• Install and Configure the Kubernetes Operator >
• Install the MongoDB Enterprise Kubernetes Operator

Install the MongoDB Enterprise Kubernetes Operator

Prerequisites and Considerations

Before you install the Kubernetes Operator, make sure you plan for your installation:

• Choose a deployment topology.
• Read the Considerations.
• Complete the Prerequisites.

Note

This tutorial presumes some knowledge of Kubernetes, but does link to relevant Kubernetes documentation where possible. If you are unfamiliar with Kubernetes, please review that documentation first.

Procedure

The install procedure varies based on how you want to configure your environment:

• Kubernetes
• OpenShift

• Online using kubectl
• Online using Helm
• Offline using Helm and Docker

Use the same namespace throughout

The following examples assume that you created a namespace using the default Kubernetes Operator namespace of mongodb. If you specified a different label for your namespace when you created it, change all values for metadata.namespace to that namespace.

To change the label for the namespace for the following deployment to production, edit all values for metadata.namespace in mongodb-enterprise.yaml:

copy

##---
# Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: mongodb-enterprise-operator
  namespace: production
##---
# Source: mongodb-enterprise-operator/templates/operator.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongodb-enterprise-operator
  namespace: production

---
# Example truncated
---
...

1

Change to the directory in which you cloned the repository.

2

Install the CustomResourceDefinitions for MongoDB deployments using the following kubectl command:

copy

kubectl apply -f crds.yaml

3

You can edit the Operator YAML file to further customize your Operator before installing it.

1. Open your mongodb-enterprise.yaml in your preferred text editor.

2. You may need to add one or more of the following options:

   Environment Variable	When to Use
   OPERATOR_ENV	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If OPERATOR_ENV is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: OPERATOR_ENV spec.template.spec.containers.name.env.value: prod Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPERATOR_ENV value: prod
   WATCH_NAMESPACE	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: WATCH_NAMESPACE spec.template.spec.containers.name.env.value: "<testNamespace>" Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: WATCH_NAMESPACE value: "<testNamespace>"
   MONGODB_ENTERPRISE_DATABASE_IMAGE	URL of the MongoDB Enterprise Database image the Kubernetes Operator deploys. Default value is quay.io/mongodb/mongodb-enterprise-database. copy spec.template.spec.containers.name.env.name: MONGODB_ENTERPRISE_DATABASE_IMAGE spec.template.spec.containers.name.env.value: quay.io/mongodb/mongodb-enterprise-database Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MONGODB_ENTERPRISE_DATABASE_IMAGE value: quay.io/mongodb/mongodb-enterprise-database - name: IMAGE_PULL_POLICY value: Always
   IMAGE_PULL_POLICY	Pull policy for the MongoDB Enterprise database image the Kubernetes Operator deploys. Accepted values are Always, IfNotPresent, Never. Default value is Always. copy spec.template.spec.containers.name.env.name: IMAGE_PULL_POLICY spec.template.spec.containers.name.env.value: <policy> Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MONGODB_ENTERPRISE_DATABASE_IMAGE value: quay.io/mongodb/mongodb-enterprise-database - name: IMAGE_PULL_POLICY value: Always
   OPS_MANAGER_IMAGE_REPOSITORY	URL of the repository from which the image for an Ops Manager resource is downloaded. Default value is quay.io/mongodb/mongodb-enterprise-ops-manager. copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: quay.io/mongodb/mongodb-enterprise-ops-manager Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   OPS_MANAGER_IMAGE_PULL_POLICY	Pull policy for the Ops Manager images the Kubernetes Operator deploys. Accepted values are: Always, IfNotPresent, Never. Default value is Always. copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_PULL_POLICY spec.template.spec.containers.name.env.value: <policy> Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   INIT_OPS_MANAGER_IMAGE_REPOSITORY	URL of the repository from which the initContainer image that contains Ops Manager start-up scripts and the readiness probe is downloaded. Default value is quay.io/mongodb/mongodb-enterprise-ops-manager-init. copy spec.template.spec.containers.name.env.name: INIT_OPS_MANAGER_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: quay.io/mongodb/mongodb-enterprise-ops-manager-init Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager-init
   INIT_OPS_MANAGER_VERSION	Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe. Default value is 1.0.1. copy spec.template.spec.containers.name.env.name: INIT_OPS_MANAGER_VERSION spec.template.spec.containers.name.env.value: 1.0.1 Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_OPS_MANAGER_VERSION value: 1.0.1
   APPDB_IMAGE_REPOSITORY	URL of the repository from which the Application Database image is downloaded. Default value is quay.io/mongodb/mongodb-enterprise-appdb. copy spec.template.spec.containers.name.env.name: APPDB_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: quay.io/mongodb/mongodb-enterprise-appdb Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: APPDB_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-appdb
   INIT_APPDB_IMAGE_REPOSITORY	URL of the repository from which the initContainer image that contains Application Database start-up scripts and the readiness probe is downloaded. Default value is quay.io/mongodb/mongodb-enterprise-appdb-init. copy spec.template.spec.containers.name.env.name: INIT_APPDB_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: quay.io/mongodb/mongodb-enterprise-init-appdb Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_APPDB_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-appdb
   INIT_APPDB_VERSION	Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe. Default value is 1.0.2. copy spec.template.spec.containers.name.env.name: INIT_APPDB_VERSION spec.template.spec.containers.name.env.value: 1.0.2 Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_APPDB_VERSION value: 1.0.2
   MANAGED_SECURITY_CONTEXT	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Set this field to true if you want to run the Kubernetes Operator in OpenShift or in a restrictive environment. Default value is false. copy spec.template.spec.containers.name.env.name: MANAGED_SECURITY_CONTEXT spec.template.spec.containers.name.env.value: false Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MANAGED_SECURITY_CONTEXT value: true

