Install Percona server for MongoDB on OpenShift
Clone the percona-server-mongodb-operator repository:
git clone -b v1.6.0 https://github.com/percona/percona-server-mongodb-operator cd percona-server-mongodb-operator
It is crucial to specify the right branch with
-boption while cloning the code on this step. Please be careful.
The Custom Resource Definition for Percona Server for MongoDB should be created from the
deploy/crd.yamlfile. The Custom Resource Definition extends the standard set of resources which Kubernetes “knows” about with the new items, in our case these items are the core of the operator.
This step should be done only once; it does not need to be repeated with other deployments.
$ oc apply -f deploy/crd.yaml
Setting Custom Resource Definition requires your user to have cluster-admin role privileges.
If you want to manage Percona Server for MongoDB cluster with a non-privileged user, the necessary permissions can be granted by applying the next clusterrole:
$ oc create clusterrole psmdb-admin --verb="*" --resource=perconaservermongodbs.psmdb.percona.com,perconaservermongodbs.psmdb.percona.com/status,perconaservermongodbbackups.psmdb.percona.com,perconaservermongodbbackups.psmdb.percona.com/status,perconaservermongodbrestores.psmdb.percona.com,perconaservermongodbrestores.psmdb.percona.com/status $ oc adm policy add-cluster-role-to-user psmdb-admin <some-user>
If you have a cert-manager installed, then you have to execute two more commands to be able to manage certificates with a non-privileged user:
$ oc create clusterrole cert-admin --verb="*" --resource=iissuers.certmanager.k8s.io,certificates.certmanager.k8s.io $ oc adm policy add-cluster-role-to-user cert-admin <some-user>
Create a new
$ oc new-project psmdb
Add role-based access control (RBAC) for Percona Server for MongoDB is configured with the
deploy/rbac.yamlfile. RBAC is based on clearly defined roles and corresponding allowed actions. These actions are allowed on specific Kubernetes resources. The details about users and roles can be found in OpenShift documentation.
$ oc apply -f deploy/rbac.yaml
Start the Operator within OpenShift:
$ oc apply -f deploy/operator.yaml
Add the MongoDB Users secrets to OpenShift. These secrets should be placed as plain text in the stringData section of the
deploy/secrets.yamlfile as login name and passwords for the user accounts (see Kubernetes documentation for details).
After editing the yaml file, the secrets should be created with the following command:
$ oc create -f deploy/secrets.yaml
More details about secrets can be found in Users.
Now certificates should be generated. By default, the Operator generates certificates automatically, and no actions are required at this step. Still, you can generate and apply your own certificates as secrets according to the TLS instructions.
Percona Server for MongoDB cluster can be created at any time with the following two steps:
#platform:and edit the field to
platform: openshift. The result should be like this:
apiVersion: psmdb.percona.com/v1alpha1 kind: PerconaServerMongoDB metadata: name: my-cluster-name spec: platform: openshift ...
(optional) In you’re using minishift, please adjust antiaffinity policy to
affinity: antiAffinityTopologyKey: "none" ...
Create/apply the CR file:
$ oc apply -f deploy/cr.yaml
The creation process will take time. The process is complete when all Pods have reached their Running status. You can check it with the following command:
$ oc get pods
The result should look as follows:
NAME READY STATUS RESTARTS AGE my-cluster-name-cfg-0 2/2 Running 0 11m my-cluster-name-cfg-1 2/2 Running 1 10m my-cluster-name-cfg-2 2/2 Running 1 9m my-cluster-name-mongos-55659468f7-2kvc2 1/1 Running 0 11m my-cluster-name-mongos-55659468f7-7jfqc 1/1 Running 0 11m my-cluster-name-mongos-55659468f7-dfwcj 1/1 Running 0 11m my-cluster-name-rs0-0 2/2 Running 0 11m my-cluster-name-rs0-1 2/2 Running 0 10m my-cluster-name-rs0-2 2/2 Running 0 9m percona-server-mongodb-operator-6fc78d686d-26hdz 1/1 Running 0 37m
Check connectivity to newly created cluster. Please note that mongo client command shall be executed inside the container manually.
$ oc run -i --rm --tty percona-client --image=percona/percona-server-mongodb:4.4.2-4 --restart=Never -- bash -il percona-client:/$ mongo "mongodb://userAdmin:userAdmin123456@my-cluster-name-mongos.psmdb.svc.cluster.local/admin?ssl=false"