サービス メッシュなしでMongoDB Enterprise Kubernetes演算子を配置
複数のKubernetesクラスターにMongoDBリソースの複数のインスタンスを配置するには、まずKubernetes Operator をKubernetesクラスターの 1 つに配置する必要があります。 Kubernetes Operator がオペレーターのKubernetesクラスターに配置されると、オペレーターのKubernetesクラスターにアップデートを適用することで、すべてのKubernetesクラスターにわたってMongoDBリソースを作成および管理できるようになります。
前提条件
次の手順を開始する前に、次のアクションを実行してください。
kubectlをインストールします。GKE クラスターの手順または同等の手順を完了します。
TLS 証明書 の手順または同等の手順を実行します。
Istio Service メッシュ手順または同等の手順を完了します。
kubectl mongodbプラグインをインストールします。kubectl mongodbプラグインをインストールするには1ご希望の Kubernetes Operator パッケージ バージョンをダウンロードします。
リポジトリのリリースMongoDBEnterprise Kubernetes Operator ページKubernetes から、ご希望の Operator パッケージ バージョンをダウンロードします。
パッケージの名前には次のパターンが使用されます:
kubectl-mongodb_{{ .Version }}_{{ .Os }}_{{ .Arch }}.tar.gz。次のいずれかのパッケージを使用します。
kubectl-mongodb_{{ .Version }}_darwin_amd64.tar.gzkubectl-mongodb_{{ .Version }}_darwin_arm64.tar.gzkubectl-mongodb_{{ .Version }}_linux_amd64.tar.gzkubectl-mongodb_{{ .Version }}_linux_arm64.tar.gz
23kubectl mongodbプラグインバイナリを見つけて、目的の宛先にコピーします。解凍された ディレクトリで
kubectl-mongodbバイナリを見つけ、次の例に示すように、Kubernetes Operator ユーザーの PATH 内にある目的の宛先に移動します。mv kubectl-mongodb /usr/local/bin/kubectl-mongodb これで、次のコマンドを使用して
kubectl mongodbプラグインを実行できるようになります。kubectl mongodb multicluster setup kubectl mongodb multicluster recover サポートされているフラグの詳細については、 MongoDB kubernetes プラグイン リファレンス を参照してください。
必要に応じて を更新し、次の
env_variables.shファイルで定義されている環境変数を設定します。1 # Namespace in which Ops Manager and AppDB will be deployed 2 export OM_NAMESPACE="mongodb-om" 3 # Namespace in which the operator will be installed 4 export OPERATOR_NAMESPACE="mongodb-operator" 5 # Namespace in which MongoDB resources will be deployed 6 export MDB_NAMESPACE="mongodb" 7 8 # comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator 9 export OPERATOR_ADDITIONAL_HELM_VALUES="${OPERATOR_ADDITIONAL_HELM_VALUES:-""}" 10 11 export OFFICIAL_OPERATOR_HELM_CHART="mongodb/enterprise-operator" 12 export OPERATOR_HELM_CHART="${OPERATOR_HELM_CHART:-${OFFICIAL_OPERATOR_HELM_CHART}}"
ソースコード
手順
1
各KubernetesクラスターにKubernetes Operator、 MongoDB 、およびMongoDB Ops Managerの名前空間を作成します。
kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "${OPERATOR_NAMESPACE}" kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "${OPERATOR_NAMESPACE}" kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "${OPERATOR_NAMESPACE}" kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "${OM_NAMESPACE}" kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "${OM_NAMESPACE}" kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "${OM_NAMESPACE}" kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" create namespace "${MDB_NAMESPACE}" kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" create namespace "${MDB_NAMESPACE}" kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" create namespace "${MDB_NAMESPACE}"
2
イメージ プル シークレットを作成します。
mkdir -p secrets kubectl create secret generic "image-registries-secret" \ --from-file=.dockerconfigjson="${HOME}/.docker/config.json" --type=kubernetes.io/dockerconfigjson \ --dry-run=client -o yaml > secrets/image-registries-secret.yaml kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${OPERATOR_NAMESPACE}" apply -f secrets/image-registries-secret.yaml kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${OM_NAMESPACE}" apply -f secrets/image-registries-secret.yaml kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${OM_NAMESPACE}" apply -f secrets/image-registries-secret.yaml kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${OM_NAMESPACE}" apply -f secrets/image-registries-secret.yaml kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" apply -f secrets/image-registries-secret.yaml kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" apply -f secrets/image-registries-secret.yaml kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" apply -f secrets/image-registries-secret.yaml
3
Kubernetesクラスターを構成します。
次のコマンドを実行して、 Kubernetesクラスターを構成します。
