Create MongoDB Cluster With Custom Password on KubeBlocks

This guide demonstrates how to deploy a MongoDB cluster in KubeBlocks with a custom root password stored in a Kubernetes Secret.

Prerequisites

Before proceeding, ensure the following:

Environment Setup:
- A Kubernetes cluster is up and running.
- The kubectl CLI tool is configured to communicate with your cluster.
- KubeBlocks CLI and KubeBlocks Operator are installed. Follow the installation instructions here.
Namespace Preparation: To keep resources isolated, create a dedicated namespace for this tutorial:

kubectl create ns demo
namespace/demo created

Deploying the MongoDB ReplicaSet Cluster

KubeBlocks uses a declarative approach for managing MongoDB clusters. Below is an example configuration for deploying a MongoDB cluster with 2 nodes (1 primary, 1 replicas) and a custom root password.

Step 1: Create a Secret for the Defaults Account

The custom root password is stored in a Kubernetes Secret. Create the Secret by applying the following YAML:


apiVersion: v1
data:
  password: Y3VzdG9tcGFzc3dvcmQ= # custompassword
  username: cm9vdA== #root
immutable: true
kind: Secret
metadata:
  name: custom-secret
  namespace: demo

password: Replace custompassword with your desired password and encode it using Base64 (echo -n "custompassword" | base64).
username: The default MongoDB root user is 'root', encoded as 'cm9vdA=='.

Step 2: Deploy the MongoDB Cluster

Apply the following manifest to deploy the MongoDB cluster, referencing the Secret created in Step 1 for the root account:


apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: mongo-cluster
  namespace: demo
spec:
  terminationPolicy: Delete
  clusterDef: mongodb
  topology: replicaset
  componentSpecs:
    - name: mongodb
      serviceVersion: "6.0.16"
      replicas: 3
      systemAccounts:  # override systemaccount password
        - name: root
          secretRef:
            name: custom-secret
            namespace: demo
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi

Explanation of Key Fields

systemAccounts: Overrides system accounts defined in the referenced ComponentDefinition.

TIP

In KubeBlocks MongoDB Addon, a list of system accounts is defined. And only those accounts can be customized with a new secret.

To get the of accounts:


kubectl get cmpd mongodb-1.0.0         -oyaml | yq '.spec.systemAccounts[].name'

Expected Output:

root

Verifying the Deployment

Monitor the cluster status until it transitions to the Running state:

kubectl get cluster mongo-cluster -n demo -w

Expected Output:

kubectl get cluster mongo-cluster -n demo
NAME            CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS     AGE
mongo-cluster   mongodb              Delete               Creating   49s
mongo-cluster   mongodb              Delete               Running    62s

Check the pod status and roles:

kubectl get pods -l app.kubernetes.io/instance=mongo-cluster -L  kubeblocks.io/role -n demo

Expected Output:

NAME                      READY   STATUS    RESTARTS   AGE   ROLE
mongo-cluster-mongodb-0   2/2     Running   0          78s   primary
mongo-cluster-mongodb-1   2/2     Running   0          63s   secondary
mongo-cluster-mongodb-2   2/2     Running   0          48s   secondary

Once the cluster status becomes Running, your MongoDB cluster is ready for use.

TIP

If you are creating the cluster for the very first time, it may take some time to pull images before running.

Connecting to the MongoDB Cluster

KubeBlocks automatically creates a secret containing the MongoDB root credentials. Retrieve the credentials with the following commands:


kubectl get secrets -n demo mongo-cluster-mongodb-account-root -o jsonpath='{.data.password}' | base64 -d
custompassword

To connect to the cluster's primary node, use the MongoDB client with the custom password:


kubectl exec -it -n demo mongo-cluster-mongodb-0 -c mongodb -- mongosh "mongodb://root:custompassword@127.0.0.1:27017/admin"

Cleanup

To remove all created resources, delete the MongoDB cluster along with its namespace:

kubectl delete cluster mongo-cluster -n demo
kubectl delete secret custom-secret -n demo
kubectl delete ns demo

Summary

In this guide, you:

Created a Kubernetes Secret to securely store a custom MongoDB root password.
Deployed a MongoDB cluster in KubeBlocks with a custom root password.
Verified the deployment and connected to the cluster's primary node using the MongoDB client.

