• Install and Configure the Kubernetes Operator >
• Install the MongoDB Enterprise Kubernetes Operator

Install the MongoDB Enterprise Kubernetes Operator

Prerequisites and Considerations

Before you install the Kubernetes Operator, make sure you plan for your installation:

• Choose a deployment topology.
• Read the Considerations.
• Complete the Prerequisites.

Note

This tutorial presumes some knowledge of Kubernetes, but does link to relevant Kubernetes documentation where possible. If you are unfamiliar with Kubernetes, please review that documentation first.

Procedure

The following steps vary depending on how you want to configure your environment:

• Kubernetes
• OpenShift

• Online using kubectl
• Online using Helm
• Offline using Helm and Docker

Use the same namespace throughout

The following examples assume that you created a namespace using the default Kubernetes Operator namespace of mongodb. If you specified a different label for your namespace when you created it, change all values for metadata.namespace to that namespace.

To change the label for the namespace for the following deployment to production, edit all values for metadata.namespace in mongodb-enterprise.yaml:

copy

##---
# Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: mongodb-enterprise-operator
  namespace: production
##---
# Source: mongodb-enterprise-operator/templates/operator.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongodb-enterprise-operator
  namespace: production

---
# Example truncated
---
...

1

Change to the directory in which you cloned the repository.

2

Install the CustomResourceDefinitions for MongoDB deployments using the following kubectl command:

copy

kubectl apply -f crds.yaml

3

You can edit the Operator YAML file to further customize your Operator before installing it.

1. Open your mongodb-enterprise.yaml in your preferred text editor.

2. You may need to add one or more of the following options:

   Environment Variable	When to Use
   OPERATOR_ENV	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If OPERATOR_ENV is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: OPERATOR_ENV spec.template.spec.containers.name.env.value: prod Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPERATOR_ENV value: prod
   WATCH_NAMESPACE	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: WATCH_NAMESPACE spec.template.spec.containers.name.env.value: "<testNamespace>" Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: WATCH_NAMESPACE value: "<testNamespace>"
   OPS_MANAGER_IMAGE_REPOSITORY	URL of the repository from which the image for an Ops Manager resource is downloaded. Default value is: quay.io/mongodb/mongodb-enterprise-ops-manager copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: quay.io/mongodb/mongodb-enterprise-ops-manager Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   OPS_MANAGER_IMAGE_PULL_POLICY	Pull policy for the image deployed to an Ops Manager resource. Accepted values are: Always, IfNotPresent, Never Default value is: Always copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_PULL_POLICY spec.template.spec.containers.name.env.value: <policy> Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   MANAGED_SECURITY_CONTEXT	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Set this field to true if you want to run the Kubernetes Operator in OpenShift or in a restrictive environment. Default value is false. copy spec.template.spec.containers.name.env.name: MANAGED_SECURITY_CONTEXT spec.template.spec.containers.name.env.value: false Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MANAGED_SECURITY_CONTEXT value: true

4

Install the Kubernetes Operator using the following kubectl command:

copy

kubectl apply -f mongodb-enterprise.yaml

If you have not already installed Helm, follow the instructions on GitHub to install it.

1

Change to the directory in which you cloned the repository.

2

Install the Kubernetes Operator using the following helm command:

copy

helm template helm_chart > operator.yaml \
-- values helm_chart/values.yaml
kubectl apply -f operator.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values.yaml file:

Setting	When to Use
namespace	To use a different namespace, you need to specify that namespace. Default value is: mongodb. Example copy # Name of the Namespace to use namespace: mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Set this field to true if your cluster manages the securityContext for your Kubernetes resources. Default value is false. Example copy # Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false
operator.env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. Example copy operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod
operator.watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. Example copy operator: watchNamespace: *

Note

You can also pass these values as options when you apply the Helm Chart:

copy

helm template --set namespace=<testNamespace> \
helm_chart > operator.yaml \
-- values helm_chart/values.yaml
kubectl apply -f operator.yaml

If you have not already installed Helm, follow the instructions on GitHub to install it.

To install the Kubernetes Operator on a host not connected to the Internet, choose to download its files from:

• The Internet
• Another Host

1

Change to the directory in which you cloned the repository.

2

Use docker to request the files.

copy

docker pull quay.io/mongodb/mongodb-enterprise-operator:<op-version>; \
docker pull quay.io/mongodb/mongodb-enterprise-database:<op-version>; \
docker pull quay.io/mongodb/mongodb-enterprise-ops-manager:<om-version>-operator<op-version>

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

3

Disconnect from the internet.