4

Install the Kubernetes Operator using the following kubectl command:

copy

kubectl apply -f mongodb-enterprise.yaml

You can install the Kubernetes Operator with Helm 3.

1

Change to the directory in which you cloned the repository.

2

Install the Kubernetes Operator using the following helm command:

Invoke the following helm command:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values.yaml file:

Setting	Purpose	Default
namespace	To use a different namespace, specify that namespace. copy # Name of the Namespace to use namespace: mongodb	mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Set this field to true if your cluster manages the securityContext for your Kubernetes resources. Example copy # Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false	false
operator .env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. copy operator: # Execution environment for the operator, dev or prod. # Use dev for more verbose logging env: prod	prod
operator .watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. copy operator: watchNamespace: * Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.	<metadata.namespace>
operator .watchedResources	Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are: Value Description mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources. mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources. opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources. copy operator: watchedResources: - mongodbusers - mongodb - opsmanagers	mongodbusers mongodb opsmanagers
registry .appDb	Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. copy registry: appDb: quay.io/mongodb
registry .initAppDb	Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database. Specify this value if you want to pull the Application Database initContainer image from a private repository. Example copy registry: initAppDb: quay.io/mongodb
registry .initOpsManager	Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager. Specify this value if you want to pull the Ops Manager initContainer image from a private repository. Example copy registry: initOpsManager: quay.io/mongodb
registry .operator	Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example copy registry: operator: quay.io/mongodb
registry .opsManager	Repository from which the Ops Manager image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example copy registry: opsManager: quay.io/mongodb

Note

Alternatively, you can pass these values as options when you apply the Helm Chart:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values.yaml \
     --set namespace=<testNamespace>

You can install the Kubernetes Operator with Helm 3.

To install the Kubernetes Operator on a host not connected to the Internet:

1

Use docker to request the files on a host connected to the Internet.

copy

docker pull quay.io/mongodb/mongodb-enterprise-operator:<op-version>; \
docker pull quay.io/mongodb/mongodb-enterprise-database:<db-version>; \
docker pull quay.io/mongodb/mongodb-enterprise-ops-manager:<om-version>; \
docker pull quay.io/mongodb/mongodb-enterprise-appdb:latest; \
docker pull quay.io/mongodb/mongodb-enterprise-ops-manager-init:1.0.1; \
docker pull quay.io/mongodb/mongodb-enterprise-init-appdb:1.0.2

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.
• <db-version> with the MongoDB Enterprise database version you’re installing.

