출합니다.

1# Bootstrap a self-signed ClusterIssuer to mint the CA secret consumed by application workloads.
2kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
3apiVersion: cert-manager.io/v1
4kind: ClusterIssuer
5metadata:
6  name: ${MDB_TLS_SELF_SIGNED_ISSUER}
7spec:
8  selfSigned: {}
9EOF_MANIFEST
10
11kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_SELF_SIGNED_ISSUER}"
12
13kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
14apiVersion: cert-manager.io/v1
15kind: Certificate
16metadata:
17  name: ${MDB_TLS_CA_CERT_NAME}
18  namespace: ${CERT_MANAGER_NAMESPACE}
19spec:
20  isCA: true
21  commonName: ${MDB_TLS_CA_CERT_NAME}
22  secretName: ${MDB_TLS_CA_SECRET_NAME}
23  privateKey:
24    algorithm: ECDSA
25    size: 256
26  issuerRef:
27    name: ${MDB_TLS_SELF_SIGNED_ISSUER}
28    kind: ClusterIssuer
29EOF_MANIFEST
30
31kubectl --context "${K8S_CTX}" wait --for=condition=Ready -n "${CERT_MANAGER_NAMESPACE}" certificate "${MDB_TLS_CA_CERT_NAME}"
32
33kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
34apiVersion: cert-manager.io/v1
35kind: ClusterIssuer
36metadata:
37  name: ${MDB_TLS_CA_ISSUER}
38spec:
39  ca:
40    secretName: ${MDB_TLS_CA_SECRET_NAME}
41EOF_MANIFEST
42
43kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_CA_ISSUER}"
44
45TMP_CA_CERT="$(mktemp)"
46trap 'rm -f "${TMP_CA_CERT}"' EXIT
47
48kubectl --context "${K8S_CTX}" get secret "${MDB_TLS_CA_SECRET_NAME}" -n "${CERT_MANAGER_NAMESPACE}" -o jsonpath="{.data['ca\\.crt']}" | base64 --decode > "${TMP_CA_CERT}"
49
50kubectl --context "${K8S_CTX}" create configmap "${MDB_TLS_CA_CONFIGMAP}" -n "${MDB_NS}" \
51  --from-file=ca-pem="${TMP_CA_CERT}" --from-file=mms-ca.crt="${TMP_CA_CERT}" \
52  --from-file=ca.crt="${TMP_CA_CERT}" \
53  --dry-run=client -o yaml | kubectl --context "${K8S_CTX}" apply -f -
6

필수입니다. TLS 인증서를 발급합니다.

MongoDB 서버 (${MDB_RESOURCE_NAME}-server-tls)와 MongoDBSearch 서비스 (${MDB_RESOURCE_NAME}-search-tls) 모두에 대해 TLS 인증서를 발급합니다. MongoDB 서버 인증서에는 포드 및 서비스 통신에 필요한 모든 DNS 이름이 포함되어 있습니다. 두 인증서 모두 서버 및 클라이언트 인증 지원 .

1server_certificate="${MDB_RESOURCE_NAME}-server-tls"
2search_certificate="${MDB_RESOURCE_NAME}-search-tls"
3
4mongo_dns_names=()
5for ((member = 0; member < MDB_MEMBERS; member++)); do
6  mongo_dns_names+=("${MDB_RESOURCE_NAME}-${member}")
7  mongo_dns_names+=("${MDB_RESOURCE_NAME}-${member}.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local")
8done
9mongo_dns_names+=(
10  "${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local"
11  "*.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local"
12)
13
14search_dns_names=(
15  "${MDB_RESOURCE_NAME}-search-svc.${MDB_NS}.svc.cluster.local"
16)
17
18render_dns_list() {
19  local dns_list=("$@")
20  for dns in "${dns_list[@]}"; do
21    printf "      - \"%s\"\n" "${dns}"
22  done
23}
24
25kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF_MANIFEST
26apiVersion: cert-manager.io/v1
27kind: Certificate
28metadata:
29  name: ${server_certificate}
30  namespace: ${MDB_NS}
31spec:
32  secretName: ${MDB_TLS_SERVER_CERT_SECRET_NAME}
33  issuerRef:
34    name: ${MDB_TLS_CA_ISSUER}
35    kind: ClusterIssuer
36  duration: 240h0m0s
37  renewBefore: 120h0m0s
38  usages:
39    - digital signature
40    - key encipherment
41    - server auth
42    - client auth
43  dnsNames:
44$(render_dns_list "${mongo_dns_names[@]}")
45---
46apiVersion: cert-manager.io/v1
47kind: Certificate
48metadata:
49  name: ${search_certificate}
50  namespace: ${MDB_NS}
51spec:
52  secretName: ${MDB_SEARCH_TLS_SECRET_NAME}
53  issuerRef:
54    name: ${MDB_TLS_CA_ISSUER}
55    kind: ClusterIssuer
56  duration: 240h0m0s
57  renewBefore: 120h0m0s
58  usages:
59    - digital signature
60    - key encipherment
61    - server auth
62    - client auth
63  dnsNames:
64$(render_dns_list "${search_dns_names[@]}")
65EOF_MANIFEST
66
67kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${server_certificate}" --timeout=300s
68kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${search_certificate}" --timeout=300s
7

