/ /

Kubernetes Operator 的控制器

部署搜索和向量搜索

Docs 主页

管理

Kubernetes Operator 的控制器

部署搜索和向量搜索

安装和使用 MongoDB Community Edition

支持使用Kubernetes 操作符部署MongoDB Search 和MongoDB Vector Search 是作为 Preview功能提供的。在预览期间，功能和相应的文档可能随时更改。要学习；了解详情，请参阅预览功能。

您可以使用Kubernetes操作符并部署mongot进程资源，以便在Kubernetes集群上与MongoDB Community Edition v8.2.0或更高版本一起运行。mongot进程支持MongoDB Search搜索向量搜索。以下过程演示了如何部署和配置MongoDB 搜索和向量搜索，以便使用Kubernetes集群中的新副本集或现有副本集来运行。

先决条件

要部署MongoDB Search 和 Vector Search，您必须具备以下条件：

正在运行的 Kubernetes 集群。
Kubernetes命令行工具 kubectl，配置为与集群通信。
Helm（ Kubernetes的包管理器），用于安装Kubernetes Operator。
Bash v5.1 或更高版本，用于运行本教程中的命令。

步骤

必填。设置环境变量。

要设立用于此过程后续步骤的环境变量，请复制以下内容，设立环境变量的值，然后加载环境变量：

1 # set it to the context name of the k8s cluster
2 export K8S_CTX="<local cluster context>"
3 
4 # the following namespace will be created if not exists
5 export MDB_NS="mongodb"
6 
7 # minimum required MongoDB version for running MongoDB Search is 8.2.0
8 export MDB_VERSION="8.2.0"
9 
10 # root admin user for convenience, not used here at all in this guide
11 export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
12 # regular user performing restore and search queries on sample mflix database
13 export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
14 # user for MongoDB Search to connect to the replica set to synchronise data from
15 export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
16 
17 export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
18 # comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator
19 export OPERATOR_ADDITIONAL_HELM_VALUES=""
20 
21 export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@mdbc-rs-0.mdbc-rs-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=mdbc-rs"

有条件。添加MongoDB Helm存储库。

Helm 自动部署和管理 Kubernetes 上的 MongoDB 实例。如果您已经拥有包含用于安装 Kubernetes 操作符的 Helm 图表的 Helm 存储库，请跳过此步骤。否则，请添加 Helm存储库。

要添加 Helm存储库，请复制、粘贴并运行以下命令：

1 helm repo add mongodb https://mongodb.github.io/helm-charts
2 helm repo update mongodb
3 helm search repo mongodb/mongodb-kubernetes

1 "mongodb" has been added to your repositories
2 Hang tight while we grab the latest from your chart repositories...
3 ...Successfully got an update from the "mongodb" chart repository
4 Update Complete. ⎈Happy Helming!⎈
5 NAME                      	CHART VERSION	APP VERSION	DESCRIPTION                                       
6 mongodb/mongodb-kubernetes	1.5.0        	           	MongoDB Controllers for Kubernetes translate th...

有条件。为Kubernetes Operator 安装MongoDB控制器。

Kubernetes 操作符监视 MongoDBCommunity 和 MongoDBSearch 自定义资源，并管理 MongoDB 部署的生命周期。如果您已经安装了MongoDB Controllers for Kubernetes 操作符，请跳过此步骤。否则，请从您在上一步中添加的 Helm存储库安装MongoDB Controllers for Kubernetes 操作符。

要在 mongodb 命名空间中安装 MongoDB Controllers for Kubernetes 操作符，请复制、粘贴并运行以下命令：

1 helm upgrade --install --debug --kube-context "${K8S_CTX}" \
2   --create-namespace \
3   --namespace="${MDB_NS}" \
4   mongodb-kubernetes \
5   ${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
6   "${OPERATOR_HELM_CHART}"