4

Install the Kubernetes Operator with modified pull policy values using the following helm command:

copy

helm template --set registry.pullPolicy=IfNotPresent \
helm_chart > operator.yaml \
-- values helm_chart/values.yaml
kubectl apply -f operator.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values.yaml file:

Setting	When to Use
namespace	To use a different namespace, you need to specify that namespace. Default value is: mongodb. Example copy # Name of the Namespace to use namespace: mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Set this field to true if your cluster manages the securityContext for your Kubernetes resources. Default value is false. Example copy # Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false
operator.env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. Example copy operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod
operator.watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. Example copy operator: watchNamespace: *

Note

You can also pass these values as options when you apply the Helm Chart:

copy

helm template --set registry.pullPolicy=IfNotPresent \
--set namespace=<testNamespace> \
helm_chart > operator.yaml \
-- values helm_chart/values.yaml
kubectl apply -f operator.yaml

1

Use docker to request the files on a host connected to the Internet.

copy

docker pull quay.io/mongodb/mongodb-enterprise-operator:<op-version>; \
docker pull quay.io/mongodb/mongodb-enterprise-database:<op-version>; \
docker pull quay.io/mongodb/mongodb-enterprise-ops-manager:<om-version>-operator<op-version>

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

2

Export the Kubernetes Operator images as .tar archive files:

copy

docker save quay.io/mongodb/mongodb-enterprise-operator:<op-version> -o mongodb-enterprise-operator.tar; \
docker save quay.io/mongodb/mongodb-enterprise-database:<op-version> -o mongodb-enterprise-database.tar; \
docker save quay.io/mongodb/mongodb-enterprise-ops-manager:<om-version>-operator<op-version> -o mongodb-enterprise-ops-manager.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

3

Copy these .tar files to the host running the Kubernetes docker daemon.

4

Import the .tar files into docker.

copy

docker load -i mongodb-enterprise-operator.tar; \
docker load -i mongodb-enterprise-database.tar; \
docker load -i mongodb-enterprise-ops-manager.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

5

Install the Kubernetes Operator with modified pull policy values using the following helm command:

copy

helm template --set registry.pullPolicy=IfNotPresent \
helm_chart > operator.yaml \
-- values helm_chart/values.yaml
kubectl apply -f operator.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values.yaml file:

Setting	When to Use
namespace	To use a different namespace, you need to specify that namespace. Default value is: mongodb. Example copy # Name of the Namespace to use namespace: mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Set this field to true if your cluster manages the securityContext for your Kubernetes resources. Default value is false. Example copy # Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false
operator.env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. Example copy operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod
operator.watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. Example copy operator: watchNamespace: *

Note

You can also pass these values as options when you apply the Helm Chart:

copy

helm template --set registry.pullPolicy=IfNotPresent \
--set namespace=<testNamespace> \
helm_chart > operator.yaml \
-- values helm_chart/values.yaml
kubectl apply -f operator.yaml

• Online using oc
• Online using Helm
• Offline using Helm and Docker

Use the same namespace throughout

The following examples assume that you created a namespace using the default Kubernetes Operator namespace of mongodb. If you specified a different label for your namespace when you created it, change all values for metadata.namespace to that namespace.

To change the label for the namespace for the following deployment to production, edit all values for metadata.namespace in mongodb-enterprise-openshift.yaml:

copy

##---
# Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: enterprise-operator
  namespace: production
##---
# Source: mongodb-enterprise-operator/templates/operator.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: enterprise-operator
  namespace: production

---
# Example truncated
---
...

1

Change to the directory in which you cloned the repository.

2

Install the CustomResourceDefinitions for MongoDB deployments using the following oc command:

copy

oc apply -f crds.yaml

3

You can edit the Operator YAML file to further customize your Operator before installing it.

1. Open your mongodb-enterprise-openshift.yaml in your preferred text editor.

2. You must add your <openshift-pull-secret> to the ServiceAccount definitions:

   copy

   ---
   # Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: enterprise-operator
   
     namespace: mongodb
   
   imagePullSecrets:
    - name: <openshift-pull-secret>
   
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: mongodb-enterprise-appdb
   
     namespace: mongodb
   
   imagePullSecrets:
    - name: <openshift-pull-secret>
   
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: mongodb-enterprise-database-pods
   