2

Export the Kubernetes Operator images as .tar archive files:

copy

docker save quay.io/mongodb/mongodb-enterprise-operator:<op-version> -o mongodb-enterprise-operator.tar; \
docker save quay.io/mongodb/mongodb-enterprise-database:<db-version> -o mongodb-enterprise-database.tar; \
docker save quay.io/mongodb/mongodb-enterprise-ops-manager:<om-version> -o mongodb-enterprise-ops-manager.tar; \
docker save quay.io/mongodb/mongodb-enterprise-appdb:latest -o mongodb-enterprise-appdb.tar; \
docker save quay.io/mongodb/mongodb-enterprise-ops-manager-init:1.0.1 -o mongodb-enterprise-ops-manager-init.tar; \
docker save quay.io/mongodb/mongodb-enterprise-init-appdb:1.0.2 -o mongodb-enterprise-init-appdb.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.
• <db-version> with the MongoDB Enterprise database version you’re installing.

3

Copy these .tar files to the host running the Kubernetes docker daemon.

4

Import the .tar files into docker.

copy

docker load -i mongodb-enterprise-operator.tar; \
docker load -i mongodb-enterprise-database.tar; \
docker load -i mongodb-enterprise-ops-manager.tar; \
docker load -i mongodb-enterprise-appdb.tar; \
docker load -i mongodb-enterprise-ops-manager-init.tar
docker load -i mongodb-enterprise-init-appdb.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.
• <db-version> with the MongoDB Enterprise database version you’re installing.

5

Install the Kubernetes Operator with modified pull policy values using the following helm command:

Invoke the following helm command:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values.yaml \
     --set registry.pullPolicy=IfNotPresent

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values.yaml file:

Setting	Purpose	Default
namespace	To use a different namespace, specify that namespace. copy # Name of the Namespace to use namespace: mongodb	mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Set this field to true if your cluster manages the securityContext for your Kubernetes resources. Example copy # Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false	false
operator .env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. copy operator: # Execution environment for the operator, dev or prod. # Use dev for more verbose logging env: prod	prod
operator .watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. copy operator: watchNamespace: * Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.	<metadata.namespace>
operator .watchedResources	Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are: Value Description mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources. mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources. opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources. copy operator: watchedResources: - mongodbusers - mongodb - opsmanagers	mongodbusers mongodb opsmanagers
registry .appDb	Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. copy registry: appDb: quay.io/mongodb
registry .initAppDb	Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database. Specify this value if you want to pull the Application Database initContainer image from a private repository. Example copy registry: initAppDb: quay.io/mongodb
registry .initOpsManager	Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager. Specify this value if you want to pull the Ops Manager initContainer image from a private repository. Example copy registry: initOpsManager: quay.io/mongodb
registry .operator	Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example copy registry: operator: quay.io/mongodb
registry .opsManager	Repository from which the Ops Manager image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example copy registry: opsManager: quay.io/mongodb

Note

Alternatively, you can pass these values as options when you apply the Helm Chart:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set namespace=<testNamespace>

• Online using oc
• Online using Helm
• Offline using Helm and Docker

Use the same namespace throughout

The following examples assume that you created a namespace using the default Kubernetes Operator namespace of mongodb. If you specified a different label for your namespace when you created it, change all values for metadata.namespace to that namespace.

To change the label for the namespace for the following deployment to production, edit all values for metadata.namespace in mongodb-enterprise-openshift.yaml:

copy

##---
# Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: enterprise-operator
  namespace: production
##---
# Source: mongodb-enterprise-operator/templates/operator.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: enterprise-operator
  namespace: production

---
# Example truncated
---
...

1

Change to the directory in which you cloned the repository.

