MongoDB Kubernetes operator is ready for prime-time. Learn about how MongoDB can be used with most popular orchestration platform, Kubernetes, and bring self-service, persistent storage to your containerized applications.

2. MongoDB
in
Kubernetes
mink
Your blueprint guide to running Enterprise
MongoDB in Kubernetes

3. MongoDB in Kubernetes
Jason Mimick, MongoDB
Your guide to running Enterprise MongoDB on Kubernetes

4. Safe Harbor
This presentation contains “forward-looking statements” within the meaning of Section 27A of the Securities Act
of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Such
forward-looking statements are subject to a number of risks, uncertainties, assumptions and other factors that
could cause actual results and the timing of certain events to differ materially from future results expressed or
implied by the forward-looking statements. Factors that could cause or contribute to such differences include, but
are not limited to, those identified our filings with the Securities and Exchange Commission. You should not rely
upon forward-looking statements as predictions of future events. Furthermore, such forward-looking statements
speak only as of the date of this presentation.
In particular, the development, release, and timing of any features or functionality described for MongoDB
products remains at MongoDB’s sole discretion. This information is merely intended to outline our general
product direction and it should not be relied on in making a purchasing decision nor is this a commitment,
promise or legal obligation to deliver any material, code, or functionality. Except as required by law, we undertake
no obligation to update any forward-looking statements to reflect events or circumstances after the date of such
statements.

5. agenda:
● Kubernetes Basics
● MongoDB Enterprise Kubernetes
Operator
● KubeStore Demo
● Best Practices and Recommendations
● Sample Blueprint Architecture
MongoDB in Kubernetes

6. Technologies - Kubernetes
Kubernetes is an open-source
system for automating
deployment, scaling, and
management of containerized
applications.
(https://kubernetes.io/)
Important Concepts: Master Node, Worker
Nodes, Pods, Image Repo, API
Requirement: >= v1.13

7. Kubernetes Persistence Stateful sets
• Stable, unique network
identifiers.
mdb-{0..N-1}.myproject.mongodb.svc.cluste
r.local
• Stable, persistent storage.
• Ordered & graceful deploy
scaling.
• Ordered, automated rolling
updates.

8. Kubernetes Persistence Persistent volumes
Storage with lifecycle
independent of the Pods
A PersistentVolume (PV) is a
piece of that has been provisioned
by an administrator.
A PersistentVolumeClaim (PVC)
is a request for storage by a user
StorageDriver
PVC
PV
File
Storage

9. Kubernetes Operators
What is a Kubernetes Operator?
Specialized controller/agent, usually lightweight
single container, implements management API
custom resources.
CRDs - Custom Resource Definitions
● mongodb-enterprise-operator
● mongodb-enterprise-database
● mongodb-enterprise-ops-manager
● mongodb-user
Observe
Analyse
Act

10. Example standard
MongoDB replica set
Kubernetes definition

11. ---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: my-tls-enabled-rs # Your MongoDB cluster name
spec:
type: ReplicaSet # The type of cluster
members: 3 # Number of nodes in replica set
version: 4.0.4 # MongoDB version to run
project: my-project # Name of ConfigMap for OpsMgr
credentials: my-credentials # Name of Secret for OpsMgr
persistent: true
podSpec:
cpu: '0.25' # % of worker node CPU
persistence:
single: # data,log, and journal on one PVC/PV
storage: 12G
storageClass: standard # Standard k8s dynamic PV support
security:
tls:
enabled: true # Automatic k8s-native TLS configuration

12. kick off demo deploy of previous cluster

13. Creates
References
Ops Mgr Project
Ops Mgr Org
Storage
Configuration
VM Deployment
MongoDB Kubernetes Resource Map
operator
ops-manager
sts
sts
sts

14. k8s objects: operator instance
Each MongoDB Kubernetes Operator
creates a single deployment.
Not a MongoDB ReplicaSet!
Used to enforce at least one operator
pod to run for the deployment.
Deployment: Deployment enables
declarative updates for Pods and
ReplicaSets.
ReplicaSet: ReplicaSet ensures
that a specified number of pod
replicas are running at any
given time.
ServiceAccount: binds together: a
name, a principal that can be
authenticated and authorized * a set
of secrets.
Each MongoDB Kubernetes Operator
creates a single deployment.
Role: Role is a namespaced,
logical grouping of
PolicyRules that can be
referenced as a unit by a
RoleBinding.
Role is created to manage objects.
Optional ClusterRole for native
Kubernetes CA infrastructure to
generate TLS certificates.