1 Release "mongodb-kubernetes" does not exist. Installing it now.
2 NAME: mongodb-kubernetes
3 LAST DEPLOYED: Wed Oct 15 09:35:29 2025
4 NAMESPACE: mongodb
5 STATUS: deployed
6 REVISION: 1
7 TEST SUITE: None
8 USER-SUPPLIED VALUES:
9 {}
10 
11 COMPUTED VALUES:
12 agent:
13   name: mongodb-agent
14   version: 108.0.12.8846-1
15 community:
16   agent:
17     name: mongodb-agent
18     version: 108.0.2.8729-1
19   mongodb:
20     imageType: ubi8
21     name: mongodb-community-server
22     repo: quay.io/mongodb
23   registry:
24     agent: quay.io/mongodb
25   resource:
26     members: 3
27     name: mongodb-replica-set
28     tls:
29       caCertificateSecretRef: tls-ca-key-pair
30       certManager:
31         certDuration: 8760h
32         renewCertBefore: 720h
33       certificateKeySecretRef: tls-certificate
34       enabled: false
35       sampleX509User: false
36       useCertManager: true
37       useX509: false
38     version: 4.4.0
39 database:
40   name: mongodb-kubernetes-database
41   version: 1.5.0
42 initAppDb:
43   name: mongodb-kubernetes-init-appdb
44   version: 1.5.0
45 initDatabase:
46   name: mongodb-kubernetes-init-database
47   version: 1.5.0
48 initOpsManager:
49   name: mongodb-kubernetes-init-ops-manager
50   version: 1.5.0
51 managedSecurityContext: false
52 mongodb:
53   appdbAssumeOldFormat: false
54   imageType: ubi8
55   name: mongodb-enterprise-server
56   repo: quay.io/mongodb
57 multiCluster:
58   clusterClientTimeout: 10
59   clusters: []
60   kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
61   performFailOver: true
62 operator:
63   additionalArguments: []
64   affinity: {}
65   baseName: mongodb-kubernetes
66   createOperatorServiceAccount: true
67   createResourcesServiceAccountsAndRoles: true
68   deployment_name: mongodb-kubernetes-operator
69   enableClusterMongoDBRoles: true
70   enablePVCResize: true
71   env: prod
72   maxConcurrentReconciles: 1
73   mdbDefaultArchitecture: non-static
74   name: mongodb-kubernetes-operator
75   nodeSelector: {}
76   operator_image_name: mongodb-kubernetes
77   replicas: 1
78   resources:
79     limits:
80       cpu: 1100m
81       memory: 1Gi
82     requests:
83       cpu: 500m
84       memory: 200Mi
85   telemetry:
86     collection:
87       clusters: {}
88       deployments: {}
89       frequency: 1h
90       operators: {}
91     send:
92       frequency: 168h
93   tolerations: []
94   vaultSecretBackend:
95     enabled: false
96     tlsSecretRef: ""
97   version: 1.5.0
98   watchedResources:
99   - mongodb
100   - opsmanagers
101   - mongodbusers
102   - mongodbcommunity
103   - mongodbsearch
104   webhook:
105     installClusterRole: true
106     registerConfiguration: true
107 opsManager:
108   name: mongodb-enterprise-ops-manager-ubi
109 readinessProbe:
110   name: mongodb-kubernetes-readinessprobe
111   version: 1.0.23
112 registry:
113   agent: quay.io/mongodb
114   database: quay.io/mongodb
115   imagePullSecrets: null
116   initAppDb: quay.io/mongodb
117   initDatabase: quay.io/mongodb
118   initOpsManager: quay.io/mongodb
119   operator: quay.io/mongodb
120   opsManager: quay.io/mongodb
121   pullPolicy: Always
122   readinessProbe: quay.io/mongodb
123   versionUpgradeHook: quay.io/mongodb
124 search:
125   name: mongodb-search
126   repo: quay.io/mongodb
127   version: 0.53.1
128 versionUpgradeHook:
129   name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
130   version: 1.0.10
131 
132 HOOKS:
133 MANIFEST:
134 ---
135 # Source: mongodb-kubernetes/templates/database-roles.yaml
136 apiVersion: v1
137 kind: ServiceAccount
138 metadata:
139   name: mongodb-kubernetes-appdb
140   namespace: mongodb
141 ---
142 # Source: mongodb-kubernetes/templates/database-roles.yaml
143 apiVersion: v1
144 kind: ServiceAccount
145 metadata:
146   name: mongodb-kubernetes-database-pods
147   namespace: mongodb
148 ---
149 # Source: mongodb-kubernetes/templates/database-roles.yaml
150 apiVersion: v1
151 kind: ServiceAccount
152 metadata:
153   name: mongodb-kubernetes-ops-manager
154   namespace: mongodb
155 ---
156 # Source: mongodb-kubernetes/templates/operator-sa.yaml
157 apiVersion: v1
158 kind: ServiceAccount
159 metadata:
160   name: mongodb-kubernetes-operator
161   namespace: mongodb
162 ---
163 # Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
164 kind: ClusterRole
165 apiVersion: rbac.authorization.k8s.io/v1
166 metadata:
167   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
168 rules:
169   - apiGroups:
170       - mongodb.com
171     verbs:
172       - '*'
173     resources:
174       - clustermongodbroles
175 ---
176 # Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
177 # Additional ClusterRole for clusterVersionDetection
178 kind: ClusterRole
179 apiVersion: rbac.authorization.k8s.io/v1
180 metadata:
181   name: mongodb-kubernetes-operator-cluster-telemetry
182 rules:
183   # Non-resource URL permissions
184   - nonResourceURLs:
185       - "/version"
186     verbs:
187       - get
188   # Cluster-scoped resource permissions
189   - apiGroups:
190       - ''
191     resources:
192       - namespaces
193     resourceNames:
194       - kube-system
195     verbs:
196       - get
197   - apiGroups:
198       - ''
199     resources:
200       - nodes
201     verbs:
202       - list
203 ---
204 # Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
205 kind: ClusterRole
206 apiVersion: rbac.authorization.k8s.io/v1
207 metadata:
208   name: mongodb-kubernetes-operator-mongodb-webhook-cr
209 rules:
210   - apiGroups:
211       - "admissionregistration.k8s.io"
212     resources:
213       - validatingwebhookconfigurations
214     verbs:
215       - get
216       - create
217       - update
218       - delete
219   - apiGroups:
220       - ""
221     resources:
222       - services
223     verbs:
224       - get
225       - list
226       - watch
227       - create
228       - update
229       - delete
230 ---
231 # Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
232 kind: ClusterRoleBinding
233 apiVersion: rbac.authorization.k8s.io/v1
234 metadata:
235   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding
236 roleRef:
237   apiGroup: rbac.authorization.k8s.io
238   kind: ClusterRole
239   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
240 subjects:
241   - kind: ServiceAccount
242     name: mongodb-kubernetes-operator
243     namespace: mongodb
244 ---
245 # Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
246 # ClusterRoleBinding for clusterVersionDetection
247 kind: ClusterRoleBinding
248 apiVersion: rbac.authorization.k8s.io/v1
249 metadata:
250   name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding
251 roleRef:
252   apiGroup: rbac.authorization.k8s.io
253   kind: ClusterRole
254   name: mongodb-kubernetes-operator-cluster-telemetry
255 subjects:
256   - kind: ServiceAccount
257     name: mongodb-kubernetes-operator
258     namespace: mongodb
259 ---
260 # Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
261 kind: ClusterRoleBinding
262 apiVersion: rbac.authorization.k8s.io/v1
263 metadata:
264   name: mongodb-kubernetes-operator-mongodb-webhook-crb
265 roleRef:
266   apiGroup: rbac.authorization.k8s.io
267   kind: ClusterRole
268   name: mongodb-kubernetes-operator-mongodb-webhook-cr
269 subjects:
270   - kind: ServiceAccount
271     name: mongodb-kubernetes-operator
272     namespace: mongodb
273 ---
274 # Source: mongodb-kubernetes/templates/database-roles.yaml
275 kind: Role
276 apiVersion: rbac.authorization.k8s.io/v1
277 metadata:
278   name: mongodb-kubernetes-appdb
279   namespace: mongodb
280 rules:
281   - apiGroups:
282       - ''
283     resources:
284       - secrets
285     verbs:
286       - get
287   - apiGroups:
288       - ''
289     resources:
290       - pods
291     verbs:
292       - patch
293       - delete
294       - get
295 ---
296 # Source: mongodb-kubernetes/templates/operator-roles-base.yaml
297 kind: Role
298 apiVersion: rbac.authorization.k8s.io/v1
299 metadata:
300   name: mongodb-kubernetes-operator
301   namespace: mongodb
302 rules:
303   - apiGroups:
304       - ''
305     resources:
306       - services
307     verbs:
308       - get
309       - list
310       - watch
311       - create
312       - update
313       - delete
314   - apiGroups:
315       - ''
316     resources:
317       - secrets
318       - configmaps
319     verbs:
320       - get
321       - list
322       - create
