- Deploy and Configure Ops Manager Resources >
- Deploy an Ops Manager Resource
Deploy an Ops Manager Resource¶
On this page
You can deploy Ops Manager in a container with the Kubernetes Operator.
Prerequisites and Considerations¶
Before you deploy an Ops Manager resource, make sure you plan for your Ops Manager resource:
- Complete the Prerequisites
- Read the Considerations.
Considerations for Ops Manager Deployments over HTTPS¶
You can configure your deployed Ops Manager resource to run over HTTPS, rather than HTTP. A full description of TLS, PKI (Public Key Infrastructure) certificates, and Certificate Authority is beyond the scope of this tutorial. This tutorial assumes prior knowledge of TLS/SSL as well as access to valid certificates.
When running over HTTPS, Ops Manager runs on port 8443
by default.
Procedure¶
Select the appropriate tab based on whether you want your Ops Manager instance to run over HTTP or HTTPS:
- HTTP
- HTTPS
Configure the settings highlighted in the prior example.¶
Key | Type | Description | Example |
---|---|---|---|
metadata.name |
string | Name for this Kubernetes Ops Manager object. Resource names must be 44 characters or less. See also
|
om |
spec.replicas |
number | Number of Ops Manager instances to run in parallel. The minimum valid value is Highly Available Ops Manager Resources For high availability, set this value to more than |
1 |
spec.version |
string | Version of Ops Manager to be installed. The format should be X.Y.Z. To view available Ops Manager versions, view the container registry. |
4.2.12 |
spec.adminCredentials |
string | Name of the secret you created for the Ops Manager admin user. Note Configure the secret to use the same namespace as the Ops Manager resource. |
om-admin-secret |
string | Optional. The Kubernetes service ServiceType that exposes Ops Manager outside of Kubernetes. Note Exclude the
|
LoadBalancer |
|
integer | Number of members of the Ops Manager Application Database replica set. | 3 |
|
string | Optional. Version of MongoDB that the Ops Manager Application Database should run. The format should be Important Ensure that you choose a compatible MongoDB Server version. Compatible versions differ depending on the base image that the MongoDB database resource uses. Deploy Ops Manager Resource Offline To deploy Ops Manager inside Kubernetes without an Internet connection,
omit this setting or leave the value empty. The Kubernetes Operator
installs the bundled MongoDB Enterprise version To learn more about MongoDB versioning, see see MongoDB Versioning in the MongoDB Manual. |
4.2.11-ent |
|
boolean | Flag indicating if this MongoDB Kubernetes resource should use Persistent Volumes for storage. Persistent volumes are not deleted when the MongoDB Kubernetes resource is stopped or restarted. Important You must set this value to
To change your Persistent Volume Claims configuration, configure the following collections to meet your deployment requirements:
Warning Grant your containers permission to write to your Persistent Volume.
The Kubernetes Operator sets |
true |
Optional: Configure Backup settings.¶
If you want to enable backup, you must configure all of the following settings:
Key | Type | Description | Example |
---|---|---|---|
boolean | Flag that indicates that Backup is enabled. You must specify
spec.backup.enabled: true to configure settings
for the head database, oplog store, and snapshot store. |
true |
|
string | Name of the oplog store. | oplog1 |
|
string | Name of the MongoDB database resource for the oplog store. | my-oplog-db |
You must also configure an S3 snapshot store or a blockstore.
Note
If you deploy both an S3 snapshot store and a blockstore, Ops Manager randomly choses one to use for Backup.
To configure a snapshot store, configure the following settings:
Key | Type | Description | Example |
---|---|---|---|
string | Name of the S3 snapshot store. | s3store1 |
|
string | Name of the secret that contains the accessKey and
secretKey fields. The Backup Daemon Service uses the
values of these fields as credentials to access the S3 or
S3-compatible bucket. |
my-s3-credentials |
|
string | URL of the S3 or S3-compatible bucket that stores the database Backup snapshots. | s3.us-east-1.amazonaws.com |
|
string | Name of the S3 or S3-compatible bucket that stores the database Backup snapshots. | my-bucket |
To configure a blockstore, configure the following settings:
Key | Type | Description | Example |
---|---|---|---|
string | Name of the blockstore. | blockStore1 |
|
string | Name of the MongoDB database resource that you create for the blockstore. You must deploy this database resource in the same namespace as the Ops Manager resource. | my-mongodb-blockstore |
Optional: Configure any additional settings for an Ops Manager deployment.¶
Add any optional settings that you want to apply to your deployment to the object specification file.
