MongoDB 엔터프라이즈 Edition으로 검색 설치 및 사용

Kubernetes 연산자 사용한 MongoDB Search 및 MongoDB Vector Search 배포 지원은 미리보기 기능 으로 제공됩니다. 기능 및 해당 설명서는 미리 보기 기간에 언제든지 변경될 수 있습니다. 자세히 학습 미리보기 기능 을 참조하세요.

Kubernetes Operator를 사용하여 MongoDB Search 및 Vector Search 리소스를 배포 Kubernetes 클러스터 에서 MongoDB 엔터프라이즈 v8.0.10 이상으로 실행 수 있습니다. 이 절차에서는 Kubernetes 클러스터 의 새 복제본 세트 또는 기존 복제본 세트 로 실행 mongot 프로세스 배포 하고 구성하는 방법을 보여 줍니다.

전제 조건

MongoDB Search 및 Vector Search를 배포 하려면 다음이 필요합니다.

로컬에서 사용할 수 있는 kubeconfig 가 포함 실행 Kubernetes 클러스터 입니다.
Kubernetes 명령줄 도구인 kubectl이(가) 클러스터 와 통신하도록 구성되었습니다.
Kubernetes 용 패키지 관리자인Helm을 사용하여 Kubernetes Operator를 설치합니다.
이 튜토리얼의 명령을 실행 하려면 Bash v5.1 이상을 사용해야 합니다.
MongoDB Ops Manager 또는 MongoDB Cloud Manager 프로젝트 및 API 자격 증명.

절차

필수 사항입니다. 환경 변수를 설정합니다.

이 절차의 후속 단계에서 사용할 환경 변수를 설정하다 하려면 다음을 복사하고 환경 변수의 값을 설정하다 다음 환경 변수를 로드합니다.

1 # set it to the context name of the k8s cluster
2 export K8S_CTX="<local cluster context>"
3 
4 # the following namespace will be created if not exists
5 export MDB_NS="mongodb"
6 
7 # name of the MongoDB Custom Resource.
8 export MDB_RESOURCE_NAME="mdb-rs"
9 
10 # OM/CM's project name to be used to manage mongodb replica set
11 export OPS_MANAGER_PROJECT_NAME="<arbitrary project name>"
12 
13 # URL to Cloud Manager or Ops Manager instance
14 export OPS_MANAGER_API_URL="https://cloud-qa.mongodb.com"
15 
16 # The API key can be an Org Owner - the operator can create the project automatically then.
17 # The API key can also be created in a particular project that was created manually with the Project Owner scope .
18 export OPS_MANAGER_API_USER="abcdefg"
19 export OPS_MANAGER_API_KEY="00000-abcd-efgh-1111-12345678"
20 export OPS_MANAGER_ORG_ID="62a73abcdefgh12345678"
21 
22 # minimum required MongoDB version for running MongoDB Search is 8.0.10
23 export MDB_VERSION="8.0.10"
24 
25 # root admin user for convenience, not used here at all in this guide
26 export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
27 # regular user performing restore and search queries on sample mflix database
28 export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
29 # user for MongoDB Search to connect to the replica set to synchronise data from
30 export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
31 
32 export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
33 # comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator
34 export OPERATOR_ADDITIONAL_HELM_VALUES=""
35 
36 export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=${MDB_RESOURCE_NAME}"

조건부. MongoDB Helm 리포지토리 추가합니다.

Helm은 Kubernetes 에서 MongoDB 인스턴스의 배포서버 및 관리 자동화합니다. Kubernetes Operator 연산자 설치를 위한 Helm 차트 포함된 Helm 리포지토리 이미 추가한 경우 이 단계를 건너뛰세요. 그렇지 않으면 Helm 리포지토리 추가합니다.

다음 명령을 추가, 복사, 붙여넣기 및 실행 하려면 다음을 수행하세요.

1 helm repo add mongodb https://mongodb.github.io/helm-charts
2 helm repo update mongodb
3 helm search repo mongodb/mongodb-kubernetes

1 "mongodb" already exists with the same configuration, skipping
2 Hang tight while we grab the latest from your chart repositories...
3 ...Successfully got an update from the "mongodb" chart repository
4 Update Complete. ⎈Happy Helming!⎈
5 NAME                      	CHART VERSION	APP VERSION	DESCRIPTION                                       
6 mongodb/mongodb-kubernetes	1.3.0        	           	MongoDB Controllers for Kubernetes translate th...

조건부. Kubernetes Operator용 MongoDB 컨트롤러를 설치합니다.

Kubernetes Operator는 MongoDB, MongoDBOpsManager 및 MongoDBSearch 사용자 지정 리소스를 감시하고 MongoDB deployment의 수명 주기를 관리합니다. Kubernetes Operator용 MongoDB 컨트롤러를 이미 설치한 경우 이 단계를 건너뛰세요. 그렇지 않으면 이전 단계에서 추가한 Helm 리포지토리 에서 Kubernetes Operator용 MongoDB 컨트롤러를 설치합니다.

mongodb 네임스페이스 에 Kubernetes Operator용 MongoDB 컨트롤러를 설치하려면 다음을 복사하여 붙여넣고 실행 .

1 helm upgrade --install --debug --kube-context "${K8S_CTX}" \
2   --create-namespace \
3   --namespace="${MDB_NS}" \
4   mongodb-kubernetes \
5   ${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
6   "${OPERATOR_HELM_CHART}"