323       - update
324       - delete
325       - watch
326   - apiGroups:
327       - apps
328     resources:
329       - statefulsets
330     verbs:
331       - create
332       - get
333       - list
334       - watch
335       - delete
336       - update
337   - apiGroups:
338       - ''
339     resources:
340       - pods
341     verbs:
342       - get
343       - list
344       - watch
345       - delete
346       - deletecollection
347   - apiGroups:
348       - mongodbcommunity.mongodb.com
349     resources:
350       - mongodbcommunity
351       - mongodbcommunity/status
352       - mongodbcommunity/spec
353       - mongodbcommunity/finalizers
354     verbs:
355       - '*'
356   - apiGroups:
357       - mongodb.com
358     verbs:
359       - '*'
360     resources:
361       - mongodb
362       - mongodb/finalizers
363       - mongodbusers
364       - mongodbusers/finalizers
365       - opsmanagers
366       - opsmanagers/finalizers
367       - mongodbmulticluster
368       - mongodbmulticluster/finalizers
369       - mongodbsearch
370       - mongodbsearch/finalizers
371       - mongodb/status
372       - mongodbusers/status
373       - opsmanagers/status
374       - mongodbmulticluster/status
375       - mongodbsearch/status
376 ---
377 # Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
378 kind: Role
379 apiVersion: rbac.authorization.k8s.io/v1
380 metadata:
381   name: mongodb-kubernetes-operator-pvc-resize
382   namespace: mongodb
383 rules:
384   - apiGroups:
385       - ''
386     resources:
387       - persistentvolumeclaims
388     verbs:
389       - get
390       - delete
391       - list
392       - watch
393       - patch
394       - update
395 ---
396 # Source: mongodb-kubernetes/templates/database-roles.yaml
397 kind: RoleBinding
398 apiVersion: rbac.authorization.k8s.io/v1
399 metadata:
400   name: mongodb-kubernetes-appdb
401   namespace: mongodb
402 roleRef:
403   apiGroup: rbac.authorization.k8s.io
404   kind: Role
405   name: mongodb-kubernetes-appdb
406 subjects:
407   - kind: ServiceAccount
408     name: mongodb-kubernetes-appdb
409     namespace: mongodb
410 ---
411 # Source: mongodb-kubernetes/templates/operator-roles-base.yaml
412 kind: RoleBinding
413 apiVersion: rbac.authorization.k8s.io/v1
414 metadata:
415   name: mongodb-kubernetes-operator
416   namespace: mongodb
417 roleRef:
418   apiGroup: rbac.authorization.k8s.io
419   kind: Role
420   name: mongodb-kubernetes-operator
421 subjects:
422   - kind: ServiceAccount
423     name: mongodb-kubernetes-operator
424     namespace: mongodb
425 ---
426 # Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
427 kind: RoleBinding
428 apiVersion: rbac.authorization.k8s.io/v1
429 metadata:
430   name: mongodb-kubernetes-operator-pvc-resize-binding
431   namespace: mongodb
432 roleRef:
433   apiGroup: rbac.authorization.k8s.io
434   kind: Role
435   name: mongodb-kubernetes-operator-pvc-resize
436 subjects:
437   - kind: ServiceAccount
438     name: mongodb-kubernetes-operator
439     namespace: mongodb
440 ---
441 # Source: mongodb-kubernetes/templates/operator.yaml
442 apiVersion: apps/v1
443 kind: Deployment
444 metadata:
445   name: mongodb-kubernetes-operator
446   namespace: mongodb
447 spec:
448   replicas: 1
449   selector:
450     matchLabels:
451       app.kubernetes.io/component: controller
452       app.kubernetes.io/name: mongodb-kubernetes-operator
453       app.kubernetes.io/instance: mongodb-kubernetes-operator
454   template:
455     metadata:
456       labels:
457         app.kubernetes.io/component: controller
458         app.kubernetes.io/name: mongodb-kubernetes-operator
459         app.kubernetes.io/instance: mongodb-kubernetes-operator
460     spec:
461       serviceAccountName: mongodb-kubernetes-operator
462       securityContext:
463         runAsNonRoot: true
464         runAsUser: 2000
465       containers:
466         - name: mongodb-kubernetes-operator
467           image: "quay.io/mongodb/mongodb-kubernetes:1.5.0"
468           imagePullPolicy: Always
469           args:
470             - -watch-resource=mongodb
471             - -watch-resource=opsmanagers
472             - -watch-resource=mongodbusers
473             - -watch-resource=mongodbcommunity
474             - -watch-resource=mongodbsearch
475             - -watch-resource=clustermongodbroles
476           command:
477             - /usr/local/bin/mongodb-kubernetes-operator
478           resources:
479             limits:
480               cpu: 1100m
481               memory: 1Gi
482             requests:
483               cpu: 500m
484               memory: 200Mi
485           env:
486             - name: OPERATOR_ENV
487               value: prod
488             - name: MDB_DEFAULT_ARCHITECTURE
489               value: non-static
490             - name: NAMESPACE
491               valueFrom:
492                 fieldRef:
493                   fieldPath: metadata.namespace
494             - name: WATCH_NAMESPACE
495               valueFrom:
496                 fieldRef:
497                   fieldPath: metadata.namespace
498             - name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY
499               value: "1h"
500             - name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY
501               value: "168h"
502             - name: CLUSTER_CLIENT_TIMEOUT
503               value: "10"
504             - name: IMAGE_PULL_POLICY
505               value: Always
506             # Database
507             - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
508               value: quay.io/mongodb/mongodb-kubernetes-database
509             - name: INIT_DATABASE_IMAGE_REPOSITORY
510               value: quay.io/mongodb/mongodb-kubernetes-init-database
511             - name: INIT_DATABASE_VERSION
512               value: 1.5.0
513             - name: DATABASE_VERSION
514               value: 1.5.0
515             # Ops Manager
516             - name: OPS_MANAGER_IMAGE_REPOSITORY
517               value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
518             - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
519               value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager
520             - name: INIT_OPS_MANAGER_VERSION
521               value: 1.5.0
522             # AppDB
523             - name: INIT_APPDB_IMAGE_REPOSITORY
524               value: quay.io/mongodb/mongodb-kubernetes-init-appdb
525             - name: INIT_APPDB_VERSION
526               value: 1.5.0
527             - name: OPS_MANAGER_IMAGE_PULL_POLICY
528               value: Always
529             - name: AGENT_IMAGE
530               value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1"
531             - name: MDB_AGENT_IMAGE_REPOSITORY
532               value: "quay.io/mongodb/mongodb-agent"
533             - name: MONGODB_IMAGE
534               value: mongodb-enterprise-server
535             - name: MONGODB_REPO_URL
536               value: quay.io/mongodb
537             - name: MDB_IMAGE_TYPE
538               value: ubi8
539             - name: PERFORM_FAILOVER
540               value: 'true'
541             - name: MDB_MAX_CONCURRENT_RECONCILES
542               value: "1"
543             - name: POD_NAME
544               valueFrom:
545                 fieldRef:
546                   fieldPath: metadata.name
547             - name: OPERATOR_NAME
548               value: mongodb-kubernetes-operator
549             # Community Env Vars Start
550             - name: MDB_COMMUNITY_AGENT_IMAGE
551               value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1"
552             - name: VERSION_UPGRADE_HOOK_IMAGE
553               value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.10"
554             - name: READINESS_PROBE_IMAGE
555               value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.23"
556             - name: MDB_COMMUNITY_IMAGE
557               value: "mongodb-community-server"
558             - name: MDB_COMMUNITY_REPO_URL
559               value: "quay.io/mongodb"
560             - name: MDB_COMMUNITY_IMAGE_TYPE
561               value: "ubi8"
562             # Community Env Vars End
563             - name: MDB_SEARCH_REPO_URL
564               value: "quay.io/mongodb"
565             - name: MDB_SEARCH_NAME
566               value: "mongodb-search"
567             - name: MDB_SEARCH_VERSION
568               value: "0.53.1"