1 kubectl mongodb multicluster setup \ 2 --central-cluster="${K8S_CLUSTER_0_CONTEXT_NAME}" \ 3 --member-clusters="${K8S_CLUSTER_0_CONTEXT_NAME},${K8S_CLUSTER_1_CONTEXT_NAME},${K8S_CLUSTER_2_CONTEXT_NAME}" \ 4 --member-cluster-namespace="${OM_NAMESPACE}" \ 5 --central-cluster-namespace="${OPERATOR_NAMESPACE}" \ 6 --create-service-account-secrets \ 7 --install-database-roles=true \ 8 --image-pull-secrets=image-registries-secret 9 10 kubectl mongodb multicluster setup \ 11 --central-cluster="${K8S_CLUSTER_0_CONTEXT_NAME}" \ 12 --member-clusters="${K8S_CLUSTER_0_CONTEXT_NAME},${K8S_CLUSTER_1_CONTEXT_NAME},${K8S_CLUSTER_2_CONTEXT_NAME}" \ 13 --member-cluster-namespace="${MDB_NAMESPACE}" \ 14 --central-cluster-namespace="${OPERATOR_NAMESPACE}" \ 15 --create-service-account-secrets \ 16 --install-database-roles=true \ 17 --image-pull-secrets=image-registries-secret
Build: , Ensured namespaces exist in all clusters. creating central cluster roles in cluster: gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding creating member roles in cluster: gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-67d0389d75b70a0007e5894a created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding creating member roles in cluster: gke_scratch-kubernetes-team_europe-central2-c_k8s-mdb-2-67d0389d75b70a0007e5894a created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding Ensured ServiceAccounts and Roles. Creating KubeConfig secret mongodb-operator/mongodb-enterprise-operator-multi-cluster-kubeconfig in cluster gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a Ensured database Roles in member clusters. Creating Member list Configmap mongodb-operator/mongodb-enterprise-operator-member-list in cluster gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a Build: , Ensured namespaces exist in all clusters. creating central cluster roles in cluster: gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding creating member roles in cluster: gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-67d0389d75b70a0007e5894a created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding creating member roles in cluster: gke_scratch-kubernetes-team_europe-central2-c_k8s-mdb-2-67d0389d75b70a0007e5894a created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding created clusterrole: mongodb-enterprise-operator-multi-cluster-role-telemetry created clusterrolebinding: mongodb-enterprise-operator-multi-telemetry-cluster-role-binding Ensured ServiceAccounts and Roles. Creating KubeConfig secret mongodb-operator/mongodb-enterprise-operator-multi-cluster-kubeconfig in cluster gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a Ensured database Roles in member clusters. Creating Member list Configmap mongodb-operator/mongodb-enterprise-operator-member-list in cluster gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a
4
Kubernetes用のMongoDB Helm Charts を追加します。
Kubernetes 用の MongoDB Helm Charts の 追加 Helm へのリポジトリを使用します。
1 helm repo add mongodb https://mongodb.github.io/helm-charts 2 helm repo update mongodb 3 helm search repo "${OFFICIAL_OPERATOR_HELM_CHART}"
"mongodb" has been added to your repositories Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "mongodb" chart repository Update Complete. ⎈Happy Helming!⎈ NAME CHART VERSION APP VERSION DESCRIPTION mongodb/enterprise-operator 1.32.0 MongoDB Kubernetes Enterprise Operator
5
Kubernetes 演算子 を配置します。
Kubernetes 用の MongoDB Helm Charts の 使用 Kubernetes 演算子 を配置します。
1 helm upgrade --install \ 2 --debug \ 3 --kube-context "${K8S_CLUSTER_0_CONTEXT_NAME}" \ 4 mongodb-enterprise-operator-multi-cluster \ 5 "${OPERATOR_HELM_CHART}" \ 6 --namespace="${OPERATOR_NAMESPACE}" \ 7 --set namespace="${OPERATOR_NAMESPACE}" \ 8 --set operator.namespace="${OPERATOR_NAMESPACE}" \ 9 --set operator.watchNamespace="${OM_NAMESPACE}\,${MDB_NAMESPACE}" \ 10 --set operator.name=mongodb-enterprise-operator-multi-cluster \ 11 --set operator.createOperatorServiceAccount=false \ 12 --set operator.createResourcesServiceAccountsAndRoles=false \ 13 --set "multiCluster.clusters={${K8S_CLUSTER_0_CONTEXT_NAME},${K8S_CLUSTER_1_CONTEXT_NAME},${K8S_CLUSTER_2_CONTEXT_NAME}}" \ 14 --set "${OPERATOR_ADDITIONAL_HELM_VALUES:-"dummy=value"}" \ 15 --set operator.env=dev