Save this file with a .yaml
file extension.¶
Create your Ops Manager instance.¶
Invoke the following kubectl
command on the filename of the
Ops Manager resource definition:
Track the status of your Ops Manager instance.¶
To check the status of your Ops Manager resource, invoke the following command:
The command returns the following output under the status
field
while the resource deploys:
The Kubernetes Operator reconciles the resources in the following order:
- Application Database.
- Ops Manager.
- Backup.
The Kubernetes Operator doesn’t reconcile a resource until the preceding
one enters the Running
phase.
After the Ops Manager resource completes the Reconciling
phase, the
command returns the following output under the status
field if you
enabled backup:
Backup remains in a Pending
state until you configure the Backup
databases.
Tip
The status.opsManager.url
field states the resource’s
connection URL. Using this URL, you can reach Ops Manager from
inside the Kubernetes cluster or create a project using a
ConfigMap.
Access the Ops Manager application.¶
The steps you take differ based on how you are routing traffic to the Ops Manager application in Kubernetes. If you configured the Kubernetes Operator to create a Kubernetes service for you, or you created a Kubernetes service manually, use one of the following methods to access the Ops Manager application:
- External Traffic Routes Using LoadBalancer Service
- External Traffic Routed Using NodePort Service
Query your cloud provider to get the FQDN of the load balancer service. See your cloud provider’s documentation for details.
Open a browser window and navigate to the Ops Manager application using the FQDN and port number of your load balancer service.
Log in to Ops Manager using the admin user credentials.
Set your firewall rules to allow access from the Internet to the
spec.externalConnectivity.
port
on the host on which your Kubernetes cluster is running.Open a browser window and navigate to the Ops Manager application using the FQDN and the
spec.externalConnectivity.
port
.Log in to Ops Manager using the admin user credentials.
To learn how to access the Ops Manager application using a third-party service, refer to the documentation for your solution.
Optional: Create credentials for the Kubernetes Operator.¶
If you enabled Backup, you must create an Ops Manager organization, generate programmatic API keys, and create a secret. These activities follow the prerequisites and procedure on the Create Credentials for the Kubernetes Operator page.
Optional: Create a project using a ConfigMap.¶
If you enabled Backup, create a project by following the prerequisites and procedure on the Create One Project using a ConfigMap page.
You must set data.baseUrl
in the ConfigMap to the Ops Manager Application’s URL. To find this URL, invoke the following command:
The command returns the URL of the Ops Manager Application in the
status.opsManager.url
field.
Important
If you deploy Ops Manager with the Kubernetes Operator and Ops Manager will
manage MongoDB database resources deployed outside of the Kubernetes
cluster it’s deployed to, you must set data.baseUrl
to the same
value of the
spec.configuration.mms.centralUrl
setting in the Ops Manager resource specification.
Optional: Deploy MongoDB database resources to complete the Backup configuration.¶
If you enabled Backup, create a MongoDB database resource for the oplog and snapshot stores to complete the configuration.
Deploy a MongoDB database resource for the oplog store in the same namespace as the Ops Manager resource.
Note
Create this database as a replica set.
Match the
metadata.name
of the resource with thespec.backup.opLogStores.mongodbResourceRef.name
that you specified in your Ops Manager resource definition.Choose one of the following:
Deploy a MongoDB database resource for the blockstore in the same namespace as the Ops Manager resource.
Match the
metadata.name
of the resource to thespec.backup.blockStores.mongodbResourceRef.name
that you specified in your Ops Manager resource definition.Configure an S3 bucket to use as the S3 snapshot store.
Ensure that you can access the S3 bucket using the details that you specified in your Ops Manager resource definition.
Optional: Confirm that the Ops Manager resource is running.¶
If you enabled backup, check the status of your Ops Manager resource by invoking the following command:
When Ops Manager is running, the command returns the following
output under the status
field:
See Troubleshoot the Kubernetes Operator for information about the resource deployment statuses.
Concatenate your TLS certificate and Private Key.¶
Important
The Kubernetes Operator requires that the Ops Manager instance’s TLS
certificate and Private Key are concatenated into a single file
called server.pem
.