조건부. MongoDB 엔터프라이즈 리소스 만들고 배포 .

이미 MongoDB 엔터프라이즈 배포한 경우 다음 단계로 건너뜁니다. 그렇지 않으면 MongoDB 엔터프라이즈 리소스 배포 .

MongoDB 엔터프라이즈 배포 하려면 다음 단계를 완료하세요.

  1. MongoDB Ops Manager 사용하는 경우 MongoDB Ops Manager 프로젝트 대한 ConfigMap 및 시크릿을 생성합니다.

    MongoDB Ops Manager 통합을 위한 구성 및 자격 증명 저장 하려면 다음 명령을 복사하여 붙여넣고 실행.

    1kubectl --context "${K8S_CTX}" -n "${MDB_NS}" create configmap om-project \
    2  --from-literal=projectName="${OPS_MANAGER_PROJECT_NAME}" --from-literal=baseUrl="${OPS_MANAGER_API_URL}" \
    3  --from-literal=orgId="${OPS_MANAGER_ORG_ID:-}"
    4
    5kubectl --context "${K8S_CTX}" -n "${MDB_NS}" create secret generic om-credentials \
    6  --from-literal=publicKey="${OPS_MANAGER_API_USER}" \
    7  --from-literal=privateKey="${OPS_MANAGER_API_KEY}"

  2. mdb-rs(이)라는 MongoDB 사용자 지정 리소스 만듭니다.

    리소스 mongodmongodb-agent 컨테이너의 CPU 및 메모리 리소스를 정의하고 Kubernetes Operator에게 3 멤버로 MongoDB 복제본 세트 구성하도록 지시합니다.

    MongoDB 엔터프라이즈 배포 하려면 네임스페이스 에서 다음을 복사하여 붙여넣고 실행 .

    1kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
    2apiVersion: mongodb.com/v1
    3kind: MongoDB
    4metadata:
    5  name: ${MDB_RESOURCE_NAME}
    6spec:
    7  members: ${MDB_MEMBERS}
    8  version: ${MDB_VERSION}
    9  type: ReplicaSet
    10  opsManager:
    11    configMapRef:
    12      name: om-project
    13  credentials: om-credentials
    14  security:
    15    authentication:
    16      enabled: true
    17      ignoreUnknownUsers: true
    18      modes:
    19      - SCRAM
    20    certsSecretPrefix: ${MDB_TLS_CERT_SECRET_PREFIX}
    21    tls:
    22      enabled: true
    23      ca: ${MDB_TLS_CA_CONFIGMAP}
    24  agent:
    25    logLevel: INFO
    26  podSpec:
    27    podTemplate:
    28      spec:
    29        containers:
    30        - name: mongodb-enterprise-database
    31          resources:
    32            limits:
    33              cpu: "2"
    34              memory: 2Gi
    35            requests:
    36              cpu: "1"
    37              memory: 1Gi
    38EOF

  3. MongoDB 리소스 배포서버 완료될 때까지 기다립니다.

    MongoDB 사용자 지정 리소스 적용 Kubernetes 연산자 MongoDB 노드(포드) 배포를 시작합니다. 이 단계에서는 mdbc-rs 리소스의 상태 단계가 Running가 되어 MongoDB Community 복제본 세트 작동 가능함을 나타낼 때까지 실행을 일시 중지합니다.