Release "mongodb-enterprise-operator-multi-cluster" does not exist. Installing it now. NAME: mongodb-enterprise-operator-multi-cluster LAST DEPLOYED: Tue Mar 11 13:36:49 2025 NAMESPACE: mongodb-operator STATUS: deployed REVISION: 1 TEST SUITE: None USER-SUPPLIED VALUES: dummy: value multiCluster: clusters: - gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a - gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-67d0389d75b70a0007e5894a - gke_scratch-kubernetes-team_europe-central2-c_k8s-mdb-2-67d0389d75b70a0007e5894a namespace: mongodb-operator operator: createOperatorServiceAccount: false createResourcesServiceAccountsAndRoles: false env: dev mdbDefaultArchitecture: static name: mongodb-enterprise-operator-multi-cluster namespace: mongodb-operator watchNamespace: mongodb-om,mongodb COMPUTED VALUES: agent: name: mongodb-agent-ubi version: 108.0.2.8729-1 database: name: mongodb-enterprise-database-ubi version: 1.32.0 dummy: value initAppDb: name: mongodb-enterprise-init-appdb-ubi version: 1.32.0 initDatabase: name: mongodb-enterprise-init-database-ubi version: 1.32.0 initOpsManager: name: mongodb-enterprise-init-ops-manager-ubi version: 1.32.0 managedSecurityContext: false mongodb: appdbAssumeOldFormat: false imageType: ubi8 name: mongodb-enterprise-server repo: quay.io/mongodb mongodbLegacyAppDb: name: mongodb-enterprise-appdb-database-ubi repo: quay.io/mongodb multiCluster: clusterClientTimeout: 10 clusters: - gke_scratch-kubernetes-team_europe-central2-a_k8s-mdb-0-67d0389d75b70a0007e5894a - gke_scratch-kubernetes-team_europe-central2-b_k8s-mdb-1-67d0389d75b70a0007e5894a - gke_scratch-kubernetes-team_europe-central2-c_k8s-mdb-2-67d0389d75b70a0007e5894a kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig performFailOver: true namespace: mongodb-operator operator: additionalArguments: [] affinity: {} createOperatorServiceAccount: false createResourcesServiceAccountsAndRoles: false deployment_name: mongodb-enterprise-operator enablePVCResize: true env: dev maxConcurrentReconciles: 1 mdbDefaultArchitecture: static name: mongodb-enterprise-operator-multi-cluster namespace: mongodb-operator nodeSelector: {} operator_image_name: mongodb-enterprise-operator-ubi replicas: 1 resources: limits: cpu: 1100m memory: 1Gi requests: cpu: 500m memory: 200Mi telemetry: collection: clusters: {} deployments: {} frequency: 1h operators: {} send: frequency: 168h tolerations: [] vaultSecretBackend: enabled: false tlsSecretRef: "" version: 1.32.0 watchNamespace: mongodb-om,mongodb watchedResources: - mongodb - opsmanagers - mongodbusers webhook: installClusterRole: true registerConfiguration: true opsManager: name: mongodb-enterprise-ops-manager-ubi registry: agent: quay.io/mongodb appDb: quay.io/mongodb database: quay.io/mongodb imagePullSecrets: null initAppDb: quay.io/mongodb initDatabase: quay.io/mongodb initOpsManager: quay.io/mongodb operator: quay.io/mongodb opsManager: quay.io/mongodb pullPolicy: Always subresourceEnabled: true HOOKS: MANIFEST: --- # Source: enterprise-operator/templates/operator-roles.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-mongodb-webhook rules: - apiGroups: - "admissionregistration.k8s.io" resources: - validatingwebhookconfigurations verbs: - get - create - update - delete - apiGroups: - "" resources: - services verbs: - get - list - watch - create - update - delete --- # Source: enterprise-operator/templates/operator-roles.yaml # Additional ClusterRole for clusterVersionDetection kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-multi-cluster-cluster-telemetry rules: # Non-resource URL permissions - nonResourceURLs: - "/version" verbs: - get # Cluster-scoped resource permissions - apiGroups: - '' resources: - namespaces resourceNames: - kube-system verbs: - get - apiGroups: - '' resources: - nodes verbs: - list --- # Source: enterprise-operator/templates/operator-roles.