(DOCSP-7311): Create "Deploy Ops Manager in a Container" procedure (#127)

* Docsp 7313: add k8s operator ops manager resource deployment settings (#114)

* (DOCSP-7313): first draft of OM container properties

* (DOCSP-7313): pushing setting file updates

* (DOCSP-7313): adding om object settings using new directive

* (DOCSP-7313): reverting replica set setting program changes

* (DOCSP-7313): cleaning up files changed when experimenting with settings issue

* (DOCSP-7313): typo fix

* Apply suggestions from copy review

Co-Authored-By: Melissa Mahoney <[email protected]>

* (DOCSP-7313): address copy review comments

* (DOCSP-7313): more copy review feedback

* (DOCSP-7313): tech review feedback

* (DOCSP-7313): more copy review edits

* (DOCSP-7311): Create "Deploy Ops Manager in a Container" procedure

Author: melissamahoney-mongodb

source/configure-k8s-operator-for-mdb-resources.txt

@@ -0,0 +1,26 @@
+:noprevnext:
+
+==================================================
+Configure the |k8s-op-short| for MongoDB Resources
+==================================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+.. include:: /includes/toc/dfn-list-configure-k8s-operator-for-mdb-resources.rst
+
+.. include:: /includes/toc/configure-k8s-operator-for-mdb-resources.rst
+
+.. class:: hidden
+
+   .. toctree::
+      :titlesonly:
+
+      /tutorial/create-operator-credentials
+      /tutorial/create-project-using-configmap
+      /tutorial/create-x509-client-certs

source/deploy.txt

@@ -23,6 +23,7 @@ Deploy Resources
    .. toctree::
       :titlesonly:
 
+      /tutorial/deploy-om-container
       /tutorial/deploy-standalone
       /tutorial/deploy-replica-set
       /tutorial/deploy-sharded-cluster

source/includes/admonition-om-resource-alpha.rst

@@ -0,0 +1,5 @@
+.. admonition:: Alpha Release of |onprem| Resource
+   :class: important
+
+   Don't use the |onprem| resource in
+   production environments.

source/includes/fact-use-metadata-name.rst

@@ -0,0 +1,9 @@
+.. admonition:: Use namespace and name of admin user secret
+   :class: note
+
+   This value must match the ``metadata.name`` specified in your admin 
+   user |k8s| secret.
+
+   If the secret is in a different |k8s-ns|, set this value to the 
+   ``namespace`` and ``name`` of the secret using this format: 
+   ``<namespace>/<name>``  

source/includes/k8s/k8s-persistent-volumes-om.rst

@@ -0,0 +1,9 @@
+.. warning::
+
+   Grant your containers permission to write to your |k8s-pv|.
+   The |k8s-op-short| sets ``fsGroup = 2000`` in 
+   :k8sdocs:`securityContext </tasks/configure-pod-container/security-context/>`
+   This makes |k8s|
+   :k8sdocs:`try to fix write permissions </tasks/configure-pod-container/security-context/#discussion>`
+   for the |k8s-pv|. If redeploying the resource does not fix
+   issues with your |k8s-pvs|, contact MongoDB support.

source/includes/k8s/k8s-persistent-volumes.rst

@@ -6,7 +6,8 @@
    This makes |k8s|
    `try to fix write permissions <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#discussion>`__
    for the |k8s-pv|. If redeploying the deployment item does not fix
-   issues with your |k8s-pvs|, contact MongoDB support.
+   issues with your |k8s-pvs|, contact `MongoDB Support
+   <https://support.mongodb.com/welcome>`__.
 
 .. note::
 

source/includes/list-table-k8s-kubectl-install-options.rst

@@ -129,3 +129,74 @@
                      env:
                      - name: MANAGED_SECURITY_CONTEXT
                        value: 'true'
+
+   * - ``OPS_MANAGER_IMAGE_REPOSITORY``
+     - |url| of the repository from which the image for an :doc:`Ops
+       Manager resource </tutorial/deploy-om-container>` is downloaded.
+
+       Default value is:
+       ``quay.io/mongodb/mongodb-enterprise-ops-manager``
+
+       .. code-block:: yaml
+
+          spec.template.spec.containers.name.env.name: 
+          OPS_MANAGER_IMAGE_REPOSITORY
+          spec.template.spec.containers.name.env.value:
+          quay.io/mongodb/mongodb-enterprise-ops-manager
+      
+       .. example::
+
+          .. code-block:: yaml
+             :linenos:
+             :emphasize-lines: 10-13
+
+             spec:
+               template:
+                 spec:
+                   serviceAccountName: mongodb-enterprise-operator
+                   containers:
+                   - name: mongodb-enterprise-operator
+                     image: <operatorVersionUrl>
+                     imagePullPolicy: <policyChoice>
+                     env:
+                     - name: OPS_MANAGER_IMAGE_REPOSITORY
+                       value: quay.io/mongodb/mongodb-enterprise-ops-manager
+                     - name: OPS_MANAGER_IMAGE_PULL_POLICY
+                       value: Always
+       
+   * - ``OPS_MANAGER_IMAGE_PULL_POLICY``
+     - :k8sdocs:`Pull policy
+       </concepts/configuration/overview/#container-images>` for the
+       image deployed to an :doc:`Ops Manager resource
+       </tutorial/deploy-om-container>`.
+       
+       Accepted values are: ``Always``, ``IfNotPresent``, ``Never``
+
+       Default value is: ``Always``
+
+       .. code-block:: yaml
+
+          spec.template.spec.containers.name.env.name: 
+          OPS_MANAGER_IMAGE_PULL_POLICY
+          spec.template.spec.containers.name.env.value: 
+          <policy>
+
+       .. example::
+
+          .. code-block:: yaml
+             :linenos:
+             :emphasize-lines: 10-13
+
+             spec:
+               template:
+                 spec:
+                   serviceAccountName: mongodb-enterprise-operator
+                   containers:
+                   - name: mongodb-enterprise-operator
+                     image: <operatorVersionUrl>
+                     imagePullPolicy: <policyChoice>
+                     env:
+                     - name: OPS_MANAGER_IMAGE_REPOSITORY
+                       value: quay.io/mongodb/mongodb-enterprise-ops-manager
+                     - name: OPS_MANAGER_IMAGE_PULL_POLICY
+                       value: Always

