Search code examples
mongodbkubernetesbitnamireplicaset

How to connect to MongoDB replicaset on Kubernetes

I have deployed bitnami's Mongodb helm chart in the replicaset mode on a K8s cluster, using this minimal config (for now):

  architecture: replicaset
  auth:
    enabled: false

Now I have two replicas (one primary and one secondary, allegedly) and an arbiter (no data, just voting rights). Additionally, I got two services: appname-mongodb-headless, appname-mongodb-arbiter-headless. However, the MongoDB docs specify the connection string in case of replicaset installations as mongodb://mongodb0.example.com:27017,mongodb1.example.com:27017,mongodb2.example.com:27017/?replicaSet=myRepl.

I can use mongodb://appname-mongodb-headless:27017 to connect to the db, but is it the "real experience" (i.e. highly available, etc)?

  • Do I need to specify the replicaset name (as in the example) and how do I find out what it is?
  • If the current services are enough, do I need to include the arbiter in the connection string?
  • Or should I create separate services for each replica and build the recommended connection string? 
    externalAccess:
  enabled: true
  autoDiscovery:
    enabled: true
  • I will eventually enable authentication after sorting out this part of the connection. What is this replicaSetKey ("Key used for authentication in the replicaset"), and where do I use it?

I found this similar question. It is for another chart, but it suggests me that some combination of the headless services should be enough. Nonetheless, it doesn't answer all aspects of my question.

Solution

  • The headless service serves as an entrypoint for you to connect to MongoDB, without the need to specify a pod address. Kubernetes will balance the load and serve it to a specific pod.

    If you wish to connect to MongoDB, using externalAccess.enabled, you should take a look at the Helm deployment notes that are shown when you deploy the chart. You can read them post-deployment by executing the helm get notes MY-RELEASE command.

    For instance, in my case, it shows this, though depending on the deployment options it would show something else:

    To connect to your database, create a MongoDB® client container:

    kubectl run --namespace default mbmongo-mongodb-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image docker.io/bitnami/mongodb:4.4.8-debian-10-r24 --command -- bash

Then, run the following command:
    mongo admin --host "mbmongo-mongodb-0.mbmongo-mongodb-headless.default.svc.cluster.local:27017,mbmongo-mongodb-1.mbmongo-mongodb-headless.default.svc.cluster.local:27017,mbmongo-mongodb-2.mbmongo-mongodb-headless.default.svc.cluster.local:27017" --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD

To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below:

    MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs.

        kubectl get nodes -o wide

    MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below:

        echo "$(kubectl get svc --namespace default -l "app.kubernetes.io/name=mongodb,app.kubernetes.io/instance=mbmongo,app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')"

    From the notes you can see this line:

    To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client

    That means that you do need to specify all primary/secondary node names, but not arbiters.

    As for replicaSetKey, it refers to the contents of the MongoDB keyFile to use for internal cluster replication, so it can happen in a secure manner. You can read more about it here.

    If you continue finding issues, I suggest you create an issue in the bitnami/charts repository.