Docs Menu

Docs HomeMongoDB Enterprise Kubernetes Operator

OpenShift Quick Start

On this page

Important

This section is for single Kubernetes cluster deployments only. For multi-Kubernetes-cluster deployments, see Multi-Kubernetes-Cluster Quick Start.

MongoDB Enterprise Kubernetes Operator uses the Kubernetes API and tools to manage MongoDB clusters. Kubernetes Operator works together with MongoDB Cloud Manager or Ops Manager. This tutorial demonstrates how to deploy and connect to your first replica set in Cloud Manager or Ops Manager from OpenShift with Kubernetes Operator.

This tutorial requires:

  • A running Cloud Manager or Ops Manager cluster.

1
git clone https://github.com/mongodb/mongodb-enterprise-kubernetes.git
2

By default, The Kubernetes Operator uses the mongodb namespace. To simplify your installation, consider creating a namespace labeled mongodb using the following kubectl command:

kubectl create namespace mongodb
3

If you have not already, run the following command to execute all kubectl commands in the namespace you created:

kubectl config set-context $(kubectl config current-context) --namespace=mongodb
4

If you use the Kubernetes Operator to deploy MongoDB resources to multiple namespaces or with a cluster-wide scope, create the secret only in the namespace where you intend to deploy the Kubernetes Operator. The Kubernetes Operator synchronizes the secret across all watched namespaces.

  1. If you have not already, obtain a Red Hat subscription.

  2. Create a Registry Service Account.

  3. Click on your Registry Service Account, then click the Docker Configuration tab.

  4. Download the <account-name>-auth.json file and open it in a text editor.

  5. Copy the registry.redhat.io object, and paste another instance of this object into the file. Remember to add a comma after the first object. Rename the second object registry.connect.redhat.com, then save the file:

    {
    "auths": {
    "registry.redhat.io": {
    "auth": "<encoded-string>"
    },
    "registry.connect.redhat.com": {
    "auth": "<encoded-string>"
    }
    }
    }
  6. Create an openshift-pull-secret.yaml file and add the contents of the modified <account-name>-auth.json file as stringData named .dockerconfigjson to the openshift-pull-secret.yaml secret file.

    apiVersion: v1
    kind: Secret
    metadata:
    name: openshift-pull-secret
    stringData:
    .dockerconfigjson: |
    {
    "auths": {
    "registry.redhat.io": {
    "auth": "<encoded-string>"
    },
    "registry.connect.redhat.com": {
    "auth": "<encoded-string>"
    }
    }
    }
    type: kubernetes.io/dockerconfigjson

    The value you provide in the metadata.name field contains the secret name. Provide this value when asked for the <openshift-pull-secret>.

  7. Create a secret from the openshift-pull-secret.yaml file in the same namespace in which you will deploy the Kubernetes Operator.

    oc apply -f openshift-pull-secret.yaml -n <metadata.namespace>
5
  1. Invoke the following oc command to install the CustomResourceDefinitions for MongoDB deployments:

    oc apply -f crds.yaml
  2. Add your <openshift-pull-secret> to the ServiceAccount definitions in the MongoDB Enterprise Kubernetes Operator YAML file.

    ---
    # Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: enterprise-operator
    namespace: mongodb
    imagePullSecrets:
    - name: <openshift-pull-secret>
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: mongodb-enterprise-appdb
    namespace: mongodb
    imagePullSecrets:
    - name: <openshift-pull-secret>
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: mongodb-enterprise-database-pods
    namespace: mongodb
    imagePullSecrets:
    - name: <openshift-pull-secret>
  3. Invoke the following oc command to install Kubernetes Operator:

    oc apply -f mongodb-enterprise-openshift.yaml
6

Run the following command:

Note

Provide your Public and Private Key values for the following parameters. To learn more, see Create Credentials for the Kubernetes Operator.

kubectl -n mongodb \
create secret generic ops-manager-admin-key \
--from-literal="publicKey=<publicKey>" \
--from-literal="privateKey=<privateKey>"
7
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: my-project
namespace: mongodb
data:
projectName: myProjectName # this is an optional parameter; when omitted, the Operator creates a project with the resource name
orgId: 5b890e0feacf0b76ff3e7183 # this is a required parameter
baseUrl: https://ops.example.com:8443
EOF
Key
Type
Description
Example
metadata.name
string

Name of the Kubernetes object.

Resource names must be 44 characters or less.

Tip

See also:

  • Kubernetes documentation on names. This name must follow RFC1123 naming conventions, using only lowercase alphanumeric characters, - or ., and must start and end with an alphanumeric character.

my-project
metadata.namespace
string
Kubernetes namespace where the Kubernetes Operator creates this MongoDB resource and other objects.
mongodb
data.projectName
string

Label for your Ops Manager Project.