Using Kubernetes Secrets ensures secure credential management for your MongoDB clusters, while KubeBlocks simplifies the deployment and management process.

Create MongoDB Cluster With Custom Password on KubeBlocks

This guide demonstrates how to deploy a MongoDB cluster in KubeBlocks with a custom root password stored in a Kubernetes Secret.

Prerequisites

Before proceeding, ensure the following:

Environment Setup:
- A Kubernetes cluster is up and running.
- The kubectl CLI tool is configured to communicate with your cluster.
- KubeBlocks CLI and KubeBlocks Operator are installed. Follow the installation instructions here.
Namespace Preparation: To keep resources isolated, create a dedicated namespace for this tutorial:

kubectl create ns demo
namespace/demo created

Deploying the MongoDB ReplicaSet Cluster

Step 1: Create a Secret for the Defaults Account

The custom root password is stored in a Kubernetes Secret. Create the Secret by applying the following YAML:


apiVersion: v1
data:
  password: Y3VzdG9tcGFzc3dvcmQ= # custompassword
  username: cm9vdA== #root
immutable: true
kind: Secret
metadata:
  name: custom-secret
  namespace: demo

password: Replace custompassword with your desired password and encode it using Base64 (echo -n "custompassword" | base64).
username: The default MongoDB root user is 'root', encoded as 'cm9vdA=='.

Step 2: Deploy the MongoDB Cluster

Apply the following manifest to deploy the MongoDB cluster, referencing the Secret created in Step 1 for the root account:


apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: mongo-cluster
  namespace: demo
spec:
  terminationPolicy: Delete
  clusterDef: mongodb
  topology: replicaset
  componentSpecs:
    - name: mongodb
      serviceVersion: "6.0.16"
      replicas: 3
      systemAccounts:  # override systemaccount password
        - name: root
          secretRef:
            name: custom-secret
            namespace: demo
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi

Explanation of Key Fields

systemAccounts: Overrides system accounts defined in the referenced ComponentDefinition.

TIP

In KubeBlocks MongoDB Addon, a list of system accounts is defined. And only those accounts can be customized with a new secret.

To get the of accounts:


kubectl get cmpd mongodb-1.0.0         -oyaml | yq '.spec.systemAccounts[].name'

Expected Output:

root

Verifying the Deployment

Monitor the cluster status until it transitions to the Running state:

kubectl get cluster mongo-cluster -n demo -w

Expected Output:

kubectl get cluster mongo-cluster -n demo
NAME            CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS     AGE
mongo-cluster   mongodb              Delete               Creating   49s
mongo-cluster   mongodb              Delete               Running    62s

Check the pod status and roles:

kubectl get pods -l app.kubernetes.io/instance=mongo-cluster -L  kubeblocks.io/role -n demo

Expected Output:

NAME                      READY   STATUS    RESTARTS   AGE   ROLE
mongo-cluster-mongodb-0   2/2     Running   0          78s   primary
mongo-cluster-mongodb-1   2/2     Running   0          63s   secondary
mongo-cluster-mongodb-2   2/2     Running   0          48s   secondary

Once the cluster status becomes Running, your MongoDB cluster is ready for use.

TIP

If you are creating the cluster for the very first time, it may take some time to pull images before running.

Connecting to the MongoDB Cluster

KubeBlocks automatically creates a secret containing the MongoDB root credentials. Retrieve the credentials with the following commands:


kubectl get secrets -n demo mongo-cluster-mongodb-account-root -o jsonpath='{.data.password}' | base64 -d
custompassword

To connect to the cluster's primary node, use the MongoDB client with the custom password:


kubectl exec -it -n demo mongo-cluster-mongodb-0 -c mongodb -- mongosh "mongodb://root:custompassword@127.0.0.1:27017/admin"

Cleanup

To remove all created resources, delete the MongoDB cluster along with its namespace:

kubectl delete cluster mongo-cluster -n demo
kubectl delete secret custom-secret -n demo
kubectl delete ns demo

Summary

In this guide, you:

Created a Kubernetes Secret to securely store a custom MongoDB root password.
Deployed a MongoDB cluster in KubeBlocks with a custom root password.
Verified the deployment and connected to the cluster's primary node using the MongoDB client.

Using Kubernetes Secrets ensures secure credential management for your MongoDB clusters, while KubeBlocks simplifies the deployment and management process.