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-multi-cluster-mongodb-operator-webhook-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: mongodb-enterprise-operator-mongodb-webhook subjects: - kind: ServiceAccount name: mongodb-enterprise-operator-multi-cluster namespace: mongodb-operator --- # Source: enterprise-operator/templates/operator-roles.yaml # ClusterRoleBinding for clusterVersionDetection kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-multi-cluster-mongodb-operator-cluster-telemetry-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: mongodb-enterprise-operator-multi-cluster-cluster-telemetry subjects: - kind: ServiceAccount name: mongodb-enterprise-operator-multi-cluster namespace: mongodb-operator --- # Source: enterprise-operator/templates/operator.yaml apiVersion: apps/v1 kind: Deployment metadata: name: mongodb-enterprise-operator-multi-cluster namespace: mongodb-operator spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: mongodb-enterprise-operator-multi-cluster app.kubernetes.io/instance: mongodb-enterprise-operator-multi-cluster template: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: mongodb-enterprise-operator-multi-cluster app.kubernetes.io/instance: mongodb-enterprise-operator-multi-cluster spec: serviceAccountName: mongodb-enterprise-operator-multi-cluster securityContext: runAsNonRoot: true runAsUser: 2000 containers: - name: mongodb-enterprise-operator-multi-cluster image: "quay.io/mongodb/mongodb-enterprise-operator-ubi:1.32.0" imagePullPolicy: Always args: - -watch-resource=mongodb - -watch-resource=opsmanagers - -watch-resource=mongodbusers - -watch-resource=mongodbmulticluster command: - /usr/local/bin/mongodb-enterprise-operator volumeMounts: - mountPath: /etc/config/kubeconfig name: kube-config-volume resources: limits: cpu: 1100m memory: 1Gi requests: cpu: 500m memory: 200Mi env: - name: OPERATOR_ENV value: dev - name: MDB_DEFAULT_ARCHITECTURE value: static - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: WATCH_NAMESPACE value: "mongodb-om,mongodb" - name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY value: "1h" - name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY value: "168h" - name: CLUSTER_CLIENT_TIMEOUT value: "10" - name: IMAGE_PULL_POLICY value: Always # Database - name: MONGODB_ENTERPRISE_DATABASE_IMAGE value: quay.io/mongodb/mongodb-enterprise-database-ubi - name: INIT_DATABASE_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-database-ubi - name: INIT_DATABASE_VERSION value: 1.32.0 - name: DATABASE_VERSION value: 1.32.0 # Ops Manager - name: OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-ops-manager-ubi - name: INIT_OPS_MANAGER_VERSION value: 1.32.0 # AppDB - name: INIT_APPDB_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-appdb-ubi - name: INIT_APPDB_VERSION value: 1.32.0 - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always - name: AGENT_IMAGE value: "quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1" - name: MDB_AGENT_IMAGE_REPOSITORY value: "quay.io/mongodb/mongodb-agent-ubi" - name: MONGODB_IMAGE value: mongodb-enterprise-server - name: MONGODB_REPO_URL value: quay.io/mongodb - name: MDB_IMAGE_TYPE value: "ubi9" - name: PERFORM_FAILOVER value: 'true' - name: MDB_MAX_CONCURRENT_RECONCILES value: "1" volumes: - name: kube-config-volume secret: defaultMode: 420 secretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
6
MongoDB Enterprise Kubernetes Operator のステータスを確認します。
1 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${OPERATOR_NAMESPACE}" rollout status deployment/mongodb-enterprise-operator-multi-cluster 2 echo "Operator deployment in ${OPERATOR_NAMESPACE} namespace" 3 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${OPERATOR_NAMESPACE}" get deployments 4 echo; echo "Operator pod in ${OPERATOR_NAMESPACE} namespace" 5 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${OPERATOR_NAMESPACE}" get pods
Waiting for deployment "mongodb-enterprise-operator-multi-cluster" rollout to finish: 0 of 1 updated replicas are available... deployment "mongodb-enterprise-operator-multi-cluster" successfully rolled out Operator deployment in mongodb-operator namespace NAME READY UP-TO-DATE AVAILABLE AGE mongodb-enterprise-operator-multi-cluster 1/1 1 1 9s Operator pod in mongodb-operator namespace NAME READY STATUS RESTARTS AGE mongodb-enterprise-operator-multi-cluster-786c8fcd9b-9k465 2/2 Running 1 (3s ago) 10s