     namespace: mongodb
   
   imagePullSecrets:
    - name: <openshift-pull-secret>
   

3. You may need to add one or more of the following options:

   Environment Variable	When to Use
   OPERATOR_ENV	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If OPERATOR_ENV is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: OPERATOR_ENV spec.template.spec.containers.name.env.value: prod Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPERATOR_ENV value: prod
   WATCH_NAMESPACE	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. You can set the following pair of values: copy spec.template.spec.containers.name.env.name: WATCH_NAMESPACE spec.template.spec.containers.name.env.value: "<testNamespace>" Example copy spec: template: spec: serviceAccountName: enterprise-operator containers: - name: enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: WATCH_NAMESPACE value: "<testNamespace>"
   OPS_MANAGER_IMAGE_REPOSITORY	URL of the repository from which the image for an Ops Manager resource is downloaded. Default value is: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_REPOSITORY spec.template.spec.containers.name.env.value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager Example copy spec: template: spec: serviceAccountName: enterprise-operator containers: - name: enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   OPS_MANAGER_IMAGE_PULL_POLICY	Pull policy for the image deployed to an Ops Manager resource. Accepted values are: Always, IfNotPresent, Never Default value is: Always copy spec.template.spec.containers.name.env.name: OPS_MANAGER_IMAGE_PULL_POLICY spec.template.spec.containers.name.env.value: <policy> Example copy spec: template: spec: serviceAccountName: enterprise-operator containers: - name: enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: OPS_MANAGER_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always
   MANAGED_SECURITY_CONTEXT	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. For OpenShift, MANAGED_SECURITY_CONTEXT must always be true. Default value is true. copy spec.template.spec.containers.name.env.name: MANAGED_SECURITY_CONTEXT spec.template.spec.containers.name.env.value: true Example copy spec: template: spec: serviceAccountName: mongodb-enterprise-operator containers: - name: mongodb-enterprise-operator image: <operatorVersionUrl> imagePullPolicy: <policyChoice> env: - name: MANAGED_SECURITY_CONTEXT value: true

4

Install the Kubernetes Operator using the following oc command:

copy

oc apply -f mongodb-enterprise-openshift.yaml

If you have not already installed Helm, follow the instructions on GitHub to install it.

1

Change to the directory in which you cloned the repository.

2

Add the name of your <openshift-pull-secret> to the registry.imagePullSecrets setting in the helm_chart/values-openshift.yaml file:

copy

registry:
# The pull secret must be specified
  imagePullSecrets: <openshift-pull-secret>

3

Install the Kubernetes Operator using the following helm command:

copy

helm template helm_chart > operator.yaml \
-- values helm_chart/values-openshift.yaml
oc apply -f operator.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values-openshift.yaml file:

Setting	When to Use
registry.imagePullSecrets	secret that contains the credentials required to pull imagePullSecrets from the repository. Important This setting is mandatory for OpenShift installs. You must either define it in this file or pass it when you install the Kubernetes Operator using Helm. Example copy registry: imagePullSecrets: <openshift-pull-secret>
namespace	To use a different namespace, you need to specify that namespace. Default value is: mongodb. Example copy # Name of the Namespace to use namespace: mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Default value is true. For OpenShift, managedSecurityContext must always be true. Example copy # OpenShift manages security context on its own managedSecurityContext: true
operator.env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. Example copy operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod
operator.watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. Example copy operator: watchNamespace: *

Note

You can also pass these values as options when you apply the Helm Chart:

copy

helm template --set registry.imagePullSecrets=<openshift-pull-secret> \
helm_chart > operator.yaml \
-- values helm_chart/values-openshift.yaml
oc apply -f operator.yaml

If you have not already installed Helm, follow the instructions on GitHub to install it.

To install the Kubernetes Operator on a host not connected to the Internet, choose to download its files from:

• The Internet
• Another Host

1

Change to the directory in which you cloned the repository.

2

Use docker to request the files.

copy

docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-operator:<op-version>; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-database:<op-version>; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager:<om-version>-operator<op-version>

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

3

Disconnect from the internet.

