MongoDB Kubernetes operator is ready for prime-time. Learn about how MongoDB can be used with most popular orchestration platform, Kubernetes, and bring self-service, persistent storage to your containerized applications.
4. Safe Harbor
This presentation contains “forward-looking statements” within the meaning of Section 27A of the Securities Act
of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Such
forward-looking statements are subject to a number of risks, uncertainties, assumptions and other factors that
could cause actual results and the timing of certain events to differ materially from future results expressed or
implied by the forward-looking statements. Factors that could cause or contribute to such differences include, but
are not limited to, those identified our filings with the Securities and Exchange Commission. You should not rely
upon forward-looking statements as predictions of future events. Furthermore, such forward-looking statements
speak only as of the date of this presentation.
In particular, the development, release, and timing of any features or functionality described for MongoDB
products remains at MongoDB’s sole discretion. This information is merely intended to outline our general
product direction and it should not be relied on in making a purchasing decision nor is this a commitment,
promise or legal obligation to deliver any material, code, or functionality. Except as required by law, we undertake
no obligation to update any forward-looking statements to reflect events or circumstances after the date of such
statements.
5. agenda:
● Kubernetes Basics
● MongoDB Enterprise Kubernetes
Operator
● KubeStore Demo
● Best Practices and Recommendations
● Sample Blueprint Architecture
MongoDB in Kubernetes
6. Technologies - Kubernetes
Kubernetes is an open-source
system for automating
deployment, scaling, and
management of containerized
applications.
(https://kubernetes.io/)
Important Concepts: Master Node, Worker
Nodes, Pods, Image Repo, API
Requirement: >= v1.13
8. Kubernetes Persistence Persistent volumes
Storage with lifecycle
independent of the Pods
A PersistentVolume (PV) is a
piece of that has been provisioned
by an administrator.
A PersistentVolumeClaim (PVC)
is a request for storage by a user
StorageDriver
PVC
PV
File
Storage
9. Kubernetes Operators
What is a Kubernetes Operator?
Specialized controller/agent, usually lightweight
single container, implements management API
custom resources.
CRDs - Custom Resource Definitions
● mongodb-enterprise-operator
● mongodb-enterprise-database
● mongodb-enterprise-ops-manager
● mongodb-user
Observe
Analyse
Act
11. ---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: my-tls-enabled-rs # Your MongoDB cluster name
spec:
type: ReplicaSet # The type of cluster
members: 3 # Number of nodes in replica set
version: 4.0.4 # MongoDB version to run
project: my-project # Name of ConfigMap for OpsMgr
credentials: my-credentials # Name of Secret for OpsMgr
persistent: true
podSpec:
cpu: '0.25' # % of worker node CPU
persistence:
single: # data,log, and journal on one PVC/PV
storage: 12G
storageClass: standard # Standard k8s dynamic PV support
security:
tls:
enabled: true # Automatic k8s-native TLS configuration
14. k8s objects: operator instance
Each MongoDB Kubernetes Operator
creates a single deployment.
Not a MongoDB ReplicaSet!
Used to enforce at least one operator
pod to run for the deployment.
Deployment: Deployment enables
declarative updates for Pods and
ReplicaSets.
ReplicaSet: ReplicaSet ensures
that a specified number of pod
replicas are running at any
given time.
ServiceAccount: binds together: a
name, a principal that can be
authenticated and authorized * a set
of secrets.
Each MongoDB Kubernetes Operator
creates a single deployment.
Role: Role is a namespaced,
logical grouping of
PolicyRules that can be
referenced as a unit by a
RoleBinding.
Role is created to manage objects.
Optional ClusterRole for native
Kubernetes CA infrastructure to
generate TLS certificates.
15. k8s objects: MongoDB “db node”
Pod: Pod is a collection of containers
that can run on a hst. This resource is
created by clients and scheduled onto
hosts.
StatefulSet: StatefulSet represents
a set of pods with consistent
identities. Identities are defined
as: network, storage.
Service: Service is a named abstraction
of software service consisting of local
port that the proxy listens on, and the
selector that determines which pods will
answer requests sent through the proxy.
Each MongoDB database CRD instance
creates one StatefulSet per MongoDB
Replica Set.
A pod is created for each node in each
MongoDB Replica Set. Each pod runs one
container, seeded with a special agent
which connects to Ops Manager.
Each MongoDB CRD instance creates one
internal ClusterIp service, optionally
and externally available NodePort can be
provisioned.
16. k8s objects: “db node” storage
Each MongoDB database container has one
or more associated PeristentVolumes.
The operator generates a PVC for each
member of each replicaset of a MongoDB
CRD instance deployment. A PVC is
created for each mount point.
The MongoDB cluster CRD supports passing
a requested storage class along with
each PVC.
PersistentVolume: is a storage resource
provisioned by an administrator.