    1echo "Waiting for MongoDB resource to reach Running phase..."
    2kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running "mdb/${MDB_RESOURCE_NAME}" --timeout=400s
    3echo; echo "MongoDB resource"
    4kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get "mdb/${MDB_RESOURCE_NAME}"
    5echo; echo "Pods running in cluster ${K8S_CTX}"
    6kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods
    1Waiting for MongoDB resource to reach Running phase...
    2mongodb.mongodb.mongodb.com/mdbc-rs condition met
    3
    4MongoDB resource
    5NAME      PHASE     VERSION
    6mdbc-rs   Running   8.2
    7
    8Pods running in cluster minikube
    9NAME                                           READY   STATUS    RESTARTS   AGE
    10mdbc-rs-0                                      2/2     Running   0          2m30s
    11mdbc-rs-1                                      2/2     Running   0          82s
    12mdbc-rs-2                                      2/2     Running   0          38s
    13mongodb-kubernetes-operator-5776c8b4df-cppnf   1/1     Running   0          7m37s
8

필수입니다. MongoDB 사용자 시크릿을 생성하고 로드합니다.

MongoDB 보안 액세스 위해 인증 필요합니다. 이 단계에서는 세 개의 Kubernetes 시크릿을 생성합니다.

  • mdb-admin-user-password: MongoDB 관리자의 자격 증명입니다.

  • mdb-user-password: 검색 쿼리를 수행할 수 있는 권한이 있는 사용자의 자격 증명입니다.

  • mdbc-rs-search-sync-source-password: mongot 프로세스 에서 데이터를 동기화하고 인덱스를 관리 위해 내부적으로 사용하는 검색 전용 사용자에 대한 자격 증명입니다.

Kubernetes Operator는 이러한 시크릿을 MongoDB pod에 마운트합니다.

시크릿을 생성하려면 MongoDB Server 배포하고 MongoDB Search 및 Vector Search를 배포 하려는 네임스페이스 에 다음을 복사하여 붙여넣은 후 실행 .

1# admin user with root role
2kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
3  create secret generic mdb-admin-user-password \
4  --from-literal=password="${MDB_ADMIN_USER_PASSWORD}"
5
6kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
7apiVersion: mongodb.com/v1
8kind: MongoDBUser
9metadata:
10  name: mdb-admin
11spec:
12  username: mdb-admin
13  db: admin
14  mongodbResourceRef:
15    name: ${MDB_RESOURCE_NAME}
16  passwordSecretKeyRef:
17    name: mdb-admin-user-password
18    key: password
19  roles:
20  - name: root
21    db: admin
22EOF
23
24# user used by MongoDB Search to connect to MongoDB database to synchronize data from
25# For MongoDB <8.2, the operator will be creating the searchCoordinator custom role automatically
26# From MongoDB 8.2, searchCoordinator role will be a built-in role.
27kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
28  create secret generic "${MDB_RESOURCE_NAME}-search-sync-source-password" \
29  --from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}"
30kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
31apiVersion: mongodb.com/v1
32kind: MongoDBUser
33metadata:
34  name: search-sync-source-user
35spec:
36  username: search-sync-source
37  db: admin
38  mongodbResourceRef:
39    name: ${MDB_RESOURCE_NAME}
40  passwordSecretKeyRef:
41    name: ${MDB_RESOURCE_NAME}-search-sync-source-password
42    key: password
43  roles:
44  - name: searchCoordinator
45    db: admin
46EOF
47
48# user performing search queries
49kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
50  create secret generic mdb-user-password \
51  --from-literal=password="${MDB_USER_PASSWORD}"
52kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
53apiVersion: mongodb.com/v1
54kind: MongoDBUser
55metadata:
56  name: mdb-user
57spec:
58  username: mdb-user
59  db: admin
60  mongodbResourceRef:
61    name: ${MDB_RESOURCE_NAME}
62  passwordSecretKeyRef:
63    name: mdb-user-password
64    key: password
65  roles:
66  - name: readWrite
67    db: sample_mflix
68EOF
1secret/mdb-admin-user-password created
2secret/mdbc-rs-search-sync-source-password created
3secret/mdb-user-password created
9

필수입니다. MongoDB Search 및 Vector Search를 위한 리소스 생성하고 배포 .