必需。创建并加载MongoDB用户密钥。

MongoDB需要身份验证才能安全访问权限。在此步骤中，您将创建三个Kubernetes密钥：

mdb-admin-user-password： MongoDB管理员的档案。
mdb-user-password：授权执行搜索查询的用户的档案。
mdbc-rs-search-sync-source-password：专用搜索用户的档案，由 mongot进程在内部用于同步数据和管理索引。

Kubernetes 操作符使用这些密钥中的密码在 MongoDB 数据库中自动创建用户。

要创建密钥，请复制、粘贴并运行以下命令：

1 kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
2   create secret generic mdb-admin-user-password \
3   --from-literal=password="${MDB_ADMIN_USER_PASSWORD}"
4 
5 kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
6   create secret generic mdbc-rs-search-sync-source-password \
7   --from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}"
8 
9 kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
10   create secret generic mdb-user-password \
11   --from-literal=password="${MDB_USER_PASSWORD}"

1 secret/mdb-admin-user-password created
2 secret/mdbc-rs-search-sync-source-password created
3 secret/mdb-user-password created

有条件。创建和部署MongoDB Community资源。

如果您已经部署了MongoDB Community Edition，请跳过此步骤。否则，部署MongoDB Community Edition。

要部署MongoDB Community Edition，请完成以下步骤：

创建名为 mdb-rs 的 MongoDBCommunity 自定义资源。

该资源定义了 mongod 和 mongodb-agent 容器的 CPU 和内存资源，并设置了以下三个用户：

`mdb-user`	可以恢复数据库和运行搜索查询的用户。该用户使用 `mdb-user-password` 密钥来执行这些操作。
`search-sync-source`	MongoDB 搜索用于连接到 MongoDB 数据库以管理和构建索引的用户。此用户使用Kubernetes 操作符创建的 `searchCoordinator`角色。这会使用 `mdbc-rs-search-sync-source-password` 密钥将 `mongot` 连接到 `mongod`。
`admin-user`	数据库管理员用户。

Kubernetes 操作符使用此资源配置具有 3 个成员的 MongoDB 副本集。

要创建密钥，请复制、粘贴并运行以下命令：

1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2 apiVersion: mongodbcommunity.mongodb.com/v1
3 kind: MongoDBCommunity
4 metadata:
5   name: mdbc-rs
6 spec:
7   version: ${MDB_VERSION}
8   type: ReplicaSet
9   members: 3
10   security:
11     authentication:
12       ignoreUnknownUsers: true
13       modes:
14         - SCRAM
15   agent:
16     logLevel: DEBUG
17   statefulSet:
18     spec:
19       template:
20         spec:
21           containers:
22             - name: mongod
23               resources:
24                 limits:
25                   cpu: "2"
26                   memory: 2Gi
27                 requests:
28                   cpu: "1"
29                   memory: 1Gi
30             - name: mongodb-agent
31               resources:
32                 limits:
33                   cpu: "1"
34                   memory: 2Gi
35                 requests:
36                   cpu: "0.5"
37                   memory: 1Gi
38   users:
39     # admin user with root role
40     - name: mdb-admin
41       db: admin
42       # a reference to the secret containing user password
43       passwordSecretRef:
44         name: mdb-admin-user-password
45       scramCredentialsSecretName: mdb-admin-user
46       roles:
47         - name: root
48           db: admin
49     # user performing search queries
50     - name: mdb-user
51       db: admin
52       # a reference to the secret containing user password
53       passwordSecretRef:
54         name: mdb-user-password
55       scramCredentialsSecretName: mdb-user-scram
56       roles:
57         - name: restore
58           db: sample_mflix
59         - name: readWrite
60           db: sample_mflix
61     # user used by MongoDB Search to connect to MongoDB database to
62     # synchronize data from.
63     # For MongoDB <8.2, the operator will be creating the
64     # searchCoordinator custom role automatically.
65     # From MongoDB 8.2, searchCoordinator role will be a
66     # built-in role.
67     - name: search-sync-source
68       db: admin
69       # a reference to the secret that will be used to generate the user's password
70       passwordSecretRef:
71         name: mdbc-rs-search-sync-source-password
72       scramCredentialsSecretName: mdbc-rs-search-sync-source
73       roles:
74         - name: searchCoordinator
75           db: admin
76 EOF

等待 MongoDBCommunity资源部署完成。

当您应用MongoDBCommunity 自定义资源时， Kubernetes 操作符开始部署MongoDB节点 (Pod)。此步骤会暂停执行，直到 mdbc-rs 资源的状态阶段为 Running，这表示MongoDB Community副本集可操作。

1 echo "Waiting for MongoDBCommunity resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3   --for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s
4 echo; echo "MongoDBCommunity resource"
5 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
6 echo; echo "Pods running in cluster ${K8S_CTX}"
7 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1 Waiting for MongoDBCommunity resource to reach Running phase...
2 mongodbcommunity.mongodbcommunity.mongodb.com/mdbc-rs condition met
3 
4 MongoDBCommunity resource
5 NAME      PHASE     VERSION
6 mdbc-rs   Running   8.0.10
7 
8 Pods running in cluster minikube
9 NAME                                           READY   STATUS    RESTARTS   AGE
10 mdbc-rs-0                                      2/2     Running   0          2m30s
11 mdbc-rs-1                                      2/2     Running   0          82s
12 mdbc-rs-2                                      2/2     Running   0          38s
13 mongodb-kubernetes-operator-5776c8b4df-cppnf   1/1     Running   0          7m37s