If your TLS certificate and Private Key are separate files, run the following command to concatenate them:
If necessary, validate your TLS Certificate.¶
If your TLS certificate is signed by a Custom Certificate Authority, you must provide a CA certificate to validate the TLS certificate. To validate the TLS certificate, create a ConfigMap to hold the CA certificate:
Warning
You must concatenate your custom CA file and the entire
TLS certificate chain from downloads.mongodb.com
to prevent
Ops Manager from becoming inoperable if the application database
restarts.
Important
The Kubernetes Operator requires that the certificate is named
mms-ca.crt
in the ConfigMap.
Obtain the entire TLS certificate chain from
downloads.mongodb.com
. The followingopenssl
command outputs each certificate in the chain to your current working directory, in.crt
format:Concatenate your CA’s certificate file with the entire TLS certificate chain from
downloads.mongodb.com
that you obtained in the previous step:Create the ConfigMap:
Configure the settings highlighted in the prior example.¶
Key | Type | Description | Example |
---|---|---|---|
metadata.name |
string | Name for this Kubernetes Ops Manager object. Resource names must be 44 characters or less. See also
|
om |
spec.replicas |
number | Number of Ops Manager instances to run in parallel. The minimum valid value is Highly Available Ops Manager Resources For high availability, set this value to more than |
1 |
spec.version |
string | Version of Ops Manager to be installed. The format should be X.Y.Z. To view available Ops Manager versions, view the container registry. |
4.2.12 |
spec.adminCredentials |
string | Name of the secret you created for the Ops Manager admin user. Note Configure the secret to use the same namespace as the Ops Manager resource. |
om-admin-secret |
string | Name of the ConfigMap you created to verify TLS certificates signed using a Custom Certificate Authority. Important This field is required if you signed your TLS certificates using a Custom Certificate Authority. |
om-http-cert-ca |
|
string | Name of of the secret you created for the TLS certificate. | om-http-cert |
|
string | The Kubernetes service ServiceType that exposes Ops Manager outside of Kubernetes. Note Exclude the
|
LoadBalancer |
|
integer | Number of members of the Ops Manager Application Database replica set. | 3 |
|
string | Optional. Version of MongoDB that the Ops Manager Application Database should run. The format should be Important Ensure that you choose a compatible MongoDB Server version. Compatible versions differ depending on the base image that the MongoDB database resource uses. Deploy Ops Manager Resource Offline To deploy Ops Manager inside Kubernetes without an Internet connection,
omit this setting or leave the value empty. The Kubernetes Operator
installs the bundled MongoDB Enterprise version To learn more about MongoDB versioning, see see MongoDB Versioning in the MongoDB Manual. |
4.2.11-ent |
|
boolean | Flag indicating if this MongoDB Kubernetes resource should use Persistent Volumes for storage. Persistent volumes are not deleted when the MongoDB Kubernetes resource is stopped or restarted. Important You must set this value to
To change your Persistent Volume Claims configuration, configure the following collections to meet your deployment requirements:
Warning Grant your containers permission to write to your Persistent Volume.
The Kubernetes Operator sets |
true |
Optional: Configure Backup settings¶
If you want to enable backup for your Ops Manager instance, you must configure all of the following settings:
Key | Type | Description | Example |
---|---|---|---|
boolean | Flag that indicates that Backup is enabled for your You must
specify spec.backup.enabled: true to configure settings
for the head database, oplog store, and snapshot store. |
true |
|
string | Name of the oplog store. | oplog1 |
|
string | Name of the MongoDB database resource for the oplog store. | my-oplog-db |
You must also configure an S3 snapshot store or a blockstore.
Note
If you deploy both an S3 snapshot store and a blockstore, Ops Manager randomly choses one to use for Backup.
To configure a snapshot store, configure the following settings:
Key | Type | Description | Example |
---|---|---|---|
string | Name of the S3 snapshot store. | s3store1 |
|
string | Name of the secret that contains the accessKey and
secretKey fields. The Backup Daemon Service uses the
values of these fields as credentials to access the S3 or
S3-compatible bucket. |
my-s3-credentials |
|
string | URL of the S3 or S3-compatible bucket that stores the database Backup snapshots. | s3.us-east-1.amazonaws.com |
|
string | Name of the S3 or S3-compatible bucket that stores the database Backup snapshots. | my-bucket |
To configure a blockstore, configure the following settings:
Key | Type | Description | Example |
---|---|---|---|
string | Name of the blockstore. | blockStore1 |
|
string | Name of the MongoDB database resource that you create for the blockstore. You must deploy this database resource in the same namespace as the Ops Manager resource. | my-mongodb-blockstore |
Optional: Configure any additional settings for an Ops Manager deployment.¶
Add any optional settings that you want to apply to your deployment to the object specification file.
