Create One Project using a ConfigMap

The MongoDB Enterprise Kubernetes Operator uses a Kubernetes ConfigMap to create or link your Ops Manager Project. To create a Kubernetes Operator ConfigMap, you need to edit a few lines of the example ConfigMap YAML file and apply the ConfigMap.


Starting in MongoDB Enterprise Kubernetes Operator version 1.3.0, you can only have one MongoDB resource per project. To learn how to deploy a MongoDB resource in your project, see Deploy a MongoDB Database Resource.



  • Kubernetes version 1.11 or later or Openshift version 3.11 or later.
  • MongoDB Enterprise Kubernetes Operator version 0.11 or later installed.

Create One Project Using a ConfigMap


Configure kubectl to default to your namespace.

If you have not already, run the following command to execute all kubectl commands in the namespace you created:

kubectl config set-context $(kubectl config current-context) --namespace=<namespace>

Invoke the following command to create a ConfigMap.

kubectl create configmap <configmap-name> \
  --from-literal="baseUrl=<myOpsManagerURL>" \
  --from-literal="projectName=<myOpsManagerProjectName>" \ #Optional
  --from-literal="orgId=<orgID>" #Optional
Key Type Description Example
<configmap-name> string

Name of the Kubernetes object.

Resource names must be 44 characters or less.

See also

  • Kubernetes documentation on names. This name must follow RFC1123 naming conventions, using only lowercase alphanumeric characters, ‘-‘ or ‘.’, and must start and end with an alphanumeric character.
baseUrl string

URL to your Ops Manager Application including the FQDN and port number.


If you deploy Ops Manager with the Kubernetes Operator and Ops Manager will manage MongoDB database resources deployed outside of the Kubernetes cluster it’s deployed to, you must set data.baseUrl to the same value of the spec.configuration.mms.centralUrl setting in the Ops Manager resource specification.


If you’re using Cloud Manager, set the data.baseUrl value to
projectName string

Label for your Ops Manager Project.

The Kubernetes Operator creates the Ops Manager project if it does not exist. If you omit the projectName, the Kubernetes Operator creates a project with the same name as your Kubernetes resource.

If you need or want to use an existing project, you can find the projectName by clicking the All Clusters link at the top left of the screen, then either search by name in the Search box or scroll to find the name in the list. Each card in this list represents the combination of one Organization and Project.

orgId string

24 character hex string that uniquely identifies your MongoDB Organization. You can find the orgId in your Ops Manager URL:

  1. Click the Context menu.

  2. Select your Organization.

  3. View the current URL in your browser and copy the value displayed in the <orgId> placeholder below:


This field is optional. If you omit the orgId, Ops Manager creates an Organization called projectName that contains a project also called projectName.

You must have the Organization project Creator role to create a new project within an existing organization.

Limited to Cloud Manager or Ops Manager Organizations

If you set this value, it can be for a Cloud Manager or Ops Manager organization only. If you try to use an Atlas organization, the Kubernetes Operator may not work as intended.


Invoke the following Kubernetes command to verify your ConfigMap.

kubectl describe configmaps <configmap-name>

This command returns a ConfigMap description in the shell:

Name:           <configmap-name>
Namespace:      <namespace>
Labels:         <none>
Annotations:    <none>

Events:  <none>

Connect to HTTPS-enabled Ops Manager Using a Custom CA

You might have chosen to use your own TLS certificate to enable HTTPS for your Ops Manager instance. If you used a custom certificate, you need to add the CA that signed that custom certificate to the Kubernetes Operator. To add your custom CA, complete the following:


Create a ConfigMap for the Certificate Authority certificate.

The Kubernetes Operator requires the root CA certificate of the Certificate Authority that issued the Ops Manager host’s certificate. Run the following command to create a ConfigMap containing the root CA certificate in the same namespace of your database pods:

kubectl -n <namespace> create configmap <root-ca-configmap-name> \


The Kubernetes Operator requires that the certificate is named mms-ca.crt in the ConfigMap.


Copy the highlighted section of the following example ConfigMap.

apiVersion: v1
kind: ConfigMap
  name: <my-configmap>
  namespace: <my-namespace>
  projectName: <my-ops-manager-project-name>
  orgId: <org-id> # Optional
  baseUrl: https://<my-ops-manager-URL>
  sslMMSCAConfigMap: <root-ca-configmap-name>
  sslRequireValidMMSServerCertificates: ‘true’

Add the highlighted section to your project’s ConfigMap.

  1. Invoke the following command to edit your project’s ConfigMap in the default configured editor:

    kubectl edit configmaps <my-configmap> -n <namespace>
  2. Paste the highlighted section in the example ConfigMap at the end of the project ConfigMap.


Specify the TLS settings

Change the following TLS keys:

Key Type Description Example
sslMMSCAConfigMap string Name of the ConfigMap created in the first step containing the root CA certificate used to sign the Ops Manager host’s certificate. This mounts the CA certificate to the Kubernetes Operator and database resources. my-root-ca
sslRequireValidMMSServerCertificates boolean

Forces the Operator to require a valid TLS certificate from Ops Manager.


The value must be enclosed in single quotes or the operator will throw an error.


Save your updated ConfigMap.


Invoke the Kubernetes command to verify your ConfigMap.

kubectl describe configmaps <my-configmap> -n <namespace>

Always include the namespace option with kubectl

kubectl defaults to an empty namespace if you do not specify the -n option, resulting in deployment failures. The Kubernetes Operator, secret, and MongoDB Kubernetes resources should run in the same unique namespace.

This command returns a ConfigMap description in the shell:

Name:           <my-configmap>
Namespace:      <namespace>
Labels:         <none>
Annotations:    <none>

Events:  <none>

Next Steps

Now that you created your ConfigMap, Create Credentials for the Kubernetes Operator before you start deploying MongoDB resources.