必需。为MongoDB Search 和 Vector Search 创建并部署资源。

您可以部署一个搜索节点实例，而无需任何负载均衡。要部署，请完成以下步骤：

创建名为 mdbc-rs 的 MongoDBSearch 自定义资源。

此资源指定搜索节点的 CPU 和内存资源要求。要学习；了解有关此自定义资源中设置的更多信息，请参阅 MongoDB搜索和向量搜索设置。

1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2 apiVersion: mongodb.com/v1
3 kind: MongoDBSearch
4 metadata:
5   name: mdbc-rs
6 spec:
7   resourceRequirements:
8     limits:
9       cpu: "3"
10       memory: 5Gi
11     requests:
12       cpu: "2"
13       memory: 3Gi
14 EOF

等待 MongoDBSearch资源部署完成。
当您应用MongoDBSearch 自定义资源时， Kubernetes 操作符开始部署搜索节点 (pod)。此步骤会暂停执行，直到 mdbc-rs MongoDBSearch 资源的状态阶段为 Running，这表示MongoDB搜索可运行。
```
1 echo "Waiting for MongoDBSearch resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3   --for=jsonpath='{.status.phase}'=Running mdbs/mdbc-rs --timeout=300s
```

可选。验证MongoDB Community资源状态。

确保使用 MongoDBSearch成功部署MongoDBCommunity资源。

1 echo "Waiting for MongoDBCommunity resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3   --for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s

可选。查看命名空间中所有运行的Pod。

查看MongoDB副本集成员、 Kubernetes Operator 的MongoDB控制器以及搜索节点的命名空间Pod 中运行的所有 Pod。

1 echo; echo "MongoDBCommunity resource"
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
3 echo; echo "MongoDBSearch resource"
4 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbs/mdbc-rs
5 echo; echo "Pods running in cluster ${K8S_CTX}"
6 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1 MongoDBCommunity resource
2 NAME      PHASE     VERSION
3 mdbc-rs   Running   8.2.0
4 
5 MongoDBSearch resource
6 NAME      PHASE     AGE
7 mdbc-rs   Running   5m11s
8 
9 Pods running in cluster kind-kind
10 NAME                                           READY   STATUS    RESTARTS       AGE
11 mdbc-rs-0                                      2/2     Running   1 (28s ago)    7m42s
12 mdbc-rs-1                                      2/2     Running   1 (3m2s ago)   6m32s
13 mdbc-rs-2                                      2/2     Running   1 (105s ago)   5m45s
14 mdbc-rs-search-0                               1/1     Running   0              5m11s
15 mongodb-kubernetes-operator-57c6f46b47-6kthd   1/1     Running   0              7m46s

后续步骤

现在您已成功部署MongoDB 搜索和向量搜索以便与MongoDB Community Edition一起使用，接下来将数据添加到您的MongoDB 集群，创建MongoDB 搜索和向量搜索搜索索引，并根据您的数据运行查询。要学习；了解更多信息，请参阅使用MongoDB Search 和 Vector Search。

1	# set it to the context name of the k8s cluster
2	export K8S_CTX="<local cluster context>"
3
4	# the following namespace will be created if not exists
5	export MDB_NS="mongodb"
6
7	# minimum required MongoDB version for running MongoDB Search is 8.2.0
8	export MDB_VERSION="8.2.0"
9
10	# root admin user for convenience, not used here at all in this guide
11	export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
12	# regular user performing restore and search queries on sample mflix database
13	export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
14	# user for MongoDB Search to connect to the replica set to synchronise data from
15	export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
16
17	export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
18	# comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator
19	export OPERATOR_ADDITIONAL_HELM_VALUES=""
20
21	export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@mdbc-rs-0.mdbc-rs-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=mdbc-rs"

1	helm repo add mongodb https://mongodb.github.io/helm-charts
2	helm repo update mongodb
3	helm search repo mongodb/mongodb-kubernetes

1	"mongodb" has been added to your repositories
2	Hang tight while we grab the latest from your chart repositories...
3	...Successfully got an update from the "mongodb" chart repository
4	Update Complete. ⎈Happy Helming!⎈
5	NAME CHART VERSION APP VERSION DESCRIPTION
6	mongodb/mongodb-kubernetes 1.5.0 MongoDB Controllers for Kubernetes translate th...

1	helm upgrade --install --debug --kube-context "${K8S_CTX}" \
2	--create-namespace \
3	--namespace="${MDB_NS}" \
4	mongodb-kubernetes \
5	${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
6	"${OPERATOR_HELM_CHART}"

