Create One Project Per MongoDB Deployment Using a ConfigMap
On this page
The MongoDB Enterprise Kubernetes Operator uses a Kubernetes ConfigMap to link to a single and unique
Ops Manager Project. If the
referenced project doesn't exist, the Kubernetes Operator creates it
according to the projectName
that you provide in the ConfigMap.
To create a Kubernetes Operator ConfigMap, you can edit a few lines of the example ConfigMap YAML file and apply the ConfigMap. To view a full example, see the project.yaml file.
Alternatively, you can use the MongoDB Cloud Manager UI or the Ops Manager UI to create or choose a project, and automatically generate the ConfigMap YAML file, which you can then apply to your Kubernetes environment.
Considerations
You can deploy only one MongoDB resource per project. This limit applies because Ops Manager supports only one authentication method for database user access per project. To learn more, see Deploy a MongoDB Database Resource.
You must pair a MongoDB Enterprise Kubernetes Operator deployment to a unique Ops Manager Project. You can either create a distinct ConfigMap for each MongoDB Enterprise Kubernetes Operator instance you deploy, or you can reuse the same ConfigMap for any number of deployments by omitting the
data.projectName
from your ConfigMap, so that project names align with deployed resource names. Where a project name is provided in the config map, if that project does not exist yet it will be created.
Important
You can use the Kubernetes Operator to deploy MongoDB resources with Cloud Manager and with Ops Manager version 6.0.x or later.
You can use the Atlas Operator to deploy MongoDB resources to Atlas.
Prerequisites
Kubernetes version 1.11 or later or Openshift version 3.11 or later.
MongoDB Enterprise Kubernetes Operator version 0.11 or later installed.
Create One Project Using a ConfigMap
Configure kubectl
to default to your namespace.
If you have not already, run the following command to execute all
kubectl
commands in the namespace you created.
Note
If you are deploying an Ops Manager resource in a multi-Kubernetes cluster MongoDB deployment:
Set the
context
to the name of the central cluster, such as:kubectl config set context "$MDB_CENTRAL_CLUSTER_FULL_NAME"
.Set the
--namespace
to the same scope that you used for your multi-Kubernetes cluster MongoDB deployment, such as:kubectl config --namespace "mongodb"
.
kubectl config set-context $(kubectl config current-context) --namespace=<metadata.namespace>
Invoke the following command to create a ConfigMap.
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: ConfigMap metadata: name: my-project namespace: mongodb data: projectName: myProjectName # this is an optional parameter; when omitted, the Operator creates a project with the resource name orgId: 5b890e0feacf0b76ff3e7183 # this is a required parameter baseUrl: https://ops.example.com:8443 EOF
Key | Type | Description | Example |
---|---|---|---|
metadata.name | string | my-project | |
metadata.namespace | string | mongodb | |
data.projectName | string | Label for your Ops Manager Project. The Kubernetes Operator creates the Ops Manager project if it does
not exist. If you omit the To use an existing project in a Cloud Manager or Ops Manager
organization, locate
the | myProjectName |
data.orgId | string | Required. 24 character hex string that uniquely identifies your Cloud Manager or Ops Manager Organization. You can use the Kubernetes Operator to deploy MongoDB resources with Cloud Manager and with Ops Manager version 6.0.x or later. You can use the Atlas Operator to deploy MongoDB resources to Atlas. Specify an existing Organization:
You must have the Organization Project Creator role to create a new project within an existing Cloud Manager or Ops Manager organization. If you provide an empty string as your | 5b890e0feacf0b76ff3e7183 |
data.baseUrl | string | URL to your Ops Manager Application including the FQDN and port number. IMPORTANT: If you deploy Ops Manager with the Kubernetes Operator and
Ops Manager will manage MongoDB database resources deployed outside of
the Kubernetes cluster it's deployed to, you must set If you're using Cloud Manager, set the | https://ops.example.com:8443 |
Invoke the following Kubernetes command to verify your ConfigMap.
kubectl describe configmaps <configmap-name>
This command returns a ConfigMap description in the shell:
Name: <configmap-name> Namespace: <namespace> Labels: <none> Annotations: <none> Data ==== baseUrl: ---- <myOpsManagerURL> Events: <none>
Connect to HTTPS-enabled Ops Manager Using a Custom CA
You might have chosen to use your own TLS certificate to enable HTTPS for your Ops Manager instance. If you used a custom certificate, you need to add the CA that signed that custom certificate to the Kubernetes Operator. To add your custom CA, complete the following:
Create a ConfigMap for the certificate authority (CA) certificate.
The Kubernetes Operator requires the root CA certificate of the CA that issued the Ops Manager host's certificate. Run the following command to create a ConfigMap containing the root CA in the same namespace of your database Pods:
kubectl -n <metadata.namespace> create configmap <root-ca-configmap-name> \ --from-file=mms-ca.crt
Important
The Kubernetes Operator requires that you name the Ops Manager resource's
certificate mms-ca.crt
in the ConfigMap.
Copy the highlighted section of the following example ConfigMap
.
1 2 apiVersion: v1 3 kind: ConfigMap 4 metadata: 5 name: <my-configmap> 6 namespace: <my-namespace> 7 data: 8 projectName: <my-ops-manager-project-name> # this is an optional parameter 9 orgId: <org-id> # this is a required parameter 10 baseUrl: https://<my-ops-manager-URL>
11 sslMMSCAConfigMap: <root-ca-configmap-name> 12 sslRequireValidMMSServerCertificates: ‘true’ 13 ...
Add the highlighted section to your project's ConfigMap.
Invoke the following command to edit your project's ConfigMap in the default configured editor:
kubectl edit configmaps <my-configmap> -n <metadata.namespace> Paste the highlighted section in the example ConfigMap at the end of the project ConfigMap.
Specify the TLS settings
Change the following TLS keys:
Key | Type | Description | Example |
---|---|---|---|
sslMMSCAConfigMap | string | Name of the ConfigMap created in the first step
containing the root CA certificate used to sign the
Ops Manager host's certificate. This mounts the CA certificate
to the Kubernetes Operator and database resources. | my-root-ca |
sslRequireValidMMSServerCertificates | boolean | Forces the Operator to require a valid TLS certificate from Ops Manager. IMPORTANT: The value must be enclosed in single quotes or the operator will throw an error. | 'true' |
Invoke the Kubernetes command to verify your ConfigMap.
kubectl describe configmaps <my-configmap> -n <metadata.namespace>
Important
Always include the namespace option with kubectl
.
kubectl defaults to an empty namespace if you don't specify the
-n
option, resulting in deployment failures. You must specify
the value of the <metadata.namespace>
field. The
Kubernetes Operator, secret, and MongoDB
resources should run in the
same unique namespace.
This command returns a ConfigMap description in the shell:
Name: <my-configmap> Namespace: <namespace> Labels: <none> Annotations: <none> Data ==== sslMMSCAConfigMap: ---- <root-ca-configmap-name> sslRequireValidMMSServerCertificates: ---- true Events: <none>
Next Steps
Now that you created your ConfigMap, Create Credentials for the Kubernetes Operator before you start deploying MongoDB resources.