The Kubernetes Operator creates the Ops Manager project if it does not exist. If you omit the projectName, the Kubernetes Operator creates a project with the same name as your Kubernetes resource.

To use an existing project in a Cloud Manager or Ops Manager organization, locate the projectName by clicking the All Clusters link at the top left of the Cloud Manager or Ops Manager page, and searching by name in the Search box, or scrolling to find the name in the list. Each card in this list represents the combination of one Cloud Manager or Ops Manager Organization and Project.

myProjectName
data.orgId
string

Required. 24 character hex string that uniquely identifies your Cloud Manager or Ops Manager Organization.

Important

  • You can use the Kubernetes Operator to deploy MongoDB resources with Cloud Manager and with Ops Manager version 5.0.x or later.

  • You can use the Atlas Operator to deploy MongoDB resources to Atlas.

Specify an existing Organization:

1

Click Settings in the left navigation bar.

2

Select your organization, view the current URL in your browser and copy the value displayed in the <orgId> placeholder as follows:

https://ops.example.com:8443/ v2#/org/<orgId>/projects

Note

You must have the Organization Project Creator role to create a new project within an existing Cloud Manager or Ops Manager organization.

If you provide an empty string as your orgId, Kubernetes Operator creates an organization with the same name as your project.

5b890e0feacf0b76ff3e7183
data.baseUrl
string

URL to your Ops Manager Application including the FQDN and port number.

Important

If you deploy Ops Manager with the Kubernetes Operator and Ops Manager will manage MongoDB database resources deployed outside of the Kubernetes cluster it's deployed to, you must set data.baseUrl to the same value of the spec.configuration.mms.centralUrl setting in the Ops Manager resource specification.

Note

If you're using Cloud Manager, set the data.baseUrl value to https://cloud.mongodb.com.

https://ops.example.com:8443
8
  1. Copy and save the following YAML file:

    apiVersion: mongodb.com/v1
    kind: MongoDB
    metadata:
    name: demo-mongodb-cluster-1
    namespace: mongodb
    spec:
    members: 3
    version: 4.4.5-ent
    type: ReplicaSet
    security:
    authentication:
    enabled: true
    modes: ["SCRAM"]
    cloudManager:
    configMapRef:
    name: my-project
    credentials: organization-secret
    persistent: true
    podSpec:
    podTemplate:
    spec:
    containers:
    - name: mongodb-enterprise-database
    resources:
    limits:
    cpu: 2
    memory: 1.5G
    requests:
    cpu: 1
    memory: 1G
    persistence:
    single:
    storage: 10Gi
  2. Run the following command:

    kubectl apply -f <replica-set-conf>.yaml
9

You can choose to use a cleartext password or a Base64-encoded password. Plaintext passwords use stringData.password and Base64-encoded passwords use data.password.

Note

Provide your values for the following parameters. To learn more, see the parameter descriptions.

For a cleartext password, create and save the following YAML file:

apiVersion: v1
kind: Secret
metadata:
name: mms-user-1-password
# corresponds to user.spec.passwordSecretKeyRef.name
type: Opaque
stringData:
password: <my-plain-text-password>
# corresponds to user.spec.passwordSecretKeyRef.key

For a Base64-encoded password, create and save the following YAML file:

apiVersion: v1
kind: Secret
metadata:
name: mms-user-1-password
# corresponds to user.spec.passwordSecretKeyRef.name
type: Opaque
data:
password: <base-64-encoded-password>
# corresponds to user.spec.passwordSecretKeyRef.key
10
  1. Copy and save the following MongoDB User Resource Specification file:

    apiVersion: mongodb.com/v1
    kind: MongoDBUser
    metadata:
    name: mms-scram-user-1
    spec:
    passwordSecretKeyRef:
    name: mms-user-1-password
    # Match to metadata.name of the User Secret
    key: password
    username: "mms-scram-user-1"
    db: "admin" #
    mongodbResourceRef:
    name: "demo-mongodb-cluster-1"
    # Match to MongoDB resource using authenticaiton
    roles:
    - db: "admin"
    name: "clusterAdmin"
    - db: "admin"
    name: "userAdminAnyDatabase"
    - db: "admin"
    name: "readWrite"
    - db: "admin"
    name: "userAdminAnyDatabase"
  2. Run the following command:

    kubectl apply -f <database-user-conf>.yaml
11

You can view the newly-created user in Cloud Manager or Ops Manager:

  1. From the Project's Deployment view, click the Security tab.

  2. Click the MongoDB Users nested tab.

12

Perform the following steps in the Cloud Manager application:

  1. Click Deployment in the left navigation.

  2. Click for the deployment to which you want to connect.

  3. Click Connect to this instance.

  4. Run the connection command in a terminal to connect to the deployment.

←  Openshift TutorialsDeploy in Restricted Networks →