1	Release "mongodb-kubernetes" does not exist. Installing it now.
2	NAME: mongodb-kubernetes
3	LAST DEPLOYED: Wed Oct 15 09:35:29 2025
4	NAMESPACE: mongodb
5	STATUS: deployed
6	REVISION: 1
7	TEST SUITE: None
8	USER-SUPPLIED VALUES:
9	{}
10
11	COMPUTED VALUES:
12	agent:
13	name: mongodb-agent
14	version: 108.0.12.8846-1
15	community:
16	agent:
17	name: mongodb-agent
18	version: 108.0.2.8729-1
19	mongodb:
20	imageType: ubi8
21	name: mongodb-community-server
22	repo: quay.io/mongodb
23	registry:
24	agent: quay.io/mongodb
25	resource:
26	members: 3
27	name: mongodb-replica-set
28	tls:
29	caCertificateSecretRef: tls-ca-key-pair
30	certManager:
31	certDuration: 8760h
32	renewCertBefore: 720h
33	certificateKeySecretRef: tls-certificate
34	enabled: false
35	sampleX509User: false
36	useCertManager: true
37	useX509: false
38	version: 4.4.0
39	database:
40	name: mongodb-kubernetes-database
41	version: 1.5.0
42	initAppDb:
43	name: mongodb-kubernetes-init-appdb
44	version: 1.5.0
45	initDatabase:
46	name: mongodb-kubernetes-init-database
47	version: 1.5.0
48	initOpsManager:
49	name: mongodb-kubernetes-init-ops-manager
50	version: 1.5.0
51	managedSecurityContext: false
52	mongodb:
53	appdbAssumeOldFormat: false
54	imageType: ubi8
55	name: mongodb-enterprise-server
56	repo: quay.io/mongodb
57	multiCluster:
58	clusterClientTimeout: 10
59	clusters: []
60	kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
61	performFailOver: true
62	operator:
63	additionalArguments: []
64	affinity: {}
65	baseName: mongodb-kubernetes
66	createOperatorServiceAccount: true
67	createResourcesServiceAccountsAndRoles: true
68	deployment_name: mongodb-kubernetes-operator
69	enableClusterMongoDBRoles: true
70	enablePVCResize: true
71	env: prod
72	maxConcurrentReconciles: 1
73	mdbDefaultArchitecture: non-static
74	name: mongodb-kubernetes-operator
75	nodeSelector: {}
76	operator_image_name: mongodb-kubernetes
77	replicas: 1
78	resources:
79	limits:
80	cpu: 1100m
81	memory: 1Gi
82	requests:
83	cpu: 500m
84	memory: 200Mi
85	telemetry:
86	collection:
87	clusters: {}
88	deployments: {}
89	frequency: 1h
90	operators: {}
91	send:
92	frequency: 168h
93	tolerations: []
94	vaultSecretBackend:
95	enabled: false
96	tlsSecretRef: ""
97	version: 1.5.0
98	watchedResources:
99	- mongodb
100	- opsmanagers
101	- mongodbusers
102	- mongodbcommunity
103	- mongodbsearch
104	webhook:
105	installClusterRole: true
106	registerConfiguration: true
107	opsManager:
108	name: mongodb-enterprise-ops-manager-ubi
109	readinessProbe:
110	name: mongodb-kubernetes-readinessprobe
111	version: 1.0.23
112	registry:
113	agent: quay.io/mongodb
114	database: quay.io/mongodb
115	imagePullSecrets: null
116	initAppDb: quay.io/mongodb
117	initDatabase: quay.io/mongodb
118	initOpsManager: quay.io/mongodb
119	operator: quay.io/mongodb
120	opsManager: quay.io/mongodb
121	pullPolicy: Always
122	readinessProbe: quay.io/mongodb
123	versionUpgradeHook: quay.io/mongodb
124	search:
125	name: mongodb-search
126	repo: quay.io/mongodb
127	version: 0.53.1
128	versionUpgradeHook:
129	name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
130	version: 1.0.10
131
132	HOOKS:
133	MANIFEST:
134	---
135	# Source: mongodb-kubernetes/templates/database-roles.yaml
136	apiVersion: v1
137	kind: ServiceAccount
138	metadata:
139	name: mongodb-kubernetes-appdb
140	namespace: mongodb
141	---
142	# Source: mongodb-kubernetes/templates/database-roles.yaml
143	apiVersion: v1
144	kind: ServiceAccount
145	metadata:
146	name: mongodb-kubernetes-database-pods
147	namespace: mongodb
148	---
149	# Source: mongodb-kubernetes/templates/database-roles.yaml
150	apiVersion: v1
151	kind: ServiceAccount
152	metadata:
153	name: mongodb-kubernetes-ops-manager
154	namespace: mongodb
155	---
156	# Source: mongodb-kubernetes/templates/operator-sa.yaml
157	apiVersion: v1
158	kind: ServiceAccount
159	metadata:
160	name: mongodb-kubernetes-operator
161	namespace: mongodb
162	---
163	# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
164	kind: ClusterRole
165	apiVersion: rbac.authorization.k8s.io/v1
166	metadata:
167	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
168	rules:
169	- apiGroups:
170	- mongodb.com
171	verbs:
172	- '*'
173	resources:
174	- clustermongodbroles
175	---
176	# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
177	# Additional ClusterRole for clusterVersionDetection
178	kind: ClusterRole
179	apiVersion: rbac.authorization.k8s.io/v1
180	metadata:
181	name: mongodb-kubernetes-operator-cluster-telemetry
182	rules:
183	# Non-resource URL permissions
184	- nonResourceURLs:
185	- "/version"
186	verbs:
187	- get
188	# Cluster-scoped resource permissions
189	- apiGroups:
190	- ''
191	resources:
192	- namespaces
193	resourceNames:
194	- kube-system
195	verbs:
196	- get
197	- apiGroups:
198	- ''
199	resources:
200	- nodes
201	verbs:
202	- list
203	---
204	# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
205	kind: ClusterRole
206	apiVersion: rbac.authorization.k8s.io/v1
207	metadata:
208	name: mongodb-kubernetes-operator-mongodb-webhook-cr
209	rules:
210	- apiGroups:
211	- "admissionregistration.k8s.io"
212	resources:
213	- validatingwebhookconfigurations
214	verbs:
215	- get
216	- create
217	- update
218	- delete
219	- apiGroups:
220	- ""
221	resources:
222	- services
223	verbs:
224	- get
225	- list
226	- watch
227	- create
228	- update
229	- delete
230	---
231	# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
232	kind: ClusterRoleBinding
233	apiVersion: rbac.authorization.k8s.io/v1
234	metadata:
235	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding
236	roleRef:
237	apiGroup: rbac.authorization.k8s.io
238	kind: ClusterRole
239	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
240	subjects:
241	- kind: ServiceAccount
242	name: mongodb-kubernetes-operator
243	namespace: mongodb
244	---
245	# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
246	# ClusterRoleBinding for clusterVersionDetection
247	kind: ClusterRoleBinding
248	apiVersion: rbac.authorization.k8s.io/v1
249	metadata:
250	name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding
251	roleRef:
252	apiGroup: rbac.authorization.k8s.io
253	kind: ClusterRole
254	name: mongodb-kubernetes-operator-cluster-telemetry
255	subjects:
256	- kind: ServiceAccount
257	name: mongodb-kubernetes-operator
258	namespace: mongodb
259	---
260	# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
261	kind: ClusterRoleBinding
262	apiVersion: rbac.authorization.k8s.io/v1
263	metadata:
264	name: mongodb-kubernetes-operator-mongodb-webhook-crb
265	roleRef:
266	apiGroup: rbac.authorization.k8s.io
267	kind: ClusterRole
268	name: mongodb-kubernetes-operator-mongodb-webhook-cr
269	subjects:
270	- kind: ServiceAccount
271	name: mongodb-kubernetes-operator
272	namespace: mongodb
273	---
274	# Source: mongodb-kubernetes/templates/database-roles.yaml
275	kind: Role
276	apiVersion: rbac.authorization.k8s.io/v1
277	metadata:
278	name: mongodb-kubernetes-appdb
279	namespace: mongodb
280	rules:
281	- apiGroups:
282	- ''
283	resources:
284	- secrets
285	verbs:
286	- get
287	- apiGroups:
288	- ''
289	resources:
290	- pods