source/includes/steps-deploy-k8s-opsmgr.yaml

@@ -0,0 +1,234 @@
+---
+title: "Copy the following example |onprem| |k8s| |k8s-obj|."
+stepnum: 1
+level: 4
+ref: copy-k8s-example
+content: |
+
+   Change the highlighted settings to match your desired
+   |onprem| configuration.
+
+   .. literalinclude:: /reference/k8s/example-opsmgr-minimal.yaml
+      :language: yaml
+      :emphasize-lines: 5-10,12-13
+
+---
+title: "Open your preferred text editor and paste the |k8s-obj| specification into a new text file."
+stepnum: 2
+level: 4
+ref: paste-k8s-example
+---
+title: "Configure the settings highlighted in the prior example."
+stepnum: 3
+level: 4
+ref: change-k8s-values
+content: |
+
+   .. list-table::
+      :widths: 20 20 40 20
+      :header-rows: 1
+
+      * - Key
+        - Type
+        - Description
+        - Example
+
+      * - :opsmgrkube:`metadata.name`
+        - string
+        - Name for this |k8s| |onprem| |k8s-obj|.
+
+          .. seealso::
+
+             - :opsmgrkube:`metadata.name`
+             - |k8s| documentation on :k8sdocs:`names </concepts/overview/working-with-objects/names/>`.
+
+        - ``om``
+
+      * - :opsmgrkube:`spec.version`
+        - string
+        - Version of |onprem| to be installed.
+
+          The format should be :manual:`X.Y.Z </reference/versioning>`.
+          To view available |onprem| versions, view the
+          `container registry <https://quay.io/repository/mongodb/mongodb-enterprise-ops-manager?tag=latest&tab=tags>`__.
+        - ``4.2.0``
+
+      * - :opsmgrkube:`spec.adminCredentials`
+        - string
+        - Name of the |k8s-secret| you :ref:`created <om-rsrc-prereqs>`
+          for the |onprem| admin user.
+
+          .. note::
+
+             Configure the secret to use the same |k8s-ns| as the |onprem|
+             resource.
+             
+        - ``om-admin-secret``
+
+      * - | ``spec``
+          | ``.applicationDatabase`` 
+          | ``.``:setting:`~spec.members`
+        - integer
+        - Number of members of the :ref:`mms-application-database`
+          replica set.
+        - ``3``
+
+      * - | ``spec``
+          | ``.applicationDatabase``
+          | ``.``:setting:`~spec.version`
+        - string
+        - Version of MongoDB that the :ref:`mms-application-database`
+          should run.
+          
+          The format should be ``X.Y.Z`` for the Community edition and
+          ``X.Y.Z-ent`` for the :product:`Enterprise edition 
+          </mongodb-enterprise-advanced>`.
+
+          To learn more about MongoDB versioning, see see
+          :ref:`release-version-numbers` in the MongoDB Manual.
+        - ``4.0.7``
+
+      * - | ``spec``
+          | ``.applicationDatabase``
+          | ``.``:setting:`~spec.persistent`
+        - boolean
+        - *Optional.*
+
+          Flag indicating if this |k8s-mdbrsc| should use |k8s-pvs| for
+          storage. Persistent volumes are not deleted when the
+          |k8s-mdbrsc| is stopped or restarted.
+
+          If this value is ``true``, then
+          ``spec.applicationDatabase.podSpec.persistence.``
+          :setting:`~spec.podSpec.persistence.single`
+          is set to its default value of ``16G``.
+
+          To change your |k8s-pvcs| configuration, configure the
+          following collections to meet your deployment requirements:
+
+          - If you want one |k8s-pv| for each |k8s-pod|, configure the
+            ``spec.applicationDatabase.``
+            :setting:`~spec.podSpec.persistence.single` collection.
+
+          - If you want separate |k8s-pvs| for data, journals, and
+            logs for each |k8s-pod|, configure the following
+            collections:
+
+            - | ``spec.applicationDatabase``
+              | ``.podSpec.persistence.multiple.``
+              | :setting:`~spec.podSpec.persistence.multiple.data`
+            - | ``spec.applicationDatabase``
+              | ``.podSpec.persistence.multiple.``
+              | :setