Navigation

OpenShift Quick Start

On this page

MongoDB Enterprise Kubernetes Operator uses the Kubernetes API and tools to manage MongoDB clusters. Kubernetes Operator works together with MongoDB Cloud Manager or Ops Manager. This tutorial demonstrates how to deploy and connect to your first replica set in Cloud Manager or Ops Manager from OpenShift with Kubernetes Operator.

Prerequisites

This tutorial requires:

  • A running Cloud Manager or Ops Manager cluster.

Procedure

1

Clone the MongoDB Enterprise Kubernetes Operator repository.

git clone https://github.com/mongodb/mongodb-enterprise-kubernetes.git
2

Create a namespace for your Kubernetes deployment.

By default, The Kubernetes Operator uses the mongodb namespace. To simplify your installation, consider creating a namespace labeled mongodb using the following kubectl command:

kubectl create namespace mongodb
3

Configure kubectl to default to your namespace.

If you have not already, run the following command to execute all kubectl commands in the namespace you created:

kubectl config set-context $(kubectl config current-context) --namespace=mongodb
4

Create a secret that contains credentials authorized to pull images from the registry.connect.redhat.com repository.

If you use the Kubernetes Operator to deploy MongoDB resources to multiple namespaces or with a cluster-wide scope, create the secret only in the namespace where you intend to deploy the Kubernetes Operator. The Kubernetes Operator synchronizes the secret across all watched namespaces.

  1. If you have not already, obtain a Red Hat subscription.

  2. Create a Registry Service Account.

  3. Click on your Registry Service Account, then click the Docker Configuration tab.

  4. Download the <account-name>-auth.json file and open it in a text editor.

  5. Copy the registry.redhat.io object, and paste another instance of this object into the file. Remember to add a comma after the first object. Rename the second object registry.connect.redhat.com, then save the file:

    {
      "auths": {
        "registry.redhat.io": {
          "auth": "<encoded-string>"
        },
        "registry.connect.redhat.com": {
          "auth": "<encoded-string>"
        }
      }
    }
    
  6. Create an openshift-pull-secret.yaml file and add the contents of the modified <account-name>-auth.json file as stringData named .dockerconfigjson to the openshift-pull-secret.yaml secret file.

    apiVersion: v1
    kind: Secret
    metadata:
      name: openshift-pull-secret
    stringData:
      .dockerconfigjson: |
          {
            "auths": {
              "registry.redhat.io": {
                "auth": "<encoded-string>"
              },
              "registry.connect.redhat.com": {
                "auth": "<encoded-string>"
              }
            }
          }
    type: kubernetes.io/dockerconfigjson
    

    The value you provide in the metadata.name field contains the secret name. Provide this value when asked for the <openshift-pull-secret>.

  7. Create a secret from the openshift-pull-secret.yaml file in the same namespace in which you will deploy the Kubernetes Operator.

    oc apply -f openshift-pull-secret.yaml -n <namespace>
    
5

Install the MongoDB Enterprise Kubernetes Operator

  1. Invoke the following oc command to install the CustomResourceDefinitions for MongoDB deployments:

    oc apply -f crds.yaml
    
  2. Add your <openshift-pull-secret> to the ServiceAccount definitions in the MongoDB Enterprise Kubernetes Operator YAML file.

    ---
    # Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: enterprise-operator
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-appdb
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-database-pods
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
  3. Invoke the following oc command to install Kubernetes Operator:

    oc apply -f mongodb-enterprise-openshift.yaml
    
6

Create credentials and store them as a secret.

Run the following command:

Note

Provide your Public and Private Key values for the following parameters. To learn more, see Create Credentials for the Kubernetes Operator.

kubectl -n mongodb \
  create secret generic ops-manager-admin-key \
  --from-literal="user=<publicKey>" \
  --from-literal="publicApiKey=<privateKey>"
7

Invoke the following command to create a ConfigMap.

Note

Provide your values for the following parameters. To learn more, see the parameter descriptions.

kubectl create configmap myconfigmap \
  --from-literal="baseUrl=<myOpsManagerURL>" \
  --from-literal="projectName=<myOpsManagerProjectName>" \ #Optional
  --from-literal="orgId=<orgID>" #Required for Global API Keys
8

Deploy the replica set resource.

Run the following command:

cat <<EOF | kubectl apply -f -
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: demo-mongodb-cluster-1
  namespace: mongodb
spec:
  members: 3
  version: 4.4.5-ent
  type: ReplicaSet
  authentication:
    enabled: true
    modes: ["SHA"]
  opsManager:
    configMapRef:
      name: myconfigmap
  credentials: ops-manager-admin-key
  persistent: true
  podSpec:
    podTemplate:
      spec:
        containers:
        - name: mongodb-enterprise-database
          resources:
            limits:
              cpu: 2
              memory: 1.5G
            requests:
              cpu: 1
              memory: 1G
            persistence:
              single:
                storage: 10Gi
EOF
9

Create a secret with your database user password

You can choose to use a cleartext password or a Base64-encoded password. Plaintext passwords use stringData.password and Base64-encoded passwords use data.password.

Note

Provide your values for the following parameters. To learn more, see the parameter descriptions.

For a cleartext password, create and save the following YAML file:

apiVersion: v1
kind: Secret
metadata:
  name: mms-user-1-password
  # corresponds to user.spec.passwordSecretKeyRef.name
type: Opaque
stringData:
  password: <my-plain-text-password>
  # corresponds to user.spec.passwordSecretKeyRef.key

For a Base64-encoded password, create and save the following YAML file:

apiVersion: v1
kind: Secret
metadata:
  name: mms-user-1-password
  # corresponds to user.spec.passwordSecretKeyRef.name
type: Opaque
data:
  password: <base-64-encoded-password>
  # corresponds to user.spec.passwordSecretKeyRef.key
10

Create a database user.

Run the following command:

cat <<EOF | kubectl apply -f -
apiVersion: mongodb.com/v1
kind: MongoDBUser
metadata:
  name: mms-scram-user-1
spec:
  passwordSecretKeyRef:
    name: mms-user-1-password
    # Match to metadata.name of the User Secret
    key: password
  username: "mms-scram-user-1"
  db: "admin" #
  mongodbResourceRef:
    name: "demo-mongodb-cluster-1"
    # Match to MongoDB resource using authenticaiton
  roles:
  - db: "admin"
    name: "clusterAdmin"
  - db: "admin"
    name: "userAdminAnyDatabase"
  - db: "admin"
    name: "readWrite"
  - db: "admin"
    name: "userAdminAnyDatabase"
EOF
11

Optional: View the newly created user in Cloud Manager or Ops Manager.

You can view the newly-created user in Cloud Manager or Ops Manager:

  1. From the Project’s Deployment view, click the Security tab.
  2. Click the MongoDB Users nested tab.
12

Connect to the replica set.

Perform the following steps in the Cloud Manager or Ops Manager application, depending on where your clusters are hosted:

  1. Click Deployment in the left navigation.
  2. Click ellipsis icon for the deployment to which you want to connect.
  3. Click Connect to this instance.
  4. Run the connection command in a terminal to connect to the deployment.