2

Install the CustomResourceDefinitions for MongoDB deployments.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

copy

spec:
  subresources:
    status: {}

Invoke the following oc command:

copy

oc apply -f crds.yaml

3

You can edit the Operator YAML file to further customize your Operator before installing it.

1. Open your mongodb-enterprise-openshift.yaml in your preferred text editor.

2. You must add your <openshift-pull-secret> to the ServiceAccount definitions:

   copy

   ---
   # Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: enterprise-operator
   
     namespace: mongodb
   
   imagePullSecrets:
    - name: <openshift-pull-secret>
   
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: mongodb-enterprise-appdb
   
     namespace: mongodb
   
   imagePullSecrets:
    - name: <openshift-pull-secret>
   
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: mongodb-enterprise-database-pods
   
     namespace: mongodb
   
   imagePullSecrets:
    - name: <openshift-pull-secret>
   

3. You may need to add one or more of the following options:

   Environment Variable	Purpose
   OPERATOR_ENV	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If OPERATOR_ENV is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: OPERATOR_ENV spec.template.spec.containers.name.env.value: prod Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPERATOR_ENV value: prod
   WATCH_NAMESPACE	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: WATCH_NAMESPACE spec.template.spec.containers.name.env.value: "<testNamespace>" Example copy spec: template: spec: serviceAccountName: enterprise-operator containers: - name: enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: WATCH_NAMESPACE value: "<testNamespace>"
   MONGODB_ENTERPRISE_DATABASE_IMAGE	URL of the MongoDB Enterprise Database image the Kubernetes Operator deploys. Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-database. copy spec.template.spec.containers.name.env.name: MONGODB_ENTERPRISE_DATABASE_IMAGE spec.template.spec.containers.name.env.value: registry.connect.redhat.com/mongodb/mongodb-enterprise-database Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MONGODB_ENTERPRISE_DATABASE_IMAGE value: registry.connect.redhat.com/mongodb/mongodb-enterprise-database - name: IMAGE_PULL_POLICY value: Always
   IMAGE_PULL_POLICY	Pull policy for the MongoDB Enterprise database image the Kubernetes Operator deploys. Accepted values are Always, IfNotPresent, Never. Default value is Always. copy spec.template.spec.containers.name.env.name: IMAGE_PULL_POLICY spec.template.spec.containers.name.env.value: <policy> Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MONGODB_ENTERPRISE_DATABASE_IMAGE value: registry.connect.redhat.com/mongodb/mongodb-enterprise-database - name: IMAGE_PULL_POLICY value: Always
   OPS_MANAGER_IMAGE_REPOSITORY	URL of the repository from which the image for an Ops Manager resource is downloaded. Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager. copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager Example copy spec: template: spec: serviceAccountName: enterprise-operator containers: - name: enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   OPS_MANAGER_IMAGE_PULL_POLICY	Pull policy for the image deployed to an Ops Manager resource. Accepted values are Always, IfNotPresent, Never. Default value is Always. copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_PULL_POLICY spec.template.spec.containers.name.env.value: <policy> Example copy spec: template: spec: serviceAccountName: enterprise-operator containers: - name: enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   INIT_OPS_MANAGER_IMAGE_REPOSITORY	URL of the repository from which the initContainer image that contains Ops Manager start-up scripts and the readiness probe is downloaded. Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init. copy spec.template.spec.containers.name.env.name: INIT_OPS_MANAGER_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init
   INIT_OPS_MANAGER_VERSION	Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe. Default value is 1.0.1. copy spec.template.spec.containers.name.env.name: INIT_OPS_MANAGER_VERSION spec.template.spec.containers.name.env.value: 1.0.1 Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_OPS_MANAGER_VERSION value: 1.0.1
   APPDB_IMAGE_REPOSITORY	URL of the repository from which the Application Database image is downloaded. Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb. copy spec.template.spec.containers.name.env.name: APPDB_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: APPDB_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb
   INIT_APPDB_IMAGE_REPOSITORY	URL of the repository from which the initContainer image that contains Application Database start-up scripts and the readiness probe is downloaded. Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb-init. copy spec.template.spec.containers.name.env.name: INIT_APPDB_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: registry.connect.redhat.com/mongodb/mongodb-enterprise-init-appdb Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_APPDB_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-init-appdb
   INIT_APPDB_VERSION	Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe. Default value is 1.0.2. copy spec.template.spec.containers.name.env.name: INIT_APPDB_VERSION spec.template.spec.containers.name.env.value: 1.0.2 Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: INIT_APPDB_VERSION value: 1.0.2
   MANAGED_SECURITY_CONTEXT	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. For OpenShift, MANAGED_SECURITY_CONTEXT must always be true. Default value is true. copy spec.template.spec.containers.name.env.name: MANAGED_SECURITY_CONTEXT spec.template.spec.containers.name.env.value: true Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MANAGED_SECURITY_CONTEXT value: true