291	verbs:
292	- patch
293	- delete
294	- get
295	---
296	# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
297	kind: Role
298	apiVersion: rbac.authorization.k8s.io/v1
299	metadata:
300	name: mongodb-kubernetes-operator
301	namespace: mongodb
302	rules:
303	- apiGroups:
304	- ''
305	resources:
306	- services
307	verbs:
308	- get
309	- list
310	- watch
311	- create
312	- update
313	- delete
314	- apiGroups:
315	- ''
316	resources:
317	- secrets
318	- configmaps
319	verbs:
320	- get
321	- list
322	- create
323	- update
324	- delete
325	- watch
326	- apiGroups:
327	- apps
328	resources:
329	- statefulsets
330	verbs:
331	- create
332	- get
333	- list
334	- watch
335	- delete
336	- update
337	- apiGroups:
338	- ''
339	resources:
340	- pods
341	verbs:
342	- get
343	- list
344	- watch
345	- delete
346	- deletecollection
347	- apiGroups:
348	- mongodbcommunity.mongodb.com
349	resources:
350	- mongodbcommunity
351	- mongodbcommunity/status
352	- mongodbcommunity/spec
353	- mongodbcommunity/finalizers
354	verbs:
355	- '*'
356	- apiGroups:
357	- mongodb.com
358	verbs:
359	- '*'
360	resources:
361	- mongodb
362	- mongodb/finalizers
363	- mongodbusers
364	- mongodbusers/finalizers
365	- opsmanagers
366	- opsmanagers/finalizers
367	- mongodbmulticluster
368	- mongodbmulticluster/finalizers
369	- mongodbsearch
370	- mongodbsearch/finalizers
371	- mongodb/status
372	- mongodbusers/status
373	- opsmanagers/status
374	- mongodbmulticluster/status
375	- mongodbsearch/status
376	---
377	# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
378	kind: Role
379	apiVersion: rbac.authorization.k8s.io/v1
380	metadata:
381	name: mongodb-kubernetes-operator-pvc-resize
382	namespace: mongodb
383	rules:
384	- apiGroups:
385	- ''
386	resources:
387	- persistentvolumeclaims
388	verbs:
389	- get
390	- delete
391	- list
392	- watch
393	- patch
394	- update
395	---
396	# Source: mongodb-kubernetes/templates/database-roles.yaml
397	kind: RoleBinding
398	apiVersion: rbac.authorization.k8s.io/v1
399	metadata:
400	name: mongodb-kubernetes-appdb
401	namespace: mongodb
402	roleRef:
403	apiGroup: rbac.authorization.k8s.io
404	kind: Role
405	name: mongodb-kubernetes-appdb
406	subjects:
407	- kind: ServiceAccount
408	name: mongodb-kubernetes-appdb
409	namespace: mongodb
410	---
411	# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
412	kind: RoleBinding
413	apiVersion: rbac.authorization.k8s.io/v1
414	metadata:
415	name: mongodb-kubernetes-operator
416	namespace: mongodb
417	roleRef:
418	apiGroup: rbac.authorization.k8s.io
419	kind: Role
420	name: mongodb-kubernetes-operator
421	subjects:
422	- kind: ServiceAccount
423	name: mongodb-kubernetes-operator
424	namespace: mongodb
425	---
426	# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
427	kind: RoleBinding
428	apiVersion: rbac.authorization.k8s.io/v1
429	metadata:
430	name: mongodb-kubernetes-operator-pvc-resize-binding
431	namespace: mongodb
432	roleRef:
433	apiGroup: rbac.authorization.k8s.io
434	kind: Role
435	name: mongodb-kubernetes-operator-pvc-resize
436	subjects:
437	- kind: ServiceAccount
438	name: mongodb-kubernetes-operator
439	namespace: mongodb
440	---
441	# Source: mongodb-kubernetes/templates/operator.yaml
442	apiVersion: apps/v1
443	kind: Deployment
444	metadata:
445	name: mongodb-kubernetes-operator
446	namespace: mongodb
447	spec:
448	replicas: 1
449	selector:
450	matchLabels:
451	app.kubernetes.io/component: controller
452	app.kubernetes.io/name: mongodb-kubernetes-operator
453	app.kubernetes.io/instance: mongodb-kubernetes-operator
454	template:
455	metadata:
456	labels:
457	app.kubernetes.io/component: controller
458	app.kubernetes.io/name: mongodb-kubernetes-operator
459	app.kubernetes.io/instance: mongodb-kubernetes-operator
460	spec:
461	serviceAccountName: mongodb-kubernetes-operator
462	securityContext:
463	runAsNonRoot: true
464	runAsUser: 2000
465	containers:
466	- name: mongodb-kubernetes-operator
467	image: "quay.io/mongodb/mongodb-kubernetes:1.5.0"
468	imagePullPolicy: Always
469	args:
470	- -watch-resource=mongodb
471	- -watch-resource=opsmanagers
472	- -watch-resource=mongodbusers
473	- -watch-resource=mongodbcommunity
474	- -watch-resource=mongodbsearch
475	- -watch-resource=clustermongodbroles
476	command:
477	- /usr/local/bin/mongodb-kubernetes-operator
478	resources:
479	limits:
480	cpu: 1100m
481	memory: 1Gi
482	requests:
483	cpu: 500m
484	memory: 200Mi
485	env:
486	- name: OPERATOR_ENV
487	value: prod
488	- name: MDB_DEFAULT_ARCHITECTURE
489	value: non-static
490	- name: NAMESPACE
491	valueFrom:
492	fieldRef:
493	fieldPath: metadata.namespace
494	- name: WATCH_NAMESPACE
495	valueFrom:
496	fieldRef:
497	fieldPath: metadata.namespace
498	- name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY
499	value: "1h"
500	- name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY
501	value: "168h"
502	- name: CLUSTER_CLIENT_TIMEOUT
503	value: "10"
504	- name: IMAGE_PULL_POLICY
505	value: Always
506	# Database
507	- name: MONGODB_ENTERPRISE_DATABASE_IMAGE
508	value: quay.io/mongodb/mongodb-kubernetes-database
509	- name: INIT_DATABASE_IMAGE_REPOSITORY
510	value: quay.io/mongodb/mongodb-kubernetes-init-database
511	- name: INIT_DATABASE_VERSION
512	value: 1.5.0
513	- name: DATABASE_VERSION
514	value: 1.5.0
515	# Ops Manager
516	- name: OPS_MANAGER_IMAGE_REPOSITORY
517	value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
518	- name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
519	value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager
520	- name: INIT_OPS_MANAGER_VERSION
521	value: 1.5.0
522	# AppDB
523	- name: INIT_APPDB_IMAGE_REPOSITORY
524	value: quay.io/mongodb/mongodb-kubernetes-init-appdb
525	- name: INIT_APPDB_VERSION
526	value: 1.5.0
527	- name: OPS_MANAGER_IMAGE_PULL_POLICY
528	value: Always
529	- name: AGENT_IMAGE
530	value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1"
531	- name: MDB_AGENT_IMAGE_REPOSITORY
532	value: "quay.io/mongodb/mongodb-agent"
533	- name: MONGODB_IMAGE
534	value: mongodb-enterprise-server
535	- name: MONGODB_REPO_URL
536	value: quay.io/mongodb
537	- name: MDB_IMAGE_TYPE
538	value: ubi8
539	- name: PERFORM_FAILOVER
540	value: 'true'
541	- name: MDB_MAX_CONCURRENT_RECONCILES
542	value: "1"
543	- name: POD_NAME
544	valueFrom:
545	fieldRef:
546	fieldPath: metadata.name
547	- name: OPERATOR_NAME
548	value: mongodb-kubernetes-operator
549	# Community Env Vars Start
550	- name: MDB_COMMUNITY_AGENT_IMAGE
551	value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1"
552	- name: VERSION_UPGRADE_HOOK_IMAGE
553	value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.10"
554	- name: READINESS_PROBE_IMAGE
555	value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.23"
556	- name: MDB_COMMUNITY_IMAGE
557	value: "mongodb-community-server"
558	- name: MDB_COMMUNITY_REPO_URL
559	value: "quay.io/mongodb"
560	- name: MDB_COMMUNITY_IMAGE_TYPE
561	value: "ubi8"
562	# Community Env Vars End
563	- name: MDB_SEARCH_REPO_URL
564	value: "quay.io/mongodb"
565	- name: MDB_SEARCH_NAME
566	value: "mongodb-search"
567	- name: MDB_SEARCH_VERSION
568	value: "0.53.1"