1 Release "mongodb-kubernetes" does not exist. Installing it now.
2 NAME: mongodb-kubernetes
3 LAST DEPLOYED: Tue Sep 16 14:11:48 2025
4 NAMESPACE: mongodb
5 STATUS: deployed
6 REVISION: 1
7 TEST SUITE: None
8 USER-SUPPLIED VALUES:
9 {}
10 
11 COMPUTED VALUES:
12 agent:
13   name: mongodb-agent
14   version: 108.0.12.8846-1
15 community:
16   agent:
17     name: mongodb-agent
18     version: 108.0.2.8729-1
19   mongodb:
20     imageType: ubi8
21     name: mongodb-community-server
22     repo: quay.io/mongodb
23   registry:
24     agent: quay.io/mongodb
25   resource:
26     members: 3
27     name: mongodb-replica-set
28     tls:
29       caCertificateSecretRef: tls-ca-key-pair
30       certManager:
31         certDuration: 8760h
32         renewCertBefore: 720h
33       certificateKeySecretRef: tls-certificate
34       enabled: false
35       sampleX509User: false
36       useCertManager: true
37       useX509: false
38     version: 4.4.0
39 database:
40   name: mongodb-kubernetes-database
41   version: 1.4.0
42 initAppDb:
43   name: mongodb-kubernetes-init-appdb
44   version: 1.4.0
45 initDatabase:
46   name: mongodb-kubernetes-init-database
47   version: 1.4.0
48 initOpsManager:
49   name: mongodb-kubernetes-init-ops-manager
50   version: 1.4.0
51 managedSecurityContext: false
52 mongodb:
53   appdbAssumeOldFormat: false
54   imageType: ubi8
55   name: mongodb-enterprise-server
56   repo: quay.io/mongodb
57 multiCluster:
58   clusterClientTimeout: 10
59   clusters: []
60   kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
61   performFailOver: true
62 operator:
63   additionalArguments: []
64   affinity: {}
65   baseName: mongodb-kubernetes
66   createOperatorServiceAccount: true
67   createResourcesServiceAccountsAndRoles: true
68   deployment_name: mongodb-kubernetes-operator
69   enableClusterMongoDBRoles: true
70   enablePVCResize: true
71   env: prod
72   maxConcurrentReconciles: 1
73   mdbDefaultArchitecture: non-static
74   name: mongodb-kubernetes-operator
75   nodeSelector: {}
76   operator_image_name: mongodb-kubernetes
77   replicas: 1
78   resources:
79     limits:
80       cpu: 1100m
81       memory: 1Gi
82     requests:
83       cpu: 500m
84       memory: 200Mi
85   telemetry:
86     collection:
87       clusters: {}
88       deployments: {}
89       frequency: 1h
90       operators: {}
91     send:
92       frequency: 168h
93   tolerations: []
94   vaultSecretBackend:
95     enabled: false
96     tlsSecretRef: ""
97   version: 1.4.0
98   watchedResources:
99   - mongodb
100   - opsmanagers
101   - mongodbusers
102   - mongodbcommunity
103   - mongodbsearch
104   webhook:
105     installClusterRole: true
106     registerConfiguration: true
107 opsManager:
108   name: mongodb-enterprise-ops-manager-ubi
109 readinessProbe:
110   name: mongodb-kubernetes-readinessprobe
111   version: 1.0.22
112 registry:
113   agent: quay.io/mongodb
114   database: quay.io/mongodb
115   imagePullSecrets: null
116   initAppDb: quay.io/mongodb
117   initDatabase: quay.io/mongodb
118   initOpsManager: quay.io/mongodb
119   operator: quay.io/mongodb
120   opsManager: quay.io/mongodb
121   pullPolicy: Always
122   readinessProbe: quay.io/mongodb
123   versionUpgradeHook: quay.io/mongodb
124 search:
125   name: mongodb-search
126   repo: quay.io/mongodb
127   version: 0.53.1
128 versionUpgradeHook:
129   name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
130   version: 1.0.9
131 
132 HOOKS:
133 MANIFEST:
134 ---
135 # Source: mongodb-kubernetes/templates/database-roles.yaml
136 apiVersion: v1
137 kind: ServiceAccount
138 metadata:
139   name: mongodb-kubernetes-appdb
140   namespace: mongodb
141 ---
142 # Source: mongodb-kubernetes/templates/database-roles.yaml
143 apiVersion: v1
144 kind: ServiceAccount
145 metadata:
146   name: mongodb-kubernetes-database-pods
147   namespace: mongodb
148 ---
149 # Source: mongodb-kubernetes/templates/database-roles.yaml
150 apiVersion: v1
151 kind: ServiceAccount
152 metadata:
153   name: mongodb-kubernetes-ops-manager
154   namespace: mongodb
155 ---
156 # Source: mongodb-kubernetes/templates/operator-sa.yaml
157 apiVersion: v1
158 kind: ServiceAccount
159 metadata:
160   name: mongodb-kubernetes-operator
161   namespace: mongodb
162 ---
163 # Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
164 kind: ClusterRole
165 apiVersion: rbac.authorization.k8s.io/v1
166 metadata:
167   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
168 rules:
169   - apiGroups:
170       - mongodb.com
171     verbs:
172       - '*'
173     resources:
174       - clustermongodbroles
175 ---
176 # Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
177 # Additional ClusterRole for clusterVersionDetection
178 kind: ClusterRole
179 apiVersion: rbac.authorization.k8s.io/v1
180 metadata:
181   name: mongodb-kubernetes-operator-cluster-telemetry
182 rules:
183   # Non-resource URL permissions
184   - nonResourceURLs:
185       - "/version"
186     verbs:
187       - get
188   # Cluster-scoped resource permissions
189   - apiGroups:
190       - ''
191     resources:
192       - namespaces
193     resourceNames:
194       - kube-system
195     verbs:
196       - get
197   - apiGroups:
198       - ''
199     resources:
200       - nodes
201     verbs:
202       - list
203 ---
204 # Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
205 kind: ClusterRole
206 apiVersion: rbac.authorization.k8s.io/v1
207 metadata:
208   name: mongodb-kubernetes-operator-mongodb-webhook-cr
209 rules:
210   - apiGroups:
211       - "admissionregistration.k8s.io"
212     resources:
213       - validatingwebhookconfigurations
214     verbs:
215       - get
216       - create
217       - update
218       - delete
219   - apiGroups:
220       - ""
221     resources:
222       - services
223     verbs:
224       - get
225       - list
226       - watch
227       - create
228       - update
229       - delete
230 ---
231 # Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
232 kind: ClusterRoleBinding
233 apiVersion: rbac.authorization.k8s.io/v1
234 metadata:
235   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding
236 roleRef:
237   apiGroup: rbac.authorization.k8s.io
238   kind: ClusterRole
239   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
240 subjects:
241   - kind: ServiceAccount
242     name: mongodb-kubernetes-operator
243     namespace: mongodb
244 ---
245 # Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
246 # ClusterRoleBinding for clusterVersionDetection
247 kind: ClusterRoleBinding
248 apiVersion: rbac.authorization.k8s.io/v1
249 metadata:
250   name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding
251 roleRef:
252   apiGroup: rbac.authorization.k8s.io
253   kind: ClusterRole
254   name: mongodb-kubernetes-operator-cluster-telemetry
255 subjects:
256   - kind: ServiceAccount
257     name: mongodb-kubernetes-operator
258     namespace: mongodb
259 ---
260 # Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
261 kind: ClusterRoleBinding
262 apiVersion: rbac.authorization.k8s.io/v1
263 metadata:
264   name: mongodb-kubernetes-operator-mongodb-webhook-crb
265 roleRef:
266   apiGroup: rbac.authorization.k8s.io
267   kind: ClusterRole
268   name: mongodb-kubernetes-operator-mongodb-webhook-cr
269 subjects:
270   - kind: ServiceAccount
271     name: mongodb-kubernetes-operator
272     namespace: mongodb
273 ---
274 # Source: mongodb-kubernetes/templates/database-roles.yaml
275 kind: Role
276 apiVersion: rbac.authorization.k8s.io/v1
277 metadata:
278   name: mongodb-kubernetes-appdb
279   namespace: mongodb
280 rules:
281   - apiGroups:
282       - ''
283     resources:
284       - secrets
285     verbs:
286       - get
287   - apiGroups:
288       - ''
289     resources:
290       - pods
291     verbs:
292       - patch
293       - delete
294       - get
295 ---
296 # Source: mongodb-kubernetes/templates/operator-roles-base.yaml
297 kind: Role
298 apiVersion: rbac.authorization.k8s.io/v1
299 metadata:
300   name: mongodb-kubernetes-operator
301   namespace: mongodb
302 rules:
303   - apiGroups:
304       - ''
305     resources:
306       - services
307     verbs:
308       - get
309       - list
310       - watch
311       - create
312       - update
313       - delete
314   - apiGroups:
315       - ''
316     resources:
317       - secrets
318       - configmaps
319     verbs:
320       - get
321       - list
322       - create