PersistentVolumeClaim:
PersistentVolumeClaim is a user's
request for and claim to a persistent
volume.
StorageClass: StorageClass describes
the parameters for a class of storage
for which PersistentVolumes can be
dynamically provisioned.
18. add demo about killing pod and seeing
new primary recover
19. MongoDB
Enterprise
Kubernetes
Operator
• Runs on any upstream distro 1.13 +
• Deploys any MongoDB cluster type or
size via CRD
• MongoDB Ops/Cloud Manager control
plane
• Monitoring, alerting, k8s log pipeline
integration, and automation APIs
• OpenShift 3.11, PKS certified, RHEL7 &
Ubuntu 16.04 base images
• mongod/mongos and OpsManager Log
pipeline integration with K8S
• Configures fully secure MongoDB
cluster: TLS, x509, RBAC
General Availability V 1.0
20. Customers interested in Operator
We have over 80 customers that tried our beta
and some are using it in production.
Paychek, Amadeus (visit talks)
IBM
Certified partners with RedHat and Pivotal
29. Ensure proper
persistence
configuration
● supports single or multiple mount points
● one PersistentVolumeClaim created per
MongoDB mount point
● Default path in container is /data
...
persistent: true
podSpec:
...
persistence :
multiple:
data:
storage: 10Gi
journal:
storage: 1Gi
labelSelector :
matchLabels :
app: "my-app"
logs:
storage: 500M
...
30. Specify resource
requirements
● CPU and Memory requests
● Supports single or multiple mongos, configsvr,
and mongod allocations for sharded clusters
● Specify memory for MongoDB (WT cache)
● Note, monitoring tools report the size of
Kubernetes node instead of the real size of the
container
...
persistent: true
configSrvPodSpec :
...
cpu: '0.25'
memory: 512M
...
persistence :
…
mongosPodSpec :
...
cpu: '0.25'
memory: 512M
...
persistence :
shardPodSpec :
...
cpu: '0.55'
memory: 2GB
...
persistence :
31. Use multiple availability
zones
● Operator and StatefulSet’s ensure that all
members of one replica set are distributed to
different nodes.
...
persistent: true
podSpec:
...
podAntiAffinityTopologyKey: failure-domain.beta.kubernetes.io/zone
...
● Operator and StatefulSet’s ensure that all
members of one replica set are distributed to
different nodes.
32. Co-locate mongos
pods with apps
● A mongos instance is lightweight and
can be run in a pod running on the
same worker node as your apps using
MongoDB.
● Supports standard Kubernetes label
node-affinity and node anti-affinity
constructs
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-server
spec:
replicas: 3
template:
metadata:
labels:
app: web-store
mongosPodSpec :
podAffinity :
requiredDuringSchedulingIgnoredDuringExecution :
- labelSelector :
matchExpressions :
- key: app
operator: In
values:
- web-store
33. Manage multitenancy with
labels
● If you need to physically separate
different MongoDB resources (e.g.
“test” and “staging” environments) or
want to place pods on some specific
nodes (e.g. with SSD support) use the
“node affinity” feature of Kubernetes
mongosPodSpec :
podAffinity :
requiredDuringSchedulingIgnoredDuringExecution :
- labelSelector :
matchExpressions :
- key: app
operator: In
values:
- web-store
34. Enable TLS
● CPU and Memory requests
● Supports single or multiple mongos, configsvr,
and mongod allocations for sharded clusters
● Specify memory for MongoDB (WT cache)
● Note, monitoring tools reports the size of
Kubernetes node instead of the real size of the
container
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: my-tls-enabled-rs
spec:
type: ReplicaSet
members: 3
version: 4.0.4
project: my-project
credentials: my-credentials
security:
tls:
enabled: true
additionalMongodConfig:
net:
ssl:
mode: "preferSSL"
37. Kubernetes Cluster
Ops Manager
MongoDB Enterprise Private Cloud Deployment Design
Standard Kubernetes 2019.1 No.
1
Kubernetes Namespace
Deployment Notes
Single instance of Ops Manager running in VM
or use Cloud Manager
One Operator per Kubernetes Namespace
for each Ops Manager organization
One ConfigMap per Ops Manager Project
Multiple Secrets & User CRDs for
authentication and authorization
Cloud Manager
Kubernetes
Operator
Related
MongoDB
Database
38. The MongoDB
Enterprise
Kubernetes
Operator
v1.2 available today
excellent features include:
● Runs on any upstream distribution
1.13 +
● Deploys any MongoDB cluster type
or size via CRD
● MongoDB Ops/Cloud Manager
control plane
● Monitoring, alerting, k8s log
pipeline integration, and
automation APIs
● OpenShift 3.11 certified, RHEL7 &
Ubuntu 16.04 base images
● mongod/mongos and OpsManager
Log pipeline integration with K8S
● Configures fully secure MongoDB
cluster: TLS, x509, RBAC