15. k8s objects: MongoDB “db node”
Pod: Pod is a collection of containers
that can run on a hst. This resource is
created by clients and scheduled onto
hosts.
StatefulSet: StatefulSet represents
a set of pods with consistent
identities. Identities are defined
as: network, storage.
Service: Service is a named abstraction
of software service consisting of local
port that the proxy listens on, and the
selector that determines which pods will
answer requests sent through the proxy.
Each MongoDB database CRD instance
creates one StatefulSet per MongoDB
Replica Set.
A pod is created for each node in each
MongoDB Replica Set. Each pod runs one
container, seeded with a special agent
which connects to Ops Manager.
Each MongoDB CRD instance creates one
internal ClusterIp service, optionally
and externally available NodePort can be
provisioned.

16. k8s objects: “db node” storage
Each MongoDB database container has one
or more associated PeristentVolumes.
The operator generates a PVC for each
member of each replicaset of a MongoDB
CRD instance deployment. A PVC is
created for each mount point.
The MongoDB cluster CRD supports passing
a requested storage class along with
each PVC.
PersistentVolume: is a storage resource
provisioned by an administrator.
PersistentVolumeClaim:
PersistentVolumeClaim is a user's
request for and claim to a persistent
volume.
StorageClass: StorageClass describes
the parameters for a class of storage
for which PersistentVolumes can be
dynamically provisioned.

17. MongoDB Architecture - per shard

18. add demo about killing pod and seeing
new primary recover

19. MongoDB
Enterprise
Kubernetes
Operator
• Runs on any upstream distro 1.13 +
• Deploys any MongoDB cluster type or
size via CRD
• MongoDB Ops/Cloud Manager control
plane
• Monitoring, alerting, k8s log pipeline
integration, and automation APIs
• OpenShift 3.11, PKS certified, RHEL7 &
Ubuntu 16.04 base images
• mongod/mongos and OpsManager Log
pipeline integration with K8S
• Configures fully secure MongoDB
cluster: TLS, x509, RBAC
General Availability V 1.0

20. Customers interested in Operator
We have over 80 customers that tried our beta
and some are using it in production.
Paychek, Amadeus (visit talks)
IBM
Certified partners with RedHat and Pivotal

21. Demo
The Kube Store
Demo Presenter

22. example
ecommerce
website
• azure-aks
• Let’s Encrypt
• nginx
• react ui
• node.js & python
database microservices
• MongoDB Operator
• MongoDB Cloud Mgr
• TLS all the way

23. Demo

24. demo
• some
• kubectl
• trickery
• here

25. Operator
MongoDB Ops
Manager
Open
Service
Broker
Apps Everywhere
On Premise/Private Cloud Public Cloud
MongoDB Run Anywhere...
Infrastructure/ Virtualization
Configuration
Management

26. new version of previous slide
clean up
add more mongodb logos
show convergence of private and public clouds

27. 1. Configure persistence
2. Specify resource requirements
3. Spread database pods across workers
4. Use multiple availability zones
5. Co-locate mongos pods with apps
6. Configure authentication
7. Encrypt wire traffic (TLS)
MongoDB Kubernetes Best
Practices

28. MongoDB Kubernetes
Best Practices

29. Ensure proper
persistence
configuration
● supports single or multiple mount points
● one PersistentVolumeClaim created per
MongoDB mount point
● Default path in container is /data
...
persistent: true
podSpec:
...
persistence :
multiple:
data:
storage: 10Gi
journal:
storage: 1Gi
labelSelector :
matchLabels :
app: "my-app"
logs:
storage: 500M
...