323       - update
324       - delete
325       - watch
326   - apiGroups:
327       - apps
328     resources:
329       - statefulsets
330     verbs:
331       - create
332       - get
333       - list
334       - watch
335       - delete
336       - update
337   - apiGroups:
338       - ''
339     resources:
340       - pods
341     verbs:
342       - get
343       - list
344       - watch
345       - delete
346       - deletecollection
347   - apiGroups:
348       - mongodbcommunity.mongodb.com
349     resources:
350       - mongodbcommunity
351       - mongodbcommunity/status
352       - mongodbcommunity/spec
353       - mongodbcommunity/finalizers
354     verbs:
355       - '*'
356   - apiGroups:
357       - mongodb.com
358     verbs:
359       - '*'
360     resources:
361       - mongodb
362       - mongodb/finalizers
363       - mongodbusers
364       - mongodbusers/finalizers
365       - opsmanagers
366       - opsmanagers/finalizers
367       - mongodbmulticluster
368       - mongodbmulticluster/finalizers
369       - mongodbsearch
370       - mongodbsearch/finalizers
371       - mongodb/status
372       - mongodbusers/status
373       - opsmanagers/status
374       - mongodbmulticluster/status
375       - mongodbsearch/status
376 ---
377 # Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
378 kind: Role
379 apiVersion: rbac.authorization.k8s.io/v1
380 metadata:
381   name: mongodb-kubernetes-operator-pvc-resize
382   namespace: mongodb
383 rules:
384   - apiGroups:
385       - ''
386     resources:
387       - persistentvolumeclaims
388     verbs:
389       - get
390       - delete
391       - list
392       - watch
393       - patch
394       - update
395 ---
396 # Source: mongodb-kubernetes/templates/database-roles.yaml
397 kind: RoleBinding
398 apiVersion: rbac.authorization.k8s.io/v1
399 metadata:
400   name: mongodb-kubernetes-appdb
401   namespace: mongodb
402 roleRef:
403   apiGroup: rbac.authorization.k8s.io
404   kind: Role
405   name: mongodb-kubernetes-appdb
406 subjects:
407   - kind: ServiceAccount
408     name: mongodb-kubernetes-appdb
409     namespace: mongodb
410 ---
411 # Source: mongodb-kubernetes/templates/operator-roles-base.yaml
412 kind: RoleBinding
413 apiVersion: rbac.authorization.k8s.io/v1
414 metadata:
415   name: mongodb-kubernetes-operator
416   namespace: mongodb
417 roleRef:
418   apiGroup: rbac.authorization.k8s.io
419   kind: Role
420   name: mongodb-kubernetes-operator
421 subjects:
422   - kind: ServiceAccount
423     name: mongodb-kubernetes-operator
424     namespace: mongodb
425 ---
426 # Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
427 kind: RoleBinding
428 apiVersion: rbac.authorization.k8s.io/v1
429 metadata:
430   name: mongodb-kubernetes-operator-pvc-resize-binding
431   namespace: mongodb
432 roleRef:
433   apiGroup: rbac.authorization.k8s.io
434   kind: Role
435   name: mongodb-kubernetes-operator-pvc-resize
436 subjects:
437   - kind: ServiceAccount
438     name: mongodb-kubernetes-operator
439     namespace: mongodb
440 ---
441 # Source: mongodb-kubernetes/templates/operator.yaml
442 apiVersion: apps/v1
443 kind: Deployment
444 metadata:
445   name: mongodb-kubernetes-operator
446   namespace: mongodb
447 spec:
448   replicas: 1
449   selector:
450     matchLabels:
451       app.kubernetes.io/component: controller
452       app.kubernetes.io/name: mongodb-kubernetes-operator
453       app.kubernetes.io/instance: mongodb-kubernetes-operator
454   template:
455     metadata:
456       labels:
457         app.kubernetes.io/component: controller
458         app.kubernetes.io/name: mongodb-kubernetes-operator
459         app.kubernetes.io/instance: mongodb-kubernetes-operator
460     spec:
461       serviceAccountName: mongodb-kubernetes-operator
462       securityContext:
463         runAsNonRoot: true
464         runAsUser: 2000
465       containers:
466         - name: mongodb-kubernetes-operator
467           image: "quay.io/mongodb/mongodb-kubernetes:1.4.0"
468           imagePullPolicy: Always
469           args:
470             - -watch-resource=mongodb
471             - -watch-resource=opsmanagers
472             - -watch-resource=mongodbusers
473             - -watch-resource=mongodbcommunity
474             - -watch-resource=mongodbsearch
475             - -watch-resource=clustermongodbroles
476           command:
477             - /usr/local/bin/mongodb-kubernetes-operator
478           resources:
479             limits:
480               cpu: 1100m
481               memory: 1Gi
482             requests:
483               cpu: 500m
484               memory: 200Mi
485           env:
486             - name: OPERATOR_ENV
487               value: prod
488             - name: MDB_DEFAULT_ARCHITECTURE
489               value: non-static
490             - name: NAMESPACE
491               valueFrom:
492                 fieldRef:
493                   fieldPath: metadata.namespace
494             - name: WATCH_NAMESPACE
495               valueFrom:
496                 fieldRef:
497                   fieldPath: metadata.namespace
498             - name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY
499               value: "1h"
500             - name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY
501               value: "168h"
502             - name: CLUSTER_CLIENT_TIMEOUT
503               value: "10"
504             - name: IMAGE_PULL_POLICY
505               value: Always
506             # Database
507             - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
508               value: quay.io/mongodb/mongodb-kubernetes-database
509             - name: INIT_DATABASE_IMAGE_REPOSITORY
510               value: quay.io/mongodb/mongodb-kubernetes-init-database
511             - name: INIT_DATABASE_VERSION
512               value: 1.4.0
513             - name: DATABASE_VERSION
514               value: 1.4.0
515             # Ops Manager
516             - name: OPS_MANAGER_IMAGE_REPOSITORY
517               value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
518             - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
519               value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager
520             - name: INIT_OPS_MANAGER_VERSION
521               value: 1.4.0
522             # AppDB
523             - name: INIT_APPDB_IMAGE_REPOSITORY
524               value: quay.io/mongodb/mongodb-kubernetes-init-appdb
525             - name: INIT_APPDB_VERSION
526               value: 1.4.0
527             - name: OPS_MANAGER_IMAGE_PULL_POLICY
528               value: Always
529             - name: AGENT_IMAGE
530               value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1"
531             - name: MDB_AGENT_IMAGE_REPOSITORY
532               value: "quay.io/mongodb/mongodb-agent"
533             - name: MONGODB_IMAGE
534               value: mongodb-enterprise-server
535             - name: MONGODB_REPO_URL
536               value: quay.io/mongodb
537             - name: MDB_IMAGE_TYPE
538               value: ubi8
539             - name: PERFORM_FAILOVER
540               value: 'true'
541             - name: MDB_MAX_CONCURRENT_RECONCILES
542               value: "1"
543             - name: POD_NAME
544               valueFrom:
545                 fieldRef:
546                   fieldPath: metadata.name
547             - name: OPERATOR_NAME
548               value: mongodb-kubernetes-operator
549             # Community Env Vars Start
550             - name: MDB_COMMUNITY_AGENT_IMAGE
551               value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1"
552             - name: VERSION_UPGRADE_HOOK_IMAGE
553               value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9"
554             - name: READINESS_PROBE_IMAGE
555               value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22"
556             - name: MDB_COMMUNITY_IMAGE
557               value: "mongodb-community-server"
558             - name: MDB_COMMUNITY_REPO_URL
559               value: "quay.io/mongodb"
560             - name: MDB_COMMUNITY_IMAGE_TYPE
561               value: "ubi8"
562             # Community Env Vars End
563             - name: MDB_SEARCH_REPO_URL
564               value: "quay.io/mongodb"
565             - name: MDB_SEARCH_NAME
566               value: "mongodb-search"
567             - name: MDB_SEARCH_VERSION
568               value: "0.53.1"