Save this file with a .yaml
file extension.¶
Create your Ops Manager instance.¶
Invoke the following kubectl
command on the filename of the
Ops Manager resource definition:
Track the status of your Ops Manager instance.¶
To check the status of your Ops Manager resource, invoke the following command:
The command returns the following output under the status
field
while the resource deploys:
The Kubernetes Operator reconciles the resources in the following order:
- Application Database.
- Ops Manager.
- Backup.
The Kubernetes Operator doesn’t reconcile a resource until the preceding
one enters the Running
phase.
After the Ops Manager resource completes the Reconciling
phase, the
command returns the following output under the status
field if you
enabled backup:
Backup remains in a Pending
state until you configure the Backup
databases.
Tip
The status.opsManager.url
field states the resource’s
connection URL. Using this URL, you can reach Ops Manager from
inside the Kubernetes cluster or create a project using a
ConfigMap.
After the resource completes the Reconciling
phase, the command
returns the following output under the status
field:
Backup remains in a Pending
state until you configure the Backup
databases.
Tip
The status.opsManager.url
field states the resource’s
connection URL. Using this URL, you can reach Ops Manager from
inside the Kubernetes cluster or create a project using a
ConfigMap.
Access the Ops Manager application.¶
The steps you take differ based on how you are routing traffic to the Ops Manager application in Kubernetes. If you configured the Kubernetes Operator to create a Kubernetes service for you, or you created a Kubernetes service manually, use one of the following methods to access the Ops Manager application:
- External Traffic Routes Using LoadBalancer Service
- External Traffic Routed Using NodePort Service
Query your cloud provider to get the FQDN of the load balancer service. See your cloud provider’s documentation for details.
Open a browser window and navigate to the Ops Manager application using the FQDN and port number of your load balancer service.
Log in to Ops Manager using the admin user credentials.
Set your firewall rules to allow access from the Internet to the
spec.externalConnectivity.
port
on the host on which your Kubernetes cluster is running.Open a browser window and navigate to the Ops Manager application using the FQDN and the
spec.externalConnectivity.
port
.Log in to Ops Manager using the admin user credentials.
To learn how to access the Ops Manager application using a third-party service, refer to the documentation for your solution.
Create credentials for the Kubernetes Operator.¶
To configure credentials, you must create an Ops Manager organization, generate programmatic API keys, and create a secret. These activities follow the prerequisites and procedure on the Create Credentials for the Kubernetes Operator page.
Create a project using a ConfigMap.¶
To create a project, follow the prerequisites and procedure on the Create One Project using a ConfigMap page.
Set the following fields in your project ConfigMap:
Set
data.baseUrl
in the ConfigMap to the Ops Manager Application’s URL. To find this URL, invoke the following command:The command returns the URL of the Ops Manager Application in the
status.opsManager.url
field.Important
If you deploy Ops Manager with the Kubernetes Operator and Ops Manager will manage MongoDB database resources deployed outside of the Kubernetes cluster it’s deployed to, you must set
data.baseUrl
to the same value of thespec.configuration.mms.centralUrl
setting in the Ops Manager resource specification.Set
data.sslMMSCAConfigMap
to the name of your ConfigMap containing the root CA certificate used to sign the Ops Manager host’s certificate. The Kubernetes Operator requires this name to bemms-ca.crt
.
Deploy MongoDB database resources to complete the Backup configuration.¶
By default, Ops Manager enables Backup. Create a MongoDB database resource for the oplog and snapshot stores to complete the configuration.
Deploy a MongoDB database resource for the oplog store in the same namespace as the Ops Manager resource.
Note
Create this database as a three-member replica set.
Match the
metadata.name
of the resource with thespec.backup.opLogStores.mongodbResourceRef.name
that you specified in your Ops Manager resource definition.Deploy a MongoDB database resource for the S3 snapshot store in the same namespace as the Ops Manager resource.
Note
Create the S3 snapshot store as a replica set.
Match the
metadata.name
of the resource to thespec.backup.s3Stores.mongodbResourceRef.name
that you specified in your Ops Manager resource definition.
Confirm that the Ops Manager resource is running.¶
To check the status of your Ops Manager resource, invoke the following command:
When Ops Manager is running, the command returns the following
output under the status
field:
See Troubleshoot the Kubernetes Operator for information about the resource deployment statuses.