KubeBlocks
BlogsKubeBlocks Cloud
Overview
Quickstart

Operations

Lifecycle Management
Vertical Scaling
Horizontal Scaling
Volume Expansion
Manage MongoDB Services
MongoDB Switchover
Decommission MongoDB Replica

Backup And Restores

Create BackupRepo
Create Full Backup
Scheduled Backups
Scheduled Continuous Backup
Restore MongoDB Cluster
Restore with PITR

Custom Secret

Custom Password

tpl

  1. Prerequisites
  2. Deploying the MongoDB ReplicaSet Cluster
    1. Step 1: Create a Secret for the Defaults Account
    2. Step 2: Deploy the MongoDB Cluster
  3. Verifying the Deployment
  4. Connecting to the MongoDB Cluster
  5. Cleanup
  6. Summary

Create MongoDB Cluster With Custom Password on KubeBlocks

This guide demonstrates how to deploy a MongoDB cluster in KubeBlocks with a custom root password stored in a Kubernetes Secret.

Prerequisites

    Before proceeding, ensure the following:

    • Environment Setup:
      • A Kubernetes cluster is up and running.
      • The kubectl CLI tool is configured to communicate with your cluster.
      • KubeBlocks CLI and KubeBlocks Operator are installed. Follow the installation instructions here.
    • Namespace Preparation: To keep resources isolated, create a dedicated namespace for this tutorial:
    kubectl create ns demo
namespace/demo created

    Deploying the MongoDB ReplicaSet Cluster

    KubeBlocks uses a declarative approach for managing MongoDB clusters. Below is an example configuration for deploying a MongoDB cluster with 2 nodes (1 primary, 1 replicas) and a custom root password.

    Step 1: Create a Secret for the Defaults Account

    The custom root password is stored in a Kubernetes Secret. Create the Secret by applying the following YAML:

    apiVersion: v1
data:
  password: Y3VzdG9tcGFzc3dvcmQ= # custompassword
  username: cm9vdA== #root
immutable: true
kind: Secret
metadata:
  name: custom-secret
  namespace: demo
    • password: Replace custompassword with your desired password and encode it using Base64 (echo -n "custompassword" | base64).
    • username: The default MongoDB root user is 'root', encoded as 'cm9vdA=='.

    Step 2: Deploy the MongoDB Cluster

    Apply the following manifest to deploy the MongoDB cluster, referencing the Secret created in Step 1 for the root account:

    apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: mongo-cluster
  namespace: demo
spec:
  terminationPolicy: Delete
  clusterDef: mongodb
  topology: replicaset
  componentSpecs:
    - name: mongodb
      serviceVersion: "6.0.16"
      replicas: 3
      systemAccounts:  # override systemaccount password
        - name: root
          secretRef:
            name: custom-secret
            namespace: demo
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi

    Explanation of Key Fields

    • systemAccounts: Overrides system accounts defined in the referenced ComponentDefinition.
    TIP

    In KubeBlocks MongoDB Addon, a list of system accounts is defined. And only those accounts can be customized with a new secret.

    To get the of accounts:

    kubectl get cmpd mongodb-1.0.0         -oyaml | yq '.spec.systemAccounts[].name'

    Expected Output:

    root

    Verifying the Deployment

      Monitor the cluster status until it transitions to the Running state:

      kubectl get cluster mongo-cluster -n demo -w

      Expected Output:

      kubectl get cluster mongo-cluster -n demo
NAME            CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS     AGE
mongo-cluster   mongodb              Delete               Creating   49s
mongo-cluster   mongodb              Delete               Running    62s

      Check the pod status and roles:

      kubectl get pods -l app.kubernetes.io/instance=mongo-cluster -L  kubeblocks.io/role -n demo

      Expected Output:

      NAME                      READY   STATUS    RESTARTS   AGE   ROLE
mongo-cluster-mongodb-0   2/2     Running   0          78s   primary
mongo-cluster-mongodb-1   2/2     Running   0          63s   secondary
mongo-cluster-mongodb-2   2/2     Running   0          48s   secondary

      Once the cluster status becomes Running, your MongoDB cluster is ready for use.

      TIP

      If you are creating the cluster for the very first time, it may take some time to pull images before running.

      Connecting to the MongoDB Cluster

      KubeBlocks automatically creates a secret containing the MongoDB root credentials. Retrieve the credentials with the following commands:

      kubectl get secrets -n demo mongo-cluster-mongodb-account-root -o jsonpath='{.data.password}' | base64 -d
custompassword

      To connect to the cluster's primary node, use the MongoDB client with the custom password:

      kubectl exec -it -n demo mongo-cluster-mongodb-0 -c mongodb -- mongosh "mongodb://root:custompassword@127.0.0.1:27017/admin"

      Cleanup

      To remove all created resources, delete the MongoDB cluster along with its namespace:

      kubectl delete cluster mongo-cluster -n demo
kubectl delete secret custom-secret -n demo
kubectl delete ns demo

      Summary

      In this guide, you:

      • Created a Kubernetes Secret to securely store a custom MongoDB root password.
      • Deployed a MongoDB cluster in KubeBlocks with a custom root password.
      • Verified the deployment and connected to the cluster's primary node using the MongoDB client.

      Using Kubernetes Secrets ensures secure credential management for your MongoDB clusters, while KubeBlocks simplifies the deployment and management process.

      © 2025 ApeCloud PTE. Ltd.