조건부. MongoDB 엔터프라이즈 리소스 만들고 배포 .

이미 MongoDB 엔터프라이즈 배포한 경우 다음 단계로 건너뜁니다. 그렇지 않으면 MongoDB 엔터프라이즈 리소스 배포 .

MongoDB 엔터프라이즈 배포 하려면 다음 단계를 완료하세요.

mdb-rs(이)라는 MongoDB 사용자 지정 리소스 만듭니다.

리소스 mongod 및 mongodb-agent 컨테이너의 CPU 및 메모리 리소스를 정의하고 Kubernetes Operator에게 3 멤버로 MongoDB 복제본 세트 구성하도록 지시합니다.

MongoDB 엔터프라이즈 배포 하려면 네임스페이스 에서 다음을 복사하여 붙여넣고 실행 .

1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2 apiVersion: mongodb.com/v1
3 kind: MongoDB
4 metadata:
5   name: ${MDB_RESOURCE_NAME}
6 spec:
7   members: 3
8   version: ${MDB_VERSION}-ent
9   type: ReplicaSet
10   opsManager:
11     configMapRef:
12       name: om-project
13   credentials: om-credentials
14   security:
15     authentication:
16       enabled: true
17       ignoreUnknownUsers: true
18       modes:
19       - SCRAM
20   agent:
21     logLevel: DEBUG
22   statefulSet:
23     spec:
24       template:
25         spec:
26           containers:
27           - name: mongodb-enterprise-database
28             resources:
29               limits:
30                 cpu: "2"
31                 memory: 2Gi
32               requests:
33                 cpu: "1"
34                 memory: 1Gi
35 EOF

MongoDB 리소스 배포서버 완료될 때까지 기다립니다.

MongoDB 사용자 지정 리소스 적용 Kubernetes 연산자 MongoDB 노드(포드) 배포를 시작합니다. 이 단계에서는 mdbc-rs 리소스의 상태 단계가 Running가 되어 MongoDB Community 복제본 세트 작동 가능함을 나타낼 때까지 실행을 일시 중지합니다.

1 echo "Waiting for MongoDB resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running "mdb/${MDB_RESOURCE_NAME}" --timeout=400s
3 echo; echo "MongoDB resource"
4 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get "mdb/${MDB_RESOURCE_NAME}"
5 echo; echo "Pods running in cluster ${K8S_CTX}"
6 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1 Waiting for MongoDB resource to reach Running phase...
2 mongodb.mongodb.mongodb.com/mdbc-rs condition met
3 
4 MongoDB resource
5 NAME      PHASE     VERSION
6 mdbc-rs   Running   8.0.10
7 
8 Pods running in cluster minikube
9 NAME                                           READY   STATUS    RESTARTS   AGE
10 mdbc-rs-0                                      2/2     Running   0          2m30s
11 mdbc-rs-1                                      2/2     Running   0          82s
12 mdbc-rs-2                                      2/2     Running   0          38s
13 mongodb-kubernetes-operator-5776c8b4df-cppnf   1/1     Running   0          7m37s

필수입니다. MongoDB 사용자 시크릿을 생성하고 로드합니다.

MongoDB 보안 액세스 위해 인증 필요합니다. 이 단계에서는 세 개의 Kubernetes 시크릿을 생성합니다.

mdb-admin-user-password: MongoDB 관리자의 자격 증명입니다.
mdb-user-password: 검색 쿼리를 수행할 수 있는 권한이 있는 사용자의 자격 증명입니다.
mdbc-rs-search-sync-source-password: mongot 프로세스 에서 데이터를 동기화하고 인덱스를 관리 위해 내부적으로 사용하는 전용 검색 사용자의 자격 증명입니다.

Kubernetes Operator는 이러한 시크릿을 MongoDB pod에 마운트합니다.

시크릿을 생성하려면 MongoDB Server 배포하고 MongoDB Search 및 Vector Search를 배포 할 네임스페이스 에 다음을 복사하여 붙여넣은 후 실행 .

1 # admin user with root role
2 kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
3   create secret generic mdb-admin-user-password \
4   --from-literal=password="${MDB_ADMIN_USER_PASSWORD}"
5 
6 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
7 apiVersion: mongodb.com/v1
8 kind: MongoDBUser
9 metadata:
10   name: mdb-admin
11 spec:
12   username: mdb-admin
13   db: admin
14   mongodbResourceRef:
15     name: ${MDB_RESOURCE_NAME}
16   passwordSecretKeyRef:
17     name: mdb-admin-user-password
18     key: password
19   roles:
20   - name: root
21     db: admin
22 EOF
23 
24 # user used by MongoDB Search to connect to MongoDB database to synchronize data from
25 # For MongoDB <8.2, the operator will be creating the searchCoordinator custom role automatically
26 # From MongoDB 8.2, searchCoordinator role will be a built-in role.
27 kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
28   create secret generic mdb-rs-search-sync-source-password \
29   --from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}"
30 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
31 apiVersion: mongodb.com/v1
32 kind: MongoDBUser
33 metadata:
34   name: search-sync-source-user
35 spec:
36   username: search-sync-source
37   db: admin
38   mongodbResourceRef:
39     name: ${MDB_RESOURCE_NAME}
40   passwordSecretKeyRef:
41     name: mdb-rs-search-sync-source-password
42     key: password
43   roles:
44   - name: searchCoordinator
45     db: admin
46 EOF
47 
48 # user performing search queries
49 kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
50   create secret generic mdb-user-password \
51   --from-literal=password="${MDB_USER_PASSWORD}"
52 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
53 apiVersion: mongodb.com/v1
54 kind: MongoDBUser
55 metadata:
56   name: mdb-user
57 spec:
58   username: mdb-user
59   db: admin
60   mongodbResourceRef:
61     name: ${MDB_RESOURCE_NAME}
62   passwordSecretKeyRef:
63     name: mdb-user-password
64     key: password
65   roles:
66   - name: readWrite
67     db: sample_mflix
68 EOF

1 secret/mdb-admin-user-password created
2 secret/mdbc-rs-search-sync-source-password created
3 secret/mdb-user-password created

필수입니다. MongoDB Search 및 Vector Search를 위한 리소스 생성하고 배포 .