로드 밸런싱 없이 검색 노드 의 인스턴스 하나를 배포 할 수 있습니다. 배포 하려면 다음 단계를 완료하세요.

  1. mdbc-rs이라는 이름의 MongoDBSearch 사용자 지정 리소스 만듭니다.

    이 리소스 검색 노드에 대한 CPU 및 메모리 리소스 요구 사항을 지정합니다. 이 사용자 지정 리소스의 설정에 대해 자세히 학습하려면 MongoDB 검색 및 벡터 검색 설정을 참조하세요.

    1kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
    2apiVersion: mongodb.com/v1
    3kind: MongoDBSearch
    4metadata:
    5  name: ${MDB_RESOURCE_NAME}
    6spec:
    7  # no need to specify source.mongodbResourceRef if MongoDBSearch CR has the same name as MongoDB CR
    8  # the operator infer it automatically
    9  security:
    10    tls:
    11      certificateKeySecretRef:
    12        name: ${MDB_SEARCH_TLS_SECRET_NAME}
    13  resourceRequirements:
    14    limits:
    15      cpu: "3"
    16      memory: 5Gi
    17    requests:
    18      cpu: "2"
    19      memory: 3Gi
    20EOF

  2. MongoDBSearch 리소스 배포서버 완료될 때까지 기다립니다.

    MongoDBSearch 사용자 지정 리소스 적용 하면 Kubernetes 연산자 검색 노드(pod) 배포를 시작합니다. 이 단계에서는 mdbc-rs 리소스의 상태 단계가 Running이 되어 MongoDB Community 복제본 세트 작동 가능함을 나타낼 때까지 실행을 일시 중지합니다.

    1echo "Waiting for MongoDBSearch resource to reach Running phase..."
    2kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running "mdbs/${MDB_RESOURCE_NAME}" --timeout=300s
10

선택 사항. MongoDB Enterprise 리소스 상태를 확인합니다.

MongoDBSearch를 사용한 MongoDB 리소스 배포서버 성공적인 했는지 확인합니다.

1echo "Waiting for MongoDB resource to reach Running phase..."
2kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running "mdb/${MDB_RESOURCE_NAME}" --timeout=400s
11

선택 사항. 네임스페이스 에서 실행 모든 파드를 확인합니다.

네임스페이스 파드에서 MongoDB 복제본 세트 멤버, Kubernetes Operator용 MongoDB 컨트롤러 및 검색 노드에 대해 실행 모든 파드를 확인합니다.

1echo; echo "MongoDB resource"
2kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get "mdb/${MDB_RESOURCE_NAME}"
3echo; echo "MongoDBSearch resource"
4kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get "mdbs/${MDB_RESOURCE_NAME}"
5echo; echo "Pods running in cluster ${K8S_CTX}"
6kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods
1MongoDB resource
2NAME     PHASE     VERSION     TYPE         AGE
3mdb-rs   Running   8.2.0-ent   ReplicaSet   6m19s
4
5MongoDBSearch resource
6NAME     PHASE     VERSION   AGE
7mdb-rs   Running   0.55.0    3m39s
8
9Pods running in cluster kind-kind
10NAME                                           READY   STATUS    RESTARTS        AGE
11mdb-rs-0                                       1/1     Running   0               6m17s
12mdb-rs-1                                       1/1     Running   0               5m24s
13mdb-rs-2                                       1/1     Running   0               4m44s
14mdb-rs-search-0                                1/1     Running   3 (2m58s ago)   3m39s
15mongodb-kubernetes-operator-7bd6cdd889-9p7cx   1/1     Running   0               6m37s

다음 단계

이제 MongoDB 엔터프라이즈 와 함께 사용할 MongoDB Search 및 Vector Search를 성공적으로 배포했으므로, MongoDB cluster 에 데이터를 추가하고, MongoDB Search 및 Vector Search 인덱스를 생성하고, 데이터에 대해 쿼리를 실행 . 자세한 학습은 MongoDB 검색 및 벡터 검색 설정을 참조하세요.

이 페이지의 내용