Navigation

OpenShift Quick Start

On this page

MongoDB Enterprise Kubernetes Operator uses the Kubernetes API and tools to manage MongoDB clusters. Kubernetes Operator works together with MongoDB Cloud Manager or Ops Manager. This tutorial demonstrates how to deploy and connect to your first replica set in Cloud Manager or Ops Manager from OpenShift with Kubernetes Operator.

Prerequisites

This tutorial requires:

  • A running Cloud Manager or Ops Manager cluster.

Procedure

1

Clone the MongoDB Enterprise Kubernetes Operator repository.

git clone https://github.com/mongodb/mongodb-enterprise-kubernetes.git
2

Create a namespace for your Kubernetes deployment.

By default, The Kubernetes Operator uses the mongodb namespace. To simplify your installation, consider creating a namespace labeled mongodb using the following kubectl command:

kubectl create namespace mongodb
3

Configure kubectl to default to your namespace.

If you have not already, run the following command to execute all kubectl commands in the namespace you created:

kubectl config set-context $(kubectl config current-context) --namespace=mongodb
4

Create a secret that contains credentials authorized to pull images from the registry.connect.redhat.com repository.

If you use the Kubernetes Operator to deploy MongoDB resources to multiple namespaces or with a cluster-wide scope, create the secret only in the namespace where you intend to deploy the Kubernetes Operator. The Kubernetes Operator synchronizes the secret across all watched namespaces.

  1. If you have not already, obtain a Red Hat subscription.

  2. Create a Registry Service Account.

  3. Click on your Registry Service Account, then click the Docker Configuration tab.

  4. Download the <account-name>-auth.json file and open it in a text editor.

  5. Copy the registry.redhat.io object, and paste another instance of this object into the file. Remember to add a comma after the first object. Rename the second object registry.connect.redhat.com, then save the file:

    {
      "auths": {
        "registry.redhat.io": {
          "auth": "<encoded-string>"
        },
        "registry.connect.redhat.com": {
          "auth": "<encoded-string>"
        }
      }
    }
    
  6. Create an openshift-pull-secret.yaml file and add the contents of the modified <account-name>-auth.json file as stringData named .dockerconfigjson to the openshift-pull-secret.yaml secret file.

    apiVersion: v1
    kind: Secret
    metadata:
      name: openshift-pull-secret
    stringData:
      .dockerconfigjson: |
          {
            "auths": {
              "registry.redhat.io": {
                "auth": "<encoded-string>"
              },
              "registry.connect.redhat.com": {
                "auth": "<encoded-string>"
              }
            }
          }
    type: kubernetes.io/dockerconfigjson
    

    The value you provide in the metadata.name field contains the secret name. Provide this value when asked for the <openshift-pull-secret>.

  7. Create a secret from the openshift-pull-secret.yaml file in the same namespace in which you will deploy the Kubernetes Operator.

    oc apply -f openshift-pull-secret.yaml -n <metadata.namespace>
    
5

Install the MongoDB Enterprise Kubernetes Operator

  1. Invoke the following oc command to install the CustomResourceDefinitions for MongoDB deployments:

    oc apply -f crds.yaml
    
  2. Add your <openshift-pull-secret> to the ServiceAccount definitions in the MongoDB Enterprise Kubernetes Operator YAML file.

    ---
    # Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: enterprise-operator
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-appdb
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-database-pods
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
  3. Invoke the following oc command to install Kubernetes Operator:

    oc apply -f mongodb-enterprise-openshift.yaml
    
6

Create credentials and store them as a secret.

Run the following command:

Note

Provide your Public and Private Key values for the following parameters. To learn more, see Create Credentials for the Kubernetes Operator.

kubectl -n mongodb \
  create secret generic ops-manager-admin-key \
  --from-literal="publicKey=<publicKey>" \
  --from-literal="privateKey=<privateKey>"
7

Invoke the following command to create a ConfigMap.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: my-project
  namespace: mongodb
data:
  projectName: myProjectName # this is an optional parameter
  orgId: 5b890e0feacf0b76ff3e7183 # this is an optional parameter
  baseUrl: https://ops.example.com:8443

EOF
Key Type Description Example
metadata.name string

Name of the Kubernetes object.

Resource names must be 44 characters or less.

See also

  • Kubernetes documentation on names. This name must follow RFC1123 naming conventions, using only lowercase alphanumeric characters, - or ., and must start and end with an alphanumeric character.
my-project
metadata.namespace string Kubernetes namespace where the Kubernetes Operator creates this MongoDB Kubernetes resource and other objects. mongodb
data.projectName string

Label for your Ops Manager Project.

The Kubernetes Operator creates the Ops Manager project if it does not exist. If you omit the projectName, the Kubernetes Operator creates a project with the same name as your Kubernetes resource.

To use an existing project in a Cloud Manager or Ops Manager organization, locate the projectName by clicking the All Clusters link at the top left of the Cloud Manager or Ops Manager page, and searching by name in the Search box, or scrolling to find the name in the list. Each card in this list represents the combination of one Cloud Manager or Ops Manager Organization and Project.

myProjectName
data.orgId string

24 character hex string that uniquely identifies your Cloud Manager or Ops Manager Organization.

