{"id":49453988,"url":"https://github.com/keiailab/mongodb-operator","last_synced_at":"2026-06-11T01:01:33.948Z","repository":{"id":330276229,"uuid":"1122182375","full_name":"KeiaiLab/mongodb-operator","owner":"KeiaiLab","description":"Kubernetes Operator for MongoDB — ReplicaSet, Sharded Cluster, Backup/PITR, TLS, LDAP, Monitoring. MIT licensed.","archived":false,"fork":false,"pushed_at":"2026-06-10T09:49:08.000Z","size":5617,"stargazers_count":2,"open_issues_count":2,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-10T11:22:13.614Z","etag":null,"topics":["artifacthub","backup","cloud-native","database","devops","ghcr","gitops","golang","helm-chart","kubernetes","kubernetes-operator","mit","mongodb","mongodb-operator","oci","olm","operator","replicaset","sharding"],"latest_commit_sha":null,"homepage":"https://artifacthub.io/packages/helm/keiailab-mongodb-operator/mongodb-operator","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KeiaiLab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":"docs/support.md","governance":"docs/governance.md","roadmap":"docs/roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"docs/maintainers.md","copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"github":["keiailab"]}},"created_at":"2025-12-24T08:35:35.000Z","updated_at":"2026-06-10T09:49:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"c0c2c9b7-655a-47c5-830e-5c132a2ea93c","html_url":"https://github.com/KeiaiLab/mongodb-operator","commit_stats":null,"previous_names":["eightynine01/mongodb-operator","keiailab/mongodb-operator"],"tags_count":58,"template":false,"template_full_name":null,"purl":"pkg:github/KeiaiLab/mongodb-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeiaiLab%2Fmongodb-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeiaiLab%2Fmongodb-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeiaiLab%2Fmongodb-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeiaiLab%2Fmongodb-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KeiaiLab","download_url":"https://codeload.github.com/KeiaiLab/mongodb-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KeiaiLab%2Fmongodb-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34177444,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["artifacthub","backup","cloud-native","database","devops","ghcr","gitops","golang","helm-chart","kubernetes","kubernetes-operator","mit","mongodb","mongodb-operator","oci","olm","operator","replicaset","sharding"],"created_at":"2026-04-30T04:02:15.953Z","updated_at":"2026-06-11T01:01:33.916Z","avatar_url":"https://github.com/KeiaiLab.png","language":"Go","funding_links":["https://github.com/sponsors/keiailab"],"categories":[],"sub_categories":[],"readme":"# mongodb-operator\n\nA Kubernetes operator for running MongoDB on Kubernetes. It manages the lifecycle\nof MongoDB replica sets and sharded clusters through Custom Resources — bootstrapping\nthe cluster, creating the admin user, wiring up TLS and metrics, and reconciling\nthe desired topology.\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n[![Go](https://img.shields.io/badge/Go-1.26-00ADD8?logo=go)](go.mod)\n[![MongoDB](https://img.shields.io/badge/MongoDB-8.0%20|%208.2%20|%208.3-47A248?logo=mongodb)](#supported-mongodb-versions)\n[![Kubernetes](https://img.shields.io/badge/Kubernetes-1.26+-326CE5?logo=kubernetes)](#requirements)\n\nThe operator does not bundle or redistribute MongoDB. It pulls the official\n`mongo` community images at runtime and orchestrates them; you remain responsible\nfor complying with MongoDB's [SSPL](https://www.mongodb.com/licensing/server-side-public-license)\nlicense terms.\n\n## Features\n\n- **Replica sets** — declare a `MongoDB` resource and the operator creates the\n  StatefulSet, headless and client Services, keyfile, runs `rs.initiate()`, waits\n  for primary election, and creates the admin user via the localhost exception.\n- **Sharded clusters** — a `MongoDBSharded` resource brings up config servers,\n  shard replica sets, and mongos routers, initiates each replica set, and registers\n  the shards. Increasing `spec.shards.count` adds and registers new shards.\n- **TLS** — optional cert-manager integration for in-transit encryption.\n- **Authentication** — SCRAM-SHA-256 with admin credentials sourced from a Secret.\n- **Metrics** — Prometheus metrics, an optional `ServiceMonitor`, and\n  `PrometheusRule` alerts.\n- **High availability** — opt-in `PodDisruptionBudget` and `NetworkPolicy`\n  (deny-by-default) generation.\n- **Backups** — a `MongoDBBackup` resource targeting S3-compatible or PVC storage.\n  See [Status](#status) for current limitations.