4

Add the name of your <openshift-pull-secret> to the registry.imagePullSecrets setting in the helm_chart/values-openshift.yaml file:

copy

registry:
# The pull secret must be specified
  imagePullSecrets: <openshift-pull-secret>

5

Install the Kubernetes Operator with modified pull policy values using the following helm command:

copy

helm template --set registry.pullPolicy=IfNotPresent \
--set registry.imagePullSecrets=<openshift-pull-secret> \
helm_chart > operator.yaml \
-- values helm_chart/values-openshift.yaml
oc apply -f operator.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values-openshift.yaml file:

Setting	When to Use
registry.imagePullSecrets	secret that contains the credentials required to pull imagePullSecrets from the repository. Important This setting is mandatory for OpenShift installs. You must either define it in this file or pass it when you install the Kubernetes Operator using Helm. Example copy registry: imagePullSecrets: <openshift-pull-secret>
namespace	To use a different namespace, you need to specify that namespace. Default value is: mongodb. Example copy # Name of the Namespace to use namespace: mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Default value is true. For OpenShift, managedSecurityContext must always be true. Example copy # OpenShift manages security context on its own managedSecurityContext: true
operator.env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. Example copy operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod
operator.watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. Example copy operator: watchNamespace: *

Note

You can also pass these values as options when you apply the Helm Chart:

copy

helm template --set registry.pullPolicy=IfNotPresent \
--set registry.imagePullSecrets=<openshift-pull-secret> \
--set namespace=<testNamespace> \
helm_chart > operator.yaml \
-- values helm_chart/values-openshift.yaml
oc apply -f operator.yaml

1

Use docker to request the files on a host connected to the Internet.

copy

docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-operator:<op-version>; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-database:<op-version>; \
docker pull registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager:<om-version>-operator<op-version>

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

2

Export the Kubernetes Operator images as .tar archive files:

copy

docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-operator:<op-version> -o mongodb-enterprise-operator.tar; \
docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-database:<op-version> -o mongodb-enterprise-database.tar; \
docker save registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager:<om-version>-operator<op-version> -o mongodb-enterprise-ops-manager.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

3

Copy these .tar files to the host running the Kubernetes docker daemon.

4

Import the .tar files into docker.

copy

docker load -i mongodb-enterprise-operator.tar; \
docker load -i mongodb-enterprise-database.tar; \
docker load -i mongodb-enterprise-ops-manager.tar

Replace the following values:

• <op-version> with the Kubernetes Operator version you’re installing
• <om-version> with the Ops Manager version you’re installing.

5

Add the name of your <openshift-pull-secret> to the registry.imagePullSecrets setting in the helm_chart/values-openshift.yaml file:

copy

registry:
# The pull secret must be specified
  imagePullSecrets: <openshift-pull-secret>

6

Install the Kubernetes Operator with modified pull policy values using the following helm command:

copy

helm template --set registry.pullPolicy=IfNotPresent \
--set registry.imagePullSecrets=<openshift-pull-secret> \
helm_chart > operator.yaml \
-- values helm_chart/values-openshift.yaml
oc apply -f operator.yaml

You can customize your Helm Chart before installing it. To modify it, add one or more of the following options to the values-openshift.yaml file:

Setting	When to Use
registry.imagePullSecrets	secret that contains the credentials required to pull imagePullSecrets from the repository. Important This setting is mandatory for OpenShift installs. You must either define it in this file or pass it when you install the Kubernetes Operator using Helm. Example copy registry: imagePullSecrets: <openshift-pull-secret>
namespace	To use a different namespace, you need to specify that namespace. Default value is: mongodb. Example copy # Name of the Namespace to use namespace: mongodb
managedSecurityContext	Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages. Default value is true. For OpenShift, managedSecurityContext must always be true. Example copy # OpenShift manages security context on its own managedSecurityContext: true
operator.env	Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging. If operator.env is Log Level is set to Log Format is set to dev debug text prod info json Accepted values are: dev, prod. Default value is: prod. Example copy operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod
operator.watchNamespace	Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace. * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator. Default value is: <metadata.namespace>. Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. Example copy operator: watchNamespace: *

Note

You can also pass these values as options when you apply the Helm Chart:

copy

helm template --set registry.pullPolicy=IfNotPresent \
--set registry.imagePullSecrets=<openshift-pull-secret> \
--set namespace=<testNamespace> \
helm_chart > operator.yaml \
-- values helm_chart/values-openshift.yaml
oc apply -f operator.yaml

Verify the Installation

To verify that the Kubernetes Operator installed correctly, run the following command and verify the output:

copy

kubectl describe deployments mongodb-enterprise-operator -n <namespace>

By default, deployments exist in the mongodb namespace. If the following error message appears, ensure you use the correct namespace:

copy

Error from server (NotFound): deployments.apps "mongodb-enterprise-operator" not found

To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.

Important

If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.

Next Steps

After installing the MongoDB Enterprise Kubernetes Operator, you can:

• Create an instance of Ops Manager
• Configure the Kubernetes Operator to deploy MongoDB resources

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.