로드 밸런싱 없이 검색 노드 의 인스턴스 하나를 배포 할 수 있습니다. 배포 하려면 다음 단계를 완료하세요.

mdbc-rs(이)라는 MongoDBSearch 사용자 지정 리소스 만듭니다.

이 리소스 검색 노드에 대한 CPU 및 메모리 리소스 요구 사항을 지정합니다. 이 사용자 지정 리소스 의 설정에 대해 자세히 학습 MongoDB 검색 및 벡터 검색 설정을 참조하세요.

1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2 apiVersion: mongodb.com/v1
3 kind: MongoDBSearch
4 metadata:
5   name: ${MDB_RESOURCE_NAME}
6 spec:
7   # no need to specify source.mongodbResourceRef if MongoDBSearch CR has the same name as MongoDB CR
8   # the operator infer it automatically
9   resourceRequirements:
10     limits:
11       cpu: "3"
12       memory: 5Gi
13     requests:
14       cpu: "2"
15       memory: 3Gi
16 EOF

MongoDBSearch 리소스 배포서버 완료될 때까지 기다립니다.
MongoDBSearch 사용자 지정 리소스 적용 Kubernetes 연산자 검색 노드(pod) 배포를 시작합니다. 이 단계에서는 mdbc-rs 리소스의 상태 단계가 Running가 되어 MongoDB Community 복제본 세트 작동 가능함을 나타낼 때까지 실행을 일시 중지합니다.
```
1 echo "Waiting for MongoDBSearch resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running mdbs/mdb-rs --timeout=300s
```

선택 사항. MongoDB Community 리소스 상태를 확인합니다.

MongoDBSearch 을(를) 사용하여 MongoDB 리소스 배포서버 성공적인 했는지 확인합니다.

1 echo "Waiting for MongoDB resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running "mdb/${MDB_RESOURCE_NAME}" --timeout=400s

선택 사항. 네임스페이스 에서 실행 모든 파드를 확인합니다.

네임스페이스 파드에서 MongoDB 복제본 세트 멤버, Kubernetes Operator용 MongoDB 컨트롤러 및 검색 노드에 대해 실행 모든 파드를 확인합니다.

1 echo; echo "MongoDB resource"
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get "mdb/${MDB_RESOURCE_NAME}"
3 echo; echo "MongoDBSearch resource"
4 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbs/mdb-rs
5 echo; echo "Pods running in cluster ${K8S_CTX}"
6 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1 MongoDB resource
2 NAME     PHASE     VERSION      TYPE         AGE
3 mdb-rs   Running   8.0.10-ent   ReplicaSet   7m57s
4 
5 MongoDBSearch resource
6 NAME     PHASE     AGE
7 mdb-rs   Running   5m26s
8 
9 Pods running in cluster kind-kind
10 NAME                                          READY   STATUS    RESTARTS   AGE
11 mdb-rs-0                                      1/1     Running   0          7m54s
12 mdb-rs-1                                      1/1     Running   0          7m13s
13 mdb-rs-2                                      1/1     Running   0          6m47s
14 mdb-rs-search-0                               1/1     Running   0          4m8s
15 mongodb-kubernetes-operator-fc996f567-jl595   1/1     Running   0          7m59s

다음 단계

이제 MongoDB 엔터프라이즈 Edition과 함께 사용할 MongoDB Search 및 Vector Search를 성공적으로 배포했으므로, MongoDB cluster 에 데이터를 추가하고, MongoDB Search 및 Vector Search 인덱스를 생성하고, 데이터에 대해 쿼리를 실행 . 자세한 학습 은 MongoDB 검색 및 벡터 검색 설정을 참조하세요.

1	# set it to the context name of the k8s cluster
2	export K8S_CTX="<local cluster context>"
3
4	# the following namespace will be created if not exists
5	export MDB_NS="mongodb"
6
7	# name of the MongoDB Custom Resource.
8	export MDB_RESOURCE_NAME="mdb-rs"
9
10	# OM/CM's project name to be used to manage mongodb replica set
11	export OPS_MANAGER_PROJECT_NAME="<arbitrary project name>"
12
13	# URL to Cloud Manager or Ops Manager instance
14	export OPS_MANAGER_API_URL="https://cloud-qa.mongodb.com"
15
16	# The API key can be an Org Owner - the operator can create the project automatically then.
17	# The API key can also be created in a particular project that was created manually with the Project Owner scope .
18	export OPS_MANAGER_API_USER="abcdefg"
19	export OPS_MANAGER_API_KEY="00000-abcd-efgh-1111-12345678"
20	export OPS_MANAGER_ORG_ID="62a73abcdefgh12345678"
21
22	# minimum required MongoDB version for running MongoDB Search is 8.0.10
23	export MDB_VERSION="8.0.10"
24
25	# root admin user for convenience, not used here at all in this guide
26	export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
27	# regular user performing restore and search queries on sample mflix database
28	export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
29	# user for MongoDB Search to connect to the replica set to synchronise data from
30	export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
31
32	export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
33	# comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator
34	export OPERATOR_ADDITIONAL_HELM_VALUES=""
35
36	export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=${MDB_RESOURCE_NAME}"

1	helm repo add mongodb https://mongodb.github.io/helm-charts
2	helm repo update mongodb
3	helm search repo mongodb/mongodb-kubernetes

1	"mongodb" already exists with the same configuration, skipping
2	Hang tight while we grab the latest from your chart repositories...
3	...Successfully got an update from the "mongodb" chart repository
4	Update Complete. ⎈Happy Helming!⎈
5	NAME CHART VERSION APP VERSION DESCRIPTION
6	mongodb/mongodb-kubernetes 1.3.0 MongoDB Controllers for Kubernetes translate th...

1	helm upgrade --install --debug --kube-context "${K8S_CTX}" \
2	--create-namespace \
3	--namespace="${MDB_NS}" \
4	mongodb-kubernetes \
5	${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
6	"${OPERATOR_HELM_CHART}"

