• Deploy and Configure MongoDB Database Resources >
• Configure the Kubernetes Operator for MongoDB Database Resources >
• Create One Project using a ConfigMap

Create One Project using a ConfigMap

The MongoDB Enterprise Kubernetes Operator uses a Kubernetes ConfigMap to create or link your Ops Manager Project. To create a Kubernetes Operator ConfigMap, you can edit a few lines of the example ConfigMap YAML file and apply the ConfigMap. To view a full example, see the project.yaml file.

Alternatively, you can use the MongoDB Cloud Manager UI or the Ops Manager UI to automatically generate the ConfigMap YAML file, which you can then apply to your Kubernetes environment.

Considerations

You can only deploy one MongoDB resource per project. See Deploy a MongoDB Database Resource.

Important

• You can use the Kubernetes Operator to deploy MongoDB resources with Cloud Manager and with Ops Manager version 5.0.x or later.
• You can use the Atlas Operator to deploy MongoDB resources to Atlas.

Prerequisites

• Kubernetes version 1.11 or later or Openshift version 3.11 or later.
• MongoDB Enterprise Kubernetes Operator version 0.11 or later installed.

Create One Project Using a ConfigMap

1

Configure kubectl to default to your namespace.

If you have not already, run the following command to execute all kubectl commands in the namespace you created:

copy

kubectl config set-context $(kubectl config current-context) --namespace=<metadata.namespace>

2

Invoke the following command to create a ConfigMap.

copy

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: my-project
  namespace: mongodb
data:
  projectName: myProjectName # this is an optional parameter
  orgId: 5b890e0feacf0b76ff3e7183 # this is an optional parameter
  baseUrl: https://ops.example.com:8443

EOF

Key	Type	Description	Example
metadata.name	string	Name of the Kubernetes object. Resource names must be 44 characters or less. See also Kubernetes documentation on names. This name must follow RFC1123 naming conventions, using only lowercase alphanumeric characters, - or ., and must start and end with an alphanumeric character.	my-project
metadata.namespace	string	Kubernetes namespace where the Kubernetes Operator creates this MongoDB Kubernetes resource and other objects.	mongodb
data.projectName	string	Label for your Ops Manager Project. The Kubernetes Operator creates the Ops Manager project if it does not exist. If you omit the projectName, the Kubernetes Operator creates a project with the same name as your Kubernetes resource. To use an existing project in a Cloud Manager or Ops Manager organization, locate the projectName by clicking the All Clusters link at the top left of the Cloud Manager or Ops Manager page, and searching by name in the Search box, or scrolling to find the name in the list. Each card in this list represents the combination of one Cloud Manager or Ops Manager Organization and Project.	myProjectName
data.orgId	string	24 character hex string that uniquely identifies your Cloud Manager or Ops Manager Organization. Important You can use the Kubernetes Operator to deploy MongoDB resources with Cloud Manager and with Ops Manager version 5.0.x or later. You can use the Atlas Operator to deploy MongoDB resources to Atlas. Depending on your Kubernetes Operator credentials, this field is: Required for Global Programmatic API Keys. Optional for Organization Programmatic API Keys. Global API Keys Organization API Keys You must specify an existing Organization. 1 Find the organization’s ID. Click Settings in the left navigation bar. 2 Copy and paste the orgId into the URL. Select your organization, view the current URL in your browser and copy the value displayed in the <orgId> placeholder as follows: https://ops.example.com:8443/ v2#/org/<orgId>/projects If specified, the Kubernetes Operator links to the organization. To find the orgID of your organization: 1 Find the organization’s ID. Click Settings in the left navigation bar. 2 Copy and paste the orgId into the URL. Select your organization, view the current URL in your browser and copy the value displayed in the <orgId> placeholder as follows: https://ops.example.com:8443/ v2#/org/<orgId>/projects If omitted, Ops Manager creates an organization called projectName that contains a project also called projectName. You must have the Organization Project Creator role to create a new project within an existing Cloud Manager or Ops Manager organization.	5b890e0feacf0b76ff3e7183
data.baseUrl	string	URL to your Ops Manager Application including the FQDN and port number. Important If you deploy Ops Manager with the Kubernetes Operator and Ops Manager will manage MongoDB database resources deployed outside of the Kubernetes cluster it’s deployed to, you must set data.baseUrl to the same value of the spec.configuration.mms.centralUrl setting in the Ops Manager resource specification. See also Managing External MongoDB Deployments Note If you’re using Cloud Manager, set the data.baseUrl value to https://cloud.mongodb.com.	https://ops.example.com:8443

