Navigation

Create One Project using a ConfigMap

The MongoDB Enterprise Kubernetes Operator uses a Kubernetes ConfigMap to create or link your Ops Manager Project. To create a Kubernetes Operator ConfigMap, you can edit a few lines of the example ConfigMap YAML file and apply the ConfigMap.

Considerations

Starting in MongoDB Enterprise Kubernetes Operator version 1.3.0, you can only deploy one MongoDB resource per project. See Deploy a MongoDB Database Resource.

Important

  • You can use the Kubernetes Operator to deploy MongoDB resources with Ops Manager version 4.0.11 or later and Cloud Manager.
  • You can’t use the Kubernetes Operator to deploy MongoDB resources to Atlas.

Prerequisites

  • Kubernetes version 1.11 or later or Openshift version 3.11 or later.
  • MongoDB Enterprise Kubernetes Operator version 0.11 or later installed.

Create One Project Using a ConfigMap

1

Configure kubectl to default to your namespace.

If you have not already, run the following command to execute all kubectl commands in the namespace you created:

kubectl config set-context $(kubectl config current-context) --namespace=<namespace>
2

Invoke the following command to create a ConfigMap.

kubectl create configmap <configmap-name> \
  --from-literal="baseUrl=<myOpsManagerURL>" \
  --from-literal="projectName=<myOpsManagerProjectName>" \ #Optional
  --from-literal="orgId=<orgID>" #Required for Global API Keys
Key Type Description Example
configmap-name string

Name of the Kubernetes object.

Resource names must be 44 characters or less.

See also

  • metadata.name
  • Kubernetes documentation on names. This name must follow RFC1123 naming conventions, using only lowercase alphanumeric characters, - or ., and must start and end with an alphanumeric character.
myconfigmap
baseUrl string

URL to your Ops Manager Application including the FQDN and port number.

Important

If you deploy Ops Manager with the Kubernetes Operator and Ops Manager will manage MongoDB database resources deployed outside of the Kubernetes cluster it’s deployed to, you must set data.baseUrl to the same value of the spec.configuration.mms.centralUrl setting in the Ops Manager resource specification.

Note

If you’re using Cloud Manager, set the data.baseUrl value to https://cloud.mongodb.com.

https://ops.example.com:8443
projectName string

Label for your Ops Manager Project.

The Kubernetes Operator creates the Ops Manager project if it does not exist. If you omit the projectName, the Kubernetes Operator creates a project with the same name as your Kubernetes resource.

To use an existing project in a Cloud Manager or Ops Manager organization, locate the projectName by clicking the All Clusters link at the top left of the Cloud Manager or Ops Manager page, and searching by name in the Search box, or scrolling to find the name in the list. Each card in this list represents the combination of one Cloud Manager or Ops Manager Organization and Project.

Development
orgId string

24 character hex string that uniquely identifies your Cloud Manager or Ops Manager Organization.

Important

  • You can use the Kubernetes Operator to deploy MongoDB resources with Ops Manager version 4.0.11 or later and Cloud Manager.
  • You can’t use the Kubernetes Operator to deploy MongoDB resources to Atlas.

Depending on your Kubernetes Operator credentials, this field is:

You must specify an existing Organization.

1

Find the organization’s ID.

Do one of the following:

  1. If you are using Ops Manager 4.4 or later or Cloud Manager, click Settings in the left navigation bar.
  2. If you are using Ops Manager 4.2 or earlier, click the Context menu.
2

Copy and paste the orgId into the URL.

Select your organization, view the current URL in your browser and copy the value displayed in the <orgId> placeholder as follows:

https://ops.example.com:8443/ v2#/org/<orgId>/projects

If specified, the Kubernetes Operator links to the organization.

To find the orgID of your organization:

1

Find the organization’s ID.

Do one of the following:

  1. If you are using Ops Manager 4.4 or later or Cloud Manager, click Settings in the left navigation bar.
  2. If you are using Ops Manager 4.2 or earlier, click the Context menu.
2

Copy and paste the orgId into the URL.

Select your organization, view the current URL in your browser and copy the value displayed in the <orgId> placeholder as follows:

https://ops.example.com:8443/ v2#/org/<orgId>/projects

If omitted, Ops Manager creates an organization called projectName that contains a project also called projectName.

You must have the Organization Project Creator role to create a new project within an existing Cloud Manager or Ops Manager organization.

5cc9b333dde384a625a6615
3

Invoke the following Kubernetes command to verify your ConfigMap.

kubectl describe configmaps <configmap-name>

This command returns a ConfigMap description in the shell:

Name:           <configmap-name>
Namespace:      <namespace>
Labels:         <none>
Annotations:    <none>

Data
====
baseUrl:
----
<myOpsManagerURL>
Events:  <none>

Connect to HTTPS-enabled Ops Manager Using a Custom CA

You might have chosen to use your own TLS certificate to enable HTTPS for your Ops Manager instance. If you used a custom certificate, you need to add the CA that signed that custom certificate to the Kubernetes Operator. To add your custom CA, complete the following:

1

Create a ConfigMap for the Certificate Authority certificate.

The Kubernetes Operator requires the root CA certificate of the Certificate Authority that issued the Ops Manager host’s certificate. Run the following command to create a ConfigMap containing the root CA certificate in the same namespace of your database pods:

kubectl -n <namespace> create configmap <root-ca-configmap-name> \
  --from-file=mms-ca.crt

Important

The Kubernetes Operator requires that the certificate is named mms-ca.crt in the ConfigMap.

2

Copy the highlighted section of the following example ConfigMap.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: <my-configmap>
  namespace: <my-namespace>
data:
  projectName: <my-ops-manager-project-name>
  orgId: <org-id> # Optional
  baseUrl: https://<my-ops-manager-URL>
11
12
13
  sslMMSCAConfigMap: <root-ca-configmap-name>
  sslRequireValidMMSServerCertificates: ‘true’
...
3

Add the highlighted section to your project’s ConfigMap.

  1. Invoke the following command to edit your project’s ConfigMap in the default configured editor:

    kubectl edit configmaps <my-configmap> -n <namespace>
    
  2. Paste the highlighted section in the example ConfigMap at the end of the project ConfigMap.

4

Specify the TLS settings

Change the following TLS keys:

Key Type Description Example
sslMMSCAConfigMap string Name of the ConfigMap created in the first step containing the root CA certificate used to sign the Ops Manager host’s certificate. This mounts the CA certificate to the Kubernetes Operator and database resources. my-root-ca
sslRequireValidMMSServerCertificates boolean

Forces the Operator to require a valid TLS certificate from Ops Manager.

Important

The value must be enclosed in single quotes or the operator will throw an error.

'true'
5

Save your updated ConfigMap.

6

Invoke the Kubernetes command to verify your ConfigMap.

kubectl describe configmaps <my-configmap> -n <namespace>

Always include the namespace option with kubectl

kubectl defaults to an empty namespace if you do not specify the -n option, resulting in deployment failures. The Kubernetes Operator, secret, and MongoDB Kubernetes resources should run in the same unique namespace.

This command returns a ConfigMap description in the shell:

Name:           <my-configmap>
Namespace:      <namespace>
Labels:         <none>
Annotations:    <none>

Data
====
sslMMSCAConfigMap:
----
<root-ca-configmap-name>
sslRequireValidMMSServerCertificates:
----
true
Events:  <none>

Next Steps

Now that you created your ConfigMap, Create Credentials for the Kubernetes Operator before you start deploying MongoDB resources.