1	kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
2	create secret generic mdb-admin-user-password \
3	--from-literal=password="${MDB_ADMIN_USER_PASSWORD}"
4
5	kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
6	create secret generic mdbc-rs-search-sync-source-password \
7	--from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}"
8
9	kubectl --context "${K8S_CTX}" --namespace "${MDB_NS}" \
10	create secret generic mdb-user-password \
11	--from-literal=password="${MDB_USER_PASSWORD}"

1	secret/mdb-admin-user-password created
2	secret/mdbc-rs-search-sync-source-password created
3	secret/mdb-user-password created

1	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2	apiVersion: mongodbcommunity.mongodb.com/v1
3	kind: MongoDBCommunity
4	metadata:
5	name: mdbc-rs
6	spec:
7	version: ${MDB_VERSION}
8	type: ReplicaSet
9	members: 3
10	security:
11	authentication:
12	ignoreUnknownUsers: true
13	modes:
14	- SCRAM
15	agent:
16	logLevel: DEBUG
17	statefulSet:
18	spec:
19	template:
20	spec:
21	containers:
22	- name: mongod
23	resources:
24	limits:
25	cpu: "2"
26	memory: 2Gi
27	requests:
28	cpu: "1"
29	memory: 1Gi
30	- name: mongodb-agent
31	resources:
32	limits:
33	cpu: "1"
34	memory: 2Gi
35	requests:
36	cpu: "0.5"
37	memory: 1Gi
38	users:
39	# admin user with root role
40	- name: mdb-admin
41	db: admin
42	# a reference to the secret containing user password
43	passwordSecretRef:
44	name: mdb-admin-user-password
45	scramCredentialsSecretName: mdb-admin-user
46	roles:
47	- name: root
48	db: admin
49	# user performing search queries
50	- name: mdb-user
51	db: admin
52	# a reference to the secret containing user password
53	passwordSecretRef:
54	name: mdb-user-password
55	scramCredentialsSecretName: mdb-user-scram
56	roles:
57	- name: restore
58	db: sample_mflix
59	- name: readWrite
60	db: sample_mflix
61	# user used by MongoDB Search to connect to MongoDB database to
62	# synchronize data from.
63	# For MongoDB <8.2, the operator will be creating the
64	# searchCoordinator custom role automatically.
65	# From MongoDB 8.2, searchCoordinator role will be a
66	# built-in role.
67	- name: search-sync-source
68	db: admin
69	# a reference to the secret that will be used to generate the user's password
70	passwordSecretRef:
71	name: mdbc-rs-search-sync-source-password
72	scramCredentialsSecretName: mdbc-rs-search-sync-source
73	roles:
74	- name: searchCoordinator
75	db: admin
76	EOF

1	echo "Waiting for MongoDBCommunity resource to reach Running phase..."
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3	--for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s
4	echo; echo "MongoDBCommunity resource"
5	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
6	echo; echo "Pods running in cluster ${K8S_CTX}"
7	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1	Waiting for MongoDBCommunity resource to reach Running phase...
2	mongodbcommunity.mongodbcommunity.mongodb.com/mdbc-rs condition met
3
4	MongoDBCommunity resource
5	NAME PHASE VERSION
6	mdbc-rs Running 8.0.10
7
8	Pods running in cluster minikube
9	NAME READY STATUS RESTARTS AGE
10	mdbc-rs-0 2/2 Running 0 2m30s
11	mdbc-rs-1 2/2 Running 0 82s
12	mdbc-rs-2 2/2 Running 0 38s
13	mongodb-kubernetes-operator-5776c8b4df-cppnf 1/1 Running 0 7m37s

1	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2	apiVersion: mongodb.com/v1
3	kind: MongoDBSearch
4	metadata:
5	name: mdbc-rs
6	spec:
7	resourceRequirements:
8	limits:
9	cpu: "3"
10	memory: 5Gi
11	requests:
12	cpu: "2"
13	memory: 3Gi
14	EOF

1	echo "Waiting for MongoDBSearch resource to reach Running phase..."
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3	--for=jsonpath='{.status.phase}'=Running mdbs/mdbc-rs --timeout=300s

1	echo; echo "MongoDBCommunity resource"
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
3	echo; echo "MongoDBSearch resource"
4	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbs/mdbc-rs
5	echo; echo "Pods running in cluster ${K8S_CTX}"
6	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1	MongoDBCommunity resource
2	NAME PHASE VERSION
3	mdbc-rs Running 8.2.0
4
5	MongoDBSearch resource
6	NAME PHASE AGE
7	mdbc-rs Running 5m11s
8
9	Pods running in cluster kind-kind
10	NAME READY STATUS RESTARTS AGE
11	mdbc-rs-0 2/2 Running 1 (28s ago) 7m42s
12	mdbc-rs-1 2/2 Running 1 (3m2s ago) 6m32s
13	mdbc-rs-2 2/2 Running 1 (105s ago) 5m45s
14	mdbc-rs-search-0 1/1 Running 0 5m11s
15	mongodb-kubernetes-operator-57c6f46b47-6kthd 1/1 Running 0 7m46s