MongoDB Kubernetes operator is ready for prime-time. Learn about how MongoDB can be used with most popular orchestration platform, Kubernetes, and bring self-service, persistent storage to your containerized applications.
Unleash Your Potential - Namagunga Girls Coding Club
MongoDB .local Bengaluru 2019: Using MongoDB Services in Kubernetes: Any Platform, Development or Production
1.
2. Using MongoDB Services in
Kubernetes
Paresh Saraf, Senior Solutions Architect, MongoDB
Using MongoDB Services in Kubernetes: any platform, development or production
5. Technologies - Kubernetes
Kubernetes is an open-source system for
automating deployment, scaling, and
management of containerized
applications.
(https://kubernetes.io/)
Important Concepts: Master Node, Worker Nodes,
Pods, Image Repo, API
Requirement: >= v1.11
6. Kubernetes Persistence
Stateful sets
• Stable, unique network identifiers.
mdb-{0..N-1}.myproject.mongodb.svc.cluster.local
• Stable, persistent storage.
• Ordered & graceful deploy scaling.
• Ordered, automated rolling updates.
Persistent volumes
Storage with lifecycle independent of the Pods
A PersistentVolume (PV) is a piece of that has been
provisioned by an administrator.
A PersistentVolumeClaim (PVC) is a request for
storage by a user
7. Kubernetes Operators
Service specific controller
High level abstraction for Kubernetes
resource
New API layer for Service specific
endpoint*
Just a single Pod
Observe
Analyse
Act
10. Ops Manager – Monitoring,
Automation, Backup
MongoDB Ops Manager makes it fast and easy
for you to deploy, monitor, upgrade, back up
and scale your MongoDB deployment
16. Getting the Operator
Official container
images hosted on
quay.io
Public GitHub
repository
https://github.com/mongodb/mongodb-
enterprise-kubernetes
18. MongoDB
Enterprise
Kubernetes
Operator
General Availability V 1.2
• Runs on any upstream distribution 1.11 +
• Deploys any MongoDB cluster type or
size via CRD
• MongoDB Ops/Cloud Manager control
plane
• Monitoring, alerting, k8s log pipeline
integration, and automation APIs
• OpenShift 3.11, PKS certified, RHEL7 &
Ubuntu 16.04 base images
• mongod/mongos and OpsManager Log
pipeline integration with K8S
• Configures fully secure MongoDB
cluster: TLS, x509, RBAC
19. MongoDB Kubernetes Best
Practices
1. Configure persistence
2. Specify resource requirements
3. Spread database pods across workers
4. Use multiple availability zones
5. Co-locate mongos pods with apps
6. Configure authentication
7. Encrypt wire traffic (TLS)
20. Persistent Replica Set
Specify persistence settings for a ReplicaSet
...
spec:
...
podSpec:
persistence:
multiple:
data:
storage: 10Gi
journal:
storage: 1Gi
labelSelector:
matchLabels:
app: "my-app"
logs:
storage: 500M
storageClass: standard
...
spec:
...
podSpec:
persistence:
single:
storage: 10Gi
storageClass: standard
21. Persistent Sharded Cluster
Specify persistence settings for MongoDBShardedCluster
...
spec:
...
shardPodSpec:
storage: 25Gi
storageClass: standard
configSrvPodSpec:
storage: 5Gi
storageClass: fast
22. Resource Requirements
...
spec:
...
podSpec:
cpu: '0.8'
memory: 1G
...
Compute – CPU Allocation
Memory – RAM for MongoDB
if limit is not defined mongodb will use 50%
or 1Gb whichever is bigger
All deployment types supported.
...
spec:
...
mongosPodSpec:
cpu: '0.8'
memory: 1G
shardPodSpec:
cpu: '1'
memory: 10G
configSrvPodSpec:
cpu: '1'
memory: 7G
23. Spread MongoDB replicas for
better Fault Tolerance
By default Operator ensures that all members of one replica set are distributed to
different nodes
It’s possible to change this and spread them to different availability zones:
configSrvPodSpec:
podAntiAffinityTopologyKey: failure-domain.beta.kubernetes.io/zone
24. Locate Pods on subset of nodes
If we need to physically separate different MongoDB resources (e.g. “test” and
“staging” environments) or we want to place pods on some specific nodes (e.g.
with SSD support) it’s possible to use “node affinity” feature of Kubernetes
shardPodSpec::
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/env
operator: In
values:
- dev
26. High Level SSL Implementation
Points
security:
tls: “enabled”
clusterAuthMode: x509
Operator will perform:
1. Certificate request to get right certs
2. Place certificates into secretes
3. Add required configuration parameters to
Ops Manager
4. Set-up cluster configuration with TLS
Sharded Cluster- Orchestrate
sequence of steps to get cluster
configured with TLS
27. RBAC and X509 with Operator
New CRD to define MongoDB users
Only x509 users are supported in GA
Fully automated x509 generation and distribution
X509 internal authentication included
kind: MongoDBUser
spec:
userName: < Full name>
authMechanism: x509
db: "$external"
roles:
- db: admin
28. Coming soon.
★ Ops manager for Kubernetes
★ MultiCluster Federation
★ Automated vertical scaling
★ Cluster type migrations
★ Atlas Open Service Broker