30. Specify resource
requirements
● CPU and Memory requests
● Supports single or multiple mongos, configsvr,
and mongod allocations for sharded clusters
● Specify memory for MongoDB (WT cache)
● Note, monitoring tools report the size of
Kubernetes node instead of the real size of the
container
...
persistent: true
configSrvPodSpec :
...
cpu: '0.25'
memory: 512M
...
persistence :
…
mongosPodSpec :
...
cpu: '0.25'
memory: 512M
...
persistence :
shardPodSpec :
...
cpu: '0.55'
memory: 2GB
...
persistence :

31. Use multiple availability
zones
● Operator and StatefulSet’s ensure that all
members of one replica set are distributed to
different nodes.
...
persistent: true
podSpec:
...
podAntiAffinityTopologyKey: failure-domain.beta.kubernetes.io/zone
...
● Operator and StatefulSet’s ensure that all
members of one replica set are distributed to
different nodes.

32. Co-locate mongos
pods with apps
● A mongos instance is lightweight and
can be run in a pod running on the
same worker node as your apps using
MongoDB.
● Supports standard Kubernetes label
node-affinity and node anti-affinity
constructs
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-server
spec:
replicas: 3
template:
metadata:
labels:
app: web-store
mongosPodSpec :
podAffinity :
requiredDuringSchedulingIgnoredDuringExecution :
- labelSelector :
matchExpressions :
- key: app
operator: In
values:
- web-store

33. Manage multitenancy with
labels
● If you need to physically separate
different MongoDB resources (e.g.
“test” and “staging” environments) or
want to place pods on some specific
nodes (e.g. with SSD support) use the
“node affinity” feature of Kubernetes
mongosPodSpec :
podAffinity :
requiredDuringSchedulingIgnoredDuringExecution :
- labelSelector :
matchExpressions :
- key: app
operator: In
values:
- web-store

34. Enable TLS
● CPU and Memory requests
● Supports single or multiple mongos, configsvr,
and mongod allocations for sharded clusters
● Specify memory for MongoDB (WT cache)
● Note, monitoring tools reports the size of
Kubernetes node instead of the real size of the
container
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: my-tls-enabled-rs
spec:
type: ReplicaSet
members: 3
version: 4.0.4
project: my-project
credentials: my-credentials
security:
tls:
enabled: true
additionalMongodConfig:
net:
ssl:
mode: "preferSSL"

35. Enable Auth
● x509 user authentication supported
● Additional CRD for MongoDB users
● Fully automated certificate generation and
distribution
● Includes X509 internal authentication
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: my-tls-enabled-rs
spec:
type: ReplicaSet
members: 3
version: 4.0.4
project: my-project
credentials: my-credentials
security:
clusterAuthenticationMode: x509
tls:
enabled: true

36. Enable Auth - Sample user CRD
apiVersion: mongodb.com/v1
kind: MongoDBUser
metadata:
name: user-with-roles
spec:
username: "CN=mms-user-1,OU=cloud,O=MongoDB,L=New York,ST=New York,C=US"
db: "$external"
project: my-project
roles:
- db: "admin"
name: "clusterAdmin"

37. Kubernetes Cluster
Ops Manager
MongoDB Enterprise Private Cloud Deployment Design
Standard Kubernetes 2019.1 No.
1
Kubernetes Namespace
Deployment Notes
Single instance of Ops Manager running in VM
or use Cloud Manager
One Operator per Kubernetes Namespace
for each Ops Manager organization
One ConfigMap per Ops Manager Project
Multiple Secrets & User CRDs for
authentication and authorization
Cloud Manager
Kubernetes
Operator
Related
MongoDB
Database

38. The MongoDB
Enterprise
Kubernetes
Operator
v1.2 available today
excellent features include:
● Runs on any upstream distribution
1.13 +
● Deploys any MongoDB cluster type
or size via CRD
● MongoDB Ops/Cloud Manager
control plane
● Monitoring, alerting, k8s log
pipeline integration, and
automation APIs
● OpenShift 3.11 certified, RHEL7 &
Ubuntu 16.04 base images
● mongod/mongos and OpsManager
Log pipeline integration with K8S
● Configures fully secure MongoDB
cluster: TLS, x509, RBAC