3

Invoke the following Kubernetes command to verify your ConfigMap.

copy

kubectl describe configmaps <configmap-name>

This command returns a ConfigMap description in the shell:

copy

Name:           <configmap-name>
Namespace:      <namespace>
Labels:         <none>
Annotations:    <none>

Data
====
baseUrl:
----
<myOpsManagerURL>
Events:  <none>

Connect to HTTPS-enabled Ops Manager Using a Custom CA

You might have chosen to use your own TLS certificate to enable HTTPS for your Ops Manager instance. If you used a custom certificate, you need to add the CA that signed that custom certificate to the Kubernetes Operator. To add your custom CA, complete the following:

1

Create a ConfigMap for the Certificate Authority certificate.

The Kubernetes Operator requires the root CA certificate of the Certificate Authority that issued the Ops Manager host’s certificate. Run the following command to create a ConfigMap containing the root CA certificate in the same namespace of your database pods:

copy

kubectl -n <metadata.namespace> create configmap <root-ca-configmap-name> \
  --from-file=mms-ca.crt

Important

The Kubernetes Operator requires that the certificate is named mms-ca.crt in the ConfigMap.

2

Copy the highlighted section of the following example ConfigMap.

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: <my-configmap>
  namespace: <my-namespace>
data:
  projectName: <my-ops-manager-project-name>
  orgId: <org-id> # Optional
  baseUrl: https://<my-ops-manager-URL>

copy

  sslMMSCAConfigMap: <root-ca-configmap-name>
  sslRequireValidMMSServerCertificates: ‘true’
...

3

Add the highlighted section to your project’s ConfigMap.

1. Invoke the following command to edit your project’s ConfigMap in the default configured editor:

   copy

   kubectl edit configmaps <my-configmap> -n <metadata.namespace>
   

2. Paste the highlighted section in the example ConfigMap at the end of the project ConfigMap.

4

Specify the TLS settings

Change the following TLS keys:

Key	Type	Description	Example
sslMMSCAConfigMap	string	Name of the ConfigMap created in the first step containing the root CA certificate used to sign the Ops Manager host’s certificate. This mounts the CA certificate to the Kubernetes Operator and database resources.	my-root-ca
sslRequireValidMMSServerCertificates	boolean	Forces the Operator to require a valid TLS certificate from Ops Manager. Important The value must be enclosed in single quotes or the operator will throw an error.	'true'

5

Save your updated ConfigMap.

6

Invoke the Kubernetes command to verify your ConfigMap.

copy

kubectl describe configmaps <my-configmap> -n <metadata.namespace>

Always include the namespace option with kubectl

kubectl defaults to an empty namespace if you do not specify the -n option, resulting in deployment failures. The Kubernetes Operator, secret, and MongoDB Kubernetes resources should run in the same unique namespace.

This command returns a ConfigMap description in the shell:

copy

Name:           <my-configmap>
Namespace:      <namespace>
Labels:         <none>
Annotations:    <none>

Data
====
sslMMSCAConfigMap:
----
<root-ca-configmap-name>
sslRequireValidMMSServerCertificates:
----
true
Events:  <none>

Next Steps

Now that you created your ConfigMap, Create Credentials for the Kubernetes Operator before you start deploying MongoDB resources.

←   Create Credentials for the Kubernetes Operator Generate X.509 Client Certificates  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.