Important

  • You can use the Kubernetes Operator to deploy MongoDB resources with Cloud Manager and with Ops Manager version 4.4.x or later.
  • You can use the Atlas Operator to deploy MongoDB resources to Atlas.

Depending on your Kubernetes Operator credentials, this field is:

You must specify an existing Organization.

1

Find the organization’s ID.

Click Settings in the left navigation bar.

2

Copy and paste the orgId into the URL.

Select your organization, view the current URL in your browser and copy the value displayed in the <orgId> placeholder as follows:

https://ops.example.com:8443/ v2#/org/<orgId>/projects

If specified, the Kubernetes Operator links to the organization.

To find the orgID of your organization:

1

Find the organization’s ID.

Click Settings in the left navigation bar.

2

Copy and paste the orgId into the URL.

Select your organization, view the current URL in your browser and copy the value displayed in the <orgId> placeholder as follows:

https://ops.example.com:8443/ v2#/org/<orgId>/projects

If omitted, Ops Manager creates an organization called projectName that contains a project also called projectName.

You must have the Organization Project Creator role to create a new project within an existing Cloud Manager or Ops Manager organization.

5b890e0feacf0b76ff3e7183
data.baseUrl string

URL to your Ops Manager Application including the FQDN and port number.

Important

If you deploy Ops Manager with the Kubernetes Operator and Ops Manager will manage MongoDB database resources deployed outside of the Kubernetes cluster it’s deployed to, you must set data.baseUrl to the same value of the spec.configuration.mms.centralUrl setting in the Ops Manager resource specification.

Note

If you’re using Cloud Manager, set the data.baseUrl value to https://cloud.mongodb.com.

https://ops.example.com:8443
8

Deploy the replica set resource.

  1. Copy and save the following YAML file:

    apiVersion: mongodb.com/v1
    kind: MongoDB
    metadata:
      name: demo-mongodb-cluster-1
      namespace: mongodb
    spec:
      members: 3
      version: 4.4.5-ent
      type: ReplicaSet
      authentication:
        enabled: true
        modes: ["SHA"]
      cloudManager:
        configMapRef:
          name: myproject
      credentials: organization-secret
      persistent: true
      podSpec:
        podTemplate:
          spec:
           containers:
            - name: mongodb-enterprise-database
              resources:
                limits:
                  cpu: 2
                  memory: 1.5G
                requests:
                  cpu: 1
                  memory: 1G
                persistence:
                  single:
                    storage: 10Gi
    
  2. Run the following command:

    kubectl apply -f <replica-set-conf>.yaml
    
9

Create a secret with your database user password

You can choose to use a cleartext password or a Base64-encoded password. Plaintext passwords use stringData.password and Base64-encoded passwords use data.password.

Note

Provide your values for the following parameters. To learn more, see the parameter descriptions.

For a cleartext password, create and save the following YAML file:

apiVersion: v1
kind: Secret
metadata:
  name: mms-user-1-password
  # corresponds to user.spec.passwordSecretKeyRef.name
type: Opaque
stringData:
  password: <my-plain-text-password>
  # corresponds to user.spec.passwordSecretKeyRef.key

For a Base64-encoded password, create and save the following YAML file:

apiVersion: v1
kind: Secret
metadata:
  name: mms-user-1-password
  # corresponds to user.spec.passwordSecretKeyRef.name
type: Opaque
data:
  password: <base-64-encoded-password>
  # corresponds to user.spec.passwordSecretKeyRef.key
10

Create a database user.

  1. Copy and save the following YAML file:

    apiVersion: mongodb.com/v1
    kind: MongoDBUser
    metadata:
      name: mms-scram-user-1
    spec:
      passwordSecretKeyRef:
        name: mms-user-1-password
        # Match to metadata.name of the User Secret
        key: password
      username: "mms-scram-user-1"
      db: "admin" #
      mongodbResourceRef:
        name: "demo-mongodb-cluster-1"
        # Match to MongoDB resource using authenticaiton
      roles:
      - db: "admin"
        name: "clusterAdmin"
      - db: "admin"
        name: "userAdminAnyDatabase"
      - db: "admin"
        name: "readWrite"
      - db: "admin"
        name: "userAdminAnyDatabase"
    
  2. Run the following command:

    kubectl apply -f <database-user-conf>.yaml
    
11

Optional: View the newly created user in Cloud Manager or Ops Manager.

You can view the newly-created user in Cloud Manager or Ops Manager:

  1. From the Project’s Deployment view, click the Security tab.
  2. Click the MongoDB Users nested tab.
12

Connect to the replica set.

Perform the following steps in the Cloud Manager application:

  1. Click Deployment in the left navigation.
  2. Click ellipsis icon for the deployment to which you want to connect.
  3. Click Connect to this instance.
  4. Run the connection command in a terminal to connect to the deployment.