\n\n## Requirements\n\n- Kubernetes 1.26+\n- For TLS: [cert-manager](https://cert-manager.io/)\n- For metrics scraping: a Prometheus stack that understands `ServiceMonitor`\n  (e.g. kube-prometheus-stack)\n\n## Installation\n\n### Helm\n\n```bash\nhelm repo add mongodb-operator https://keiailab.github.io/mongodb-operator\nhelm repo update\n\nhelm install mongodb-operator mongodb-operator/mongodb-operator \\\n  --namespace mongodb-operator-system --create-namespace\n```\n\nThe replica-set and sharded controllers are enabled by default. The backup,\nautoscaling, and webhook controllers are gated and off by default — enable them\nvia `--set features.backup.enabled=true`, `--set features.autoscaling.enabled=true`,\nor `--set webhook.enabled=true` (the webhook requires cert-manager).\n\n### From source\n\n```bash\nmake install   # install CRDs into the current kube context\nmake deploy IMG=\u003cyour-registry\u003e/mongodb-operator:\u003ctag\u003e\n```\n\n## Usage\n\n### Replica set\n\n```yaml\napiVersion: mongodb.keiailab.com/v1beta1\nkind: MongoDB\nmetadata:\n  name: my-mongodb\n  namespace: database\nspec:\n  members: 3\n  version:\n    version: \"8.0.5\"\n  storage:\n    storageClassName: standard\n    size: 10Gi\n  auth:\n    mechanism: SCRAM-SHA-256\n    adminCredentialsSecretRef:\n      name: mongodb-admin\n  monitoring:\n    enabled: true\n```\n\n```bash\nkubectl create namespace database\nkubectl create secret generic mongodb-admin \\\n  --from-literal=username=admin \\\n  --from-literal=password=change-me \\\n  -n database\nkubectl apply -f my-mongodb.yaml\n```\n\n### Sharded cluster\n\n```yaml\napiVersion: mongodb.keiailab.com/v1beta1\nkind: MongoDBSharded\nmetadata:\n  name: my-sharded\n  namespace: database\nspec:\n  version:\n    version: \"8.0.5\"\n  configServer:\n    members: 3\n    storage:\n      size: 5Gi\n  shards:\n    count: 2\n    membersPerShard: 3\n    storage:\n      size: 50Gi\n  mongos:\n    replicas: 2\n```\n\nTo add shards, raise the count — the operator brings up the new shard's replica\nset and runs `sh.addShard()`, after which MongoDB's balancer migrates chunks:\n\n```bash\nkubectl patch mongodbsharded my-sharded --type=merge \\\n  -p '{\"spec\":{\"shards\":{\"count\":3}}}'\n```\n\nMore examples — minimal, production, GitOps, monitoring, backups — live in\n[`examples/`](examples/), and runnable samples in [`config/samples/`](config/samples/).\n\n\u003e The CRDs are served at both `v1alpha1` and `v1beta1`; `v1beta1` is the storage\n\u003e version. New manifests should use `v1beta1`.\n\n## Supported MongoDB versions\n\nMongoDB 8.0, 8.2, and 8.3 (even-numbered stable releases on the 8.x line). The\nadmission webhook also enforces single-minor-step upgrades (e.g. 8.0 → 8.2, not\n8.0 → 8.3). Version support is enforced by `IsSupportedMongoDBVersion`; see\n`api/v1beta1/version_validation_test.go`.\n\n## Status\n\nWhat is wired into the manager and exercised by tests:\n\n| Capability | State |\n|---|---|\n| Replica set lifecycle (initiate, admin bootstrap, TLS, metrics) | Stable, on by default |\n| Sharded cluster lifecycle + shard scale-out | On by default; scale-out covered by unit tests, soak-test before relying on it for production |\n| Backups to S3 / PVC | Gated off by default — no automated test coverage and credentials are not yet handled safely; treat as experimental |\n| HPA for mongos | Gated off by default — experimental |\n| Validating admission webhooks | Gated off by default — requires cert-manager |\n\nReplica-set member removal is not automated: scaling down only reduces\nStatefulSet replicas without calling `rs.remove()`, so remove members manually.\n\n## Roadmap\n\nThe repository also contains CRDs and reconcile loops that are scaffolding for\nfuture work — they watch their resources and update status, but do not yet perform\ntheir real external integrations, and are off by default:\n\n- Point-in-time recovery (oplog upload)\n- Cross-cluster federation (`MongoDBFederation`, `MongoDBClusterGroup`)\n- Query insights / advisories (`MongoDBInsights`)\n- Encryption-at-rest via external KMS (Vault, AWS, GCP, Azure)\n- LDAP authentication\n\n## Development\n\n```bash\nmake build       # build the manager binary\nmake test-unit   # unit tests (no cluster required)\nmake test        # full suite, requires envtest binaries\nmake run         # run the controller against the current kube context\nmake lint        # go vet + staticcheck + golangci-lint\n```\n\n## Contributing\n\nContributions are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md); commits must\ncarry a `Signed-off-by` trailer ([DCO](https://developercertificate.org/)).\n\n## License\n\n[MIT](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeiailab%2Fmongodb-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkeiailab%2Fmongodb-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkeiailab%2Fmongodb-operator/lists"}