1	Release "mongodb-kubernetes" does not exist. Installing it now.
2	NAME: mongodb-kubernetes
3	LAST DEPLOYED: Tue Sep 16 14:11:48 2025
4	NAMESPACE: mongodb
5	STATUS: deployed
6	REVISION: 1
7	TEST SUITE: None
8	USER-SUPPLIED VALUES:
9	{}
10
11	COMPUTED VALUES:
12	agent:
13	name: mongodb-agent
14	version: 108.0.12.8846-1
15	community:
16	agent:
17	name: mongodb-agent
18	version: 108.0.2.8729-1
19	mongodb:
20	imageType: ubi8
21	name: mongodb-community-server
22	repo: quay.io/mongodb
23	registry:
24	agent: quay.io/mongodb
25	resource:
26	members: 3
27	name: mongodb-replica-set
28	tls:
29	caCertificateSecretRef: tls-ca-key-pair
30	certManager:
31	certDuration: 8760h
32	renewCertBefore: 720h
33	certificateKeySecretRef: tls-certificate
34	enabled: false
35	sampleX509User: false
36	useCertManager: true
37	useX509: false
38	version: 4.4.0
39	database:
40	name: mongodb-kubernetes-database
41	version: 1.4.0
42	initAppDb:
43	name: mongodb-kubernetes-init-appdb
44	version: 1.4.0
45	initDatabase:
46	name: mongodb-kubernetes-init-database
47	version: 1.4.0
48	initOpsManager:
49	name: mongodb-kubernetes-init-ops-manager
50	version: 1.4.0
51	managedSecurityContext: false
52	mongodb:
53	appdbAssumeOldFormat: false
54	imageType: ubi8
55	name: mongodb-enterprise-server
56	repo: quay.io/mongodb
57	multiCluster:
58	clusterClientTimeout: 10
59	clusters: []
60	kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
61	performFailOver: true
62	operator:
63	additionalArguments: []
64	affinity: {}
65	baseName: mongodb-kubernetes
66	createOperatorServiceAccount: true
67	createResourcesServiceAccountsAndRoles: true
68	deployment_name: mongodb-kubernetes-operator
69	enableClusterMongoDBRoles: true
70	enablePVCResize: true
71	env: prod
72	maxConcurrentReconciles: 1
73	mdbDefaultArchitecture: non-static
74	name: mongodb-kubernetes-operator
75	nodeSelector: {}
76	operator_image_name: mongodb-kubernetes
77	replicas: 1
78	resources:
79	limits:
80	cpu: 1100m
81	memory: 1Gi
82	requests:
83	cpu: 500m
84	memory: 200Mi
85	telemetry:
86	collection:
87	clusters: {}
88	deployments: {}
89	frequency: 1h
90	operators: {}
91	send:
92	frequency: 168h
93	tolerations: []
94	vaultSecretBackend:
95	enabled: false
96	tlsSecretRef: ""
97	version: 1.4.0
98	watchedResources:
99	- mongodb
100	- opsmanagers
101	- mongodbusers
102	- mongodbcommunity
103	- mongodbsearch
104	webhook:
105	installClusterRole: true
106	registerConfiguration: true
107	opsManager:
108	name: mongodb-enterprise-ops-manager-ubi
109	readinessProbe:
110	name: mongodb-kubernetes-readinessprobe
111	version: 1.0.22
112	registry:
113	agent: quay.io/mongodb
114	database: quay.io/mongodb
115	imagePullSecrets: null
116	initAppDb: quay.io/mongodb
117	initDatabase: quay.io/mongodb
118	initOpsManager: quay.io/mongodb
119	operator: quay.io/mongodb
120	opsManager: quay.io/mongodb
121	pullPolicy: Always
122	readinessProbe: quay.io/mongodb
123	versionUpgradeHook: quay.io/mongodb
124	search:
125	name: mongodb-search
126	repo: quay.io/mongodb
127	version: 0.53.1
128	versionUpgradeHook:
129	name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
130	version: 1.0.9
131
132	HOOKS:
133	MANIFEST:
134	---
135	# Source: mongodb-kubernetes/templates/database-roles.yaml
136	apiVersion: v1
137	kind: ServiceAccount
138	metadata:
139	name: mongodb-kubernetes-appdb
140	namespace: mongodb
141	---
142	# Source: mongodb-kubernetes/templates/database-roles.yaml
143	apiVersion: v1
144	kind: ServiceAccount
145	metadata:
146	name: mongodb-kubernetes-database-pods
147	namespace: mongodb
148	---
149	# Source: mongodb-kubernetes/templates/database-roles.yaml
150	apiVersion: v1
151	kind: ServiceAccount
152	metadata:
153	name: mongodb-kubernetes-ops-manager
154	namespace: mongodb
155	---
156	# Source: mongodb-kubernetes/templates/operator-sa.yaml
157	apiVersion: v1
158	kind: ServiceAccount
159	metadata:
160	name: mongodb-kubernetes-operator
161	namespace: mongodb
162	---
163	# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
164	kind: ClusterRole
165	apiVersion: rbac.authorization.k8s.io/v1
166	metadata:
167	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
168	rules:
169	- apiGroups:
170	- mongodb.com
171	verbs:
172	- '*'
173	resources:
174	- clustermongodbroles
175	---
176	# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
177	# Additional ClusterRole for clusterVersionDetection
178	kind: ClusterRole
179	apiVersion: rbac.authorization.k8s.io/v1
180	metadata:
181	name: mongodb-kubernetes-operator-cluster-telemetry
182	rules:
183	# Non-resource URL permissions
184	- nonResourceURLs:
185	- "/version"
186	verbs:
187	- get
188	# Cluster-scoped resource permissions
189	- apiGroups:
190	- ''
191	resources:
192	- namespaces
193	resourceNames:
194	- kube-system
195	verbs:
196	- get
197	- apiGroups:
198	- ''
199	resources:
200	- nodes
201	verbs:
202	- list
203	---
204	# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
205	kind: ClusterRole
206	apiVersion: rbac.authorization.k8s.io/v1
207	metadata:
208	name: mongodb-kubernetes-operator-mongodb-webhook-cr
209	rules:
210	- apiGroups:
211	- "admissionregistration.k8s.io"
212	resources:
213	- validatingwebhookconfigurations
214	verbs:
215	- get
216	- create
217	- update
218	- delete
219	- apiGroups:
220	- ""
221	resources:
222	- services
223	verbs:
224	- get
225	- list
226	- watch
227	- create
228	- update
229	- delete
230	---
231	# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
232	kind: ClusterRoleBinding
233	apiVersion: rbac.authorization.k8s.io/v1
234	metadata:
235	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding
236	roleRef:
237	apiGroup: rbac.authorization.k8s.io
238	kind: ClusterRole
239	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
240	subjects:
241	- kind: ServiceAccount
242	name: mongodb-kubernetes-operator
243	namespace: mongodb
244	---
245	# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
246	# ClusterRoleBinding for clusterVersionDetection
247	kind: ClusterRoleBinding
248	apiVersion: rbac.authorization.k8s.io/v1
249	metadata:
250	name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding
251	roleRef:
252	apiGroup: rbac.authorization.k8s.io
253	kind: ClusterRole
254	name: mongodb-kubernetes-operator-cluster-telemetry
255	subjects:
256	- kind: ServiceAccount
257	name: mongodb-kubernetes-operator
258	namespace: mongodb
259	---
260	# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
261	kind: ClusterRoleBinding
262	apiVersion: rbac.authorization.k8s.io/v1
263	metadata:
264	name: mongodb-kubernetes-operator-mongodb-webhook-crb
265	roleRef:
266	apiGroup: rbac.authorization.k8s.io
267	kind: ClusterRole
268	name: mongodb-kubernetes-operator-mongodb-webhook-cr
269	subjects:
270	- kind: ServiceAccount
271	name: mongodb-kubernetes-operator
272	namespace: mongodb
273	---
274	# Source: mongodb-kubernetes/templates/database-roles.yaml
275	kind: Role
276	apiVersion: rbac.authorization.k8s.io/v1
277	metadata:
278	name: mongodb-kubernetes-appdb
279	namespace: mongodb
280	rules:
281	- apiGroups:
282	- ''
283	resources:
284	- secrets
285	verbs:
286	- get
287	- apiGroups:
288	- ''
289	resources:
290	- pods