4

Install the Kubernetes Operator using the following oc command:

copy

oc apply -f mongodb-enterprise-openshift.yaml

You can install the Kubernetes Operator with Helm 3.

1

Change to the directory in which you cloned the repository.

2

Add your OpenShift Pull Secret to the OpenShift Values file.

Add the name of your <openshift-pull-secret> to the registry.imagePullSecrets setting in the helm_chart/values-openshift.yaml file:

copy

registry:
# The pull secret must be specified
  imagePullSecrets: <openshift-pull-secret>

3

Install the Kubernetes Operator using helm.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

copy

spec:
  subresources:
    status: {}

Invoke the following helm command:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values-openshift.yaml file:

Setting	Purpose	Default
namespace	To use a different namespace, specify that namespace. Example copy # Name of the Namespace to use namespace: mongodb	mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. For OpenShift, managedSecurityContext must always be true. Example copy # OpenShift manages security context on its own managedSecurityContext: true	true
operator .env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Example copy operator: # Execution environment for the operator, dev or prod. # Use dev for more verbose logging env: prod	prod
operator .watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Example copy operator: watchNamespace: * Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.	<metadata.namespace>
operator .watchedResources	Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are: Value Description mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources. mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources. opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources. Example copy operator: watchedResources: - mongodbusers - mongodb - opsmanagers	mongodbusers mongodb opsmanagers
registry .appDb	Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example copy registry: appDb: registry.connect.redhat.com/mongodb
registry .imagePullSecrets	secret that contains the credentials required to pull imagePullSecrets from the repository. Important OpenShift requires this setting. Define it in this file or pass it when you install the Kubernetes Operator using Helm. Example copy registry: imagePullSecrets: <openshift-pull-secret>
registry .operator	Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example copy registry: operator: registry.connect.redhat.com/mongodb
registry .opsManager	Repository from which OpenShift pulls the Ops Manager image. Specify this value if you want to pull the Ops Manager image from a private repository. Example copy registry: opsManager: registry.connect.redhat.com/mongodb
registry .initAppDb	Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database. Specify this value if you want to pull the Application Database initContainer image from a private repository. Example copy registry: initAppDb: registry.connect.redhat.com/mongodb
registry .initOpsManager	Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager. Specify this value if you want to pull the Ops Manager initContainer image from a private repository. Example copy registry: initOpsManager: registry.connect.redhat.com/mongodb

Note

Alternatively, you can pass these values as options when you apply the Helm Chart:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml \
     --set registry.imagePullSecrets=<openshift-pull-secret>

You can install the Kubernetes Operator with Helm 3.

To install the Kubernetes Operator on a host not connected to the Internet:

1

Use docker to request the files on a host connected to the Internet.

copy

docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-operator:<op-version>; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-database:<db-version>; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager:<om-version>; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb:latest; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init:1.0.1; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-init-appdb:1.0.2

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.
• <db-version> with the MongoDB Enterprise database version you’re installing.