291	verbs:
292	- patch
293	- delete
294	- get
295	---
296	# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
297	kind: Role
298	apiVersion: rbac.authorization.k8s.io/v1
299	metadata:
300	name: mongodb-kubernetes-operator
301	namespace: mongodb
302	rules:
303	- apiGroups:
304	- ''
305	resources:
306	- services
307	verbs:
308	- get
309	- list
310	- watch
311	- create
312	- update
313	- delete
314	- apiGroups:
315	- ''
316	resources:
317	- secrets
318	- configmaps
319	verbs:
320	- get
321	- list
322	- create
323	- update
324	- delete
325	- watch
326	- apiGroups:
327	- apps
328	resources:
329	- statefulsets
330	verbs:
331	- create
332	- get
333	- list
334	- watch
335	- delete
336	- update
337	- apiGroups:
338	- ''
339	resources:
340	- pods
341	verbs:
342	- get
343	- list
344	- watch
345	- delete
346	- deletecollection
347	- apiGroups:
348	- mongodbcommunity.mongodb.com
349	resources:
350	- mongodbcommunity
351	- mongodbcommunity/status
352	- mongodbcommunity/spec
353	- mongodbcommunity/finalizers
354	verbs:
355	- '*'
356	- apiGroups:
357	- mongodb.com
358	verbs:
359	- '*'
360	resources:
361	- mongodb
362	- mongodb/finalizers
363	- mongodbusers
364	- mongodbusers/finalizers
365	- opsmanagers
366	- opsmanagers/finalizers
367	- mongodbmulticluster
368	- mongodbmulticluster/finalizers
369	- mongodbsearch
370	- mongodbsearch/finalizers
371	- mongodb/status
372	- mongodbusers/status
373	- opsmanagers/status
374	- mongodbmulticluster/status
375	- mongodbsearch/status
376	---
377	# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
378	kind: Role
379	apiVersion: rbac.authorization.k8s.io/v1
380	metadata:
381	name: mongodb-kubernetes-operator-pvc-resize
382	namespace: mongodb
383	rules:
384	- apiGroups:
385	- ''
386	resources:
387	- persistentvolumeclaims
388	verbs:
389	- get
390	- delete
391	- list
392	- watch
393	- patch
394	- update
395	---
396	# Source: mongodb-kubernetes/templates/database-roles.yaml
397	kind: RoleBinding
398	apiVersion: rbac.authorization.k8s.io/v1
399	metadata:
400	name: mongodb-kubernetes-appdb
401	namespace: mongodb
402	roleRef:
403	apiGroup: rbac.authorization.k8s.io
404	kind: Role
405	name: mongodb-kubernetes-appdb
406	subjects:
407	- kind: ServiceAccount
408	name: mongodb-kubernetes-appdb
409	namespace: mongodb
410	---
411	# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
412	kind: RoleBinding
413	apiVersion: rbac.authorization.k8s.io/v1
414	metadata:
415	name: mongodb-kubernetes-operator
416	namespace: mongodb
417	roleRef:
418	apiGroup: rbac.authorization.k8s.io
419	kind: Role
420	name: mongodb-kubernetes-operator
421	subjects:
422	- kind: ServiceAccount
423	name: mongodb-kubernetes-operator
424	namespace: mongodb
425	---
426	# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
427	kind: RoleBinding
428	apiVersion: rbac.authorization.k8s.io/v1
429	metadata:
430	name: mongodb-kubernetes-operator-pvc-resize-binding
431	namespace: mongodb
432	roleRef:
433	apiGroup: rbac.authorization.k8s.io
434	kind: Role
435	name: mongodb-kubernetes-operator-pvc-resize
436	subjects:
437	- kind: ServiceAccount
438	name: mongodb-kubernetes-operator
439	namespace: mongodb
440	---
441	# Source: mongodb-kubernetes/templates/operator.yaml
442	apiVersion: apps/v1
443	kind: Deployment
444	metadata:
445	name: mongodb-kubernetes-operator
446	namespace: mongodb
447	spec:
448	replicas: 1
449	selector:
450	matchLabels:
451	app.kubernetes.io/component: controller
452	app.kubernetes.io/name: mongodb-kubernetes-operator
453	app.kubernetes.io/instance: mongodb-kubernetes-operator
454	template:
455	metadata:
456	labels:
457	app.kubernetes.io/component: controller
458	app.kubernetes.io/name: mongodb-kubernetes-operator
459	app.kubernetes.io/instance: mongodb-kubernetes-operator
460	spec:
461	serviceAccountName: mongodb-kubernetes-operator
462	securityContext:
463	runAsNonRoot: true
464	runAsUser: 2000
465	containers:
466	- name: mongodb-kubernetes-operator
467	image: "quay.io/mongodb/mongodb-kubernetes:1.4.0"
468	imagePullPolicy: Always
469	args:
470	- -watch-resource=mongodb
471	- -watch-resource=opsmanagers
472	- -watch-resource=mongodbusers
473	- -watch-resource=mongodbcommunity
474	- -watch-resource=mongodbsearch
475	- -watch-resource=clustermongodbroles
476	command:
477	- /usr/local/bin/mongodb-kubernetes-operator
478	resources:
479	limits:
480	cpu: 1100m
481	memory: 1Gi
482	requests:
483	cpu: 500m
484	memory: 200Mi
485	env:
486	- name: OPERATOR_ENV
487	value: prod
488	- name: MDB_DEFAULT_ARCHITECTURE
489	value: non-static
490	- name: NAMESPACE
491	valueFrom:
492	fieldRef:
493	fieldPath: metadata.namespace
494	- name: WATCH_NAMESPACE
495	valueFrom:
496	fieldRef:
497	fieldPath: metadata.namespace
498	- name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY
499	value: "1h"
500	- name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY
501	value: "168h"
502	- name: CLUSTER_CLIENT_TIMEOUT
503	value: "10"
504	- name: IMAGE_PULL_POLICY
505	value: Always
506	# Database
507	- name: MONGODB_ENTERPRISE_DATABASE_IMAGE
508	value: quay.io/mongodb/mongodb-kubernetes-database
509	- name: INIT_DATABASE_IMAGE_REPOSITORY
510	value: quay.io/mongodb/mongodb-kubernetes-init-database
511	- name: INIT_DATABASE_VERSION
512	value: 1.4.0
513	- name: DATABASE_VERSION
514	value: 1.4.0
515	# Ops Manager
516	- name: OPS_MANAGER_IMAGE_REPOSITORY
517	value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
518	- name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
519	value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager
520	- name: INIT_OPS_MANAGER_VERSION
521	value: 1.4.0
522	# AppDB
523	- name: INIT_APPDB_IMAGE_REPOSITORY
524	value: quay.io/mongodb/mongodb-kubernetes-init-appdb
525	- name: INIT_APPDB_VERSION
526	value: 1.4.0
527	- name: OPS_MANAGER_IMAGE_PULL_POLICY
528	value: Always
529	- name: AGENT_IMAGE
530	value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1"
531	- name: MDB_AGENT_IMAGE_REPOSITORY
532	value: "quay.io/mongodb/mongodb-agent"
533	- name: MONGODB_IMAGE
534	value: mongodb-enterprise-server
535	- name: MONGODB_REPO_URL
536	value: quay.io/mongodb
537	- name: MDB_IMAGE_TYPE
538	value: ubi8
539	- name: PERFORM_FAILOVER
540	value: 'true'
541	- name: MDB_MAX_CONCURRENT_RECONCILES
542	value: "1"
543	- name: POD_NAME
544	valueFrom:
545	fieldRef:
546	fieldPath: metadata.name
547	- name: OPERATOR_NAME
548	value: mongodb-kubernetes-operator
549	# Community Env Vars Start
550	- name: MDB_COMMUNITY_AGENT_IMAGE
551	value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1"
552	- name: VERSION_UPGRADE_HOOK_IMAGE
553	value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.9"
554	- name: READINESS_PROBE_IMAGE
555	value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.22"
556	- name: MDB_COMMUNITY_IMAGE
557	value: "mongodb-community-server"
558	- name: MDB_COMMUNITY_REPO_URL
559	value: "quay.io/mongodb"
560	- name: MDB_COMMUNITY_IMAGE_TYPE
561	value: "ubi8"
562	# Community Env Vars End
563	- name: MDB_SEARCH_REPO_URL
564	value: "quay.io/mongodb"
565	- name: MDB_SEARCH_NAME
566	value: "mongodb-search"
567	- name: MDB_SEARCH_VERSION
568	value: "0.53.1"