2

Export the Kubernetes Operator images as .tar archive files:

copy

docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-operator:<op-version> -o mongodb-enterprise-operator.tar; \
docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-database:<db-version> -o mongodb-enterprise-database.tar; \
docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager:<om-version> -o mongodb-enterprise-ops-manager.tar; \
docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb:latest -o mongodb-enterprise-appdb.tar; \
docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init:1.0.1 -o mongodb-enterprise-ops-manager-init.tar; \
docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-init-appdb:1.0.2 -o mongodb-enterprise-init-appdb.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.
• <db-version> with the MongoDB Enterprise database version you’re installing.

3

Copy these .tar files to the host running the Kubernetes docker daemon.

4

Import the .tar files into docker.

copy

docker load -i mongodb-enterprise-operator.tar; \
docker load -i mongodb-enterprise-database.tar; \
docker load -i mongodb-enterprise-ops-manager.tar; \
docker load -i mongodb-enterprise-appdb.tar; \
docker load -i mongodb-enterprise-ops-manager-init.tar
docker load -i mongodb-enterprise-init-appdb.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.
• <db-version> with the MongoDB Enterprise database version you’re installing.

5

Add your OpenShift Pull Secret to the OpenShift Values file.

Add the name of your <openshift-pull-secret> to the registry.imagePullSecrets setting in the helm_chart/values-openshift.yaml file:

copy

registry:
# The pull secret must be specified
  imagePullSecrets: <openshift-pull-secret>

6

Install the Kubernetes Operator with modified pull policy values.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

copy

spec:
  subresources:
    status: {}

Invoke the following helm command:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set registry.imagePullSecrets=<openshift-pull-secret>

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values-openshift.yaml file:

Setting	Purpose	Default
namespace	To use a different namespace, specify that namespace. Example copy # Name of the Namespace to use namespace: mongodb	mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. For OpenShift, managedSecurityContext must always be true. Example copy # OpenShift manages security context on its own managedSecurityContext: true	true
operator .env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Example copy operator: # Execution environment for the operator, dev or prod. # Use dev for more verbose logging env: prod	prod
operator .watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Example copy operator: watchNamespace: * Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.	<metadata.namespace>
operator .watchedResources	Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are: Value Description mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources. mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources. opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources. Example copy operator: watchedResources: - mongodbusers - mongodb - opsmanagers	mongodbusers mongodb opsmanagers
registry .appDb	Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example copy registry: appDb: registry.connect.redhat.com/mongodb
registry .imagePullSecrets	secret that contains the credentials required to pull imagePullSecrets from the repository. Important OpenShift requires this setting. Define it in this file or pass it when you install the Kubernetes Operator using Helm. Example copy registry: imagePullSecrets: <openshift-pull-secret>
registry .operator	Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example copy registry: operator: registry.connect.redhat.com/mongodb
registry .opsManager	Repository from which OpenShift pulls the Ops Manager image. Specify this value if you want to pull the Ops Manager image from a private repository. Example copy registry: opsManager: registry.connect.redhat.com/mongodb
registry .initAppDb	Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database. Specify this value if you want to pull the Application Database initContainer image from a private repository. Example copy registry: initAppDb: registry.connect.redhat.com/mongodb
registry .initOpsManager	Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager. Specify this value if you want to pull the Ops Manager initContainer image from a private repository. Example copy registry: initOpsManager: registry.connect.redhat.com/mongodb

Note

Alternatively, you can pass these values as options when you apply the Helm Chart:

copy

helm install <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set registry.imagePullSecrets=<openshift-pull-secret> \
     --set namespace=<testNamespace>

Verify the Installation

To verify that the Kubernetes Operator installed correctly, run the following command and verify the output:

copy

kubectl describe deployments mongodb-enterprise-operator -n <namespace>

By default, deployments exist in the mongodb namespace. If the following error message appears, ensure you use the correct namespace:

copy

Error from server (NotFound): deployments.apps "mongodb-enterprise-operator" not found

To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.

Important

If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.

Next Steps

After installing the MongoDB Enterprise Kubernetes Operator, you can:

• Create an instance of Ops Manager
• Configure the Kubernetes Operator to deploy MongoDB resources

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.