1	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2	apiVersion: mongodb.com/v1
3	kind: MongoDB
4	metadata:
5	name: ${MDB_RESOURCE_NAME}
6	spec:
7	members: 3
8	version: ${MDB_VERSION}-ent
9	type: ReplicaSet
10	opsManager:
11	configMapRef:
12	name: om-project
13	credentials: om-credentials
14	security:
15	authentication:
16	enabled: true
17	ignoreUnknownUsers: true
18	modes:
19	- SCRAM
20	agent:
21	logLevel: DEBUG
22	statefulSet:
23	spec:
24	template:
25	spec:
26	containers:
27	- name: mongodb-enterprise-database
28	resources:
29	limits:
30	cpu: "2"
31	memory: 2Gi
32	requests:
33	cpu: "1"
34	memory: 1Gi
35	EOF

1	echo "Waiting for MongoDB resource to reach Running phase..."
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running "mdb/${MDB_RESOURCE_NAME}" --timeout=400s
3	echo; echo "MongoDB resource"
4	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get "mdb/${MDB_RESOURCE_NAME}"
5	echo; echo "Pods running in cluster ${K8S_CTX}"
6	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1	Waiting for MongoDB resource to reach Running phase...
2	mongodb.mongodb.mongodb.com/mdbc-rs condition met
3
4	MongoDB resource
5	NAME PHASE VERSION
6	mdbc-rs Running 8.0.10
7
8	Pods running in cluster minikube
9	NAME READY STATUS RESTARTS AGE
10	mdbc-rs-0 2/2 Running 0 2m30s
11	mdbc-rs-1 2/2 Running 0 82s
12	mdbc-rs-2 2/2 Running 0 38s
13	mongodb-kubernetes-operator-5776c8b4df-cppnf 1/1 Running 0 7m37s

1	# admin user with root role
2	kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
3	create secret generic mdb-admin-user-password \
4	--from-literal=password="${MDB_ADMIN_USER_PASSWORD}"
5
6	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
7	apiVersion: mongodb.com/v1
8	kind: MongoDBUser
9	metadata:
10	name: mdb-admin
11	spec:
12	username: mdb-admin
13	db: admin
14	mongodbResourceRef:
15	name: ${MDB_RESOURCE_NAME}
16	passwordSecretKeyRef:
17	name: mdb-admin-user-password
18	key: password
19	roles:
20	- name: root
21	db: admin
22	EOF
23
24	# user used by MongoDB Search to connect to MongoDB database to synchronize data from
25	# For MongoDB <8.2, the operator will be creating the searchCoordinator custom role automatically
26	# From MongoDB 8.2, searchCoordinator role will be a built-in role.
27	kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
28	create secret generic mdb-rs-search-sync-source-password \
29	--from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}"
30	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
31	apiVersion: mongodb.com/v1
32	kind: MongoDBUser
33	metadata:
34	name: search-sync-source-user
35	spec:
36	username: search-sync-source
37	db: admin
38	mongodbResourceRef:
39	name: ${MDB_RESOURCE_NAME}
40	passwordSecretKeyRef:
41	name: mdb-rs-search-sync-source-password
42	key: password
43	roles:
44	- name: searchCoordinator
45	db: admin
46	EOF
47
48	# user performing search queries
49	kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
50	create secret generic mdb-user-password \
51	--from-literal=password="${MDB_USER_PASSWORD}"
52	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
53	apiVersion: mongodb.com/v1
54	kind: MongoDBUser
55	metadata:
56	name: mdb-user
57	spec:
58	username: mdb-user
59	db: admin
60	mongodbResourceRef:
61	name: ${MDB_RESOURCE_NAME}
62	passwordSecretKeyRef:
63	name: mdb-user-password
64	key: password
65	roles:
66	- name: readWrite
67	db: sample_mflix
68	EOF

1	secret/mdb-admin-user-password created
2	secret/mdbc-rs-search-sync-source-password created
3	secret/mdb-user-password created

1	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2	apiVersion: mongodb.com/v1
3	kind: MongoDBSearch
4	metadata:
5	name: ${MDB_RESOURCE_NAME}
6	spec:
7	# no need to specify source.mongodbResourceRef if MongoDBSearch CR has the same name as MongoDB CR
8	# the operator infer it automatically
9	resourceRequirements:
10	limits:
11	cpu: "3"
12	memory: 5Gi
13	requests:
14	cpu: "2"
15	memory: 3Gi
16	EOF

1	echo "Waiting for MongoDBSearch resource to reach Running phase..."
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running mdbs/mdb-rs --timeout=300s

1	echo; echo "MongoDB resource"
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get "mdb/${MDB_RESOURCE_NAME}"
3	echo; echo "MongoDBSearch resource"
4	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbs/mdb-rs
5	echo; echo "Pods running in cluster ${K8S_CTX}"
6	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1	MongoDB resource
2	NAME PHASE VERSION TYPE AGE
3	mdb-rs Running 8.0.10-ent ReplicaSet 7m57s
4
5	MongoDBSearch resource
6	NAME PHASE AGE
7	mdb-rs Running 5m26s
8
9	Pods running in cluster kind-kind
10	NAME READY STATUS RESTARTS AGE
11	mdb-rs-0 1/1 Running 0 7m54s
12	mdb-rs-1 1/1 Running 0 7m13s
13	mdb-rs-2 1/1 Running 0 6m47s
14	mdb-rs-search-0 1/1 Running 0 4m8s
15	mongodb-kubernetes-operator-fc996f567-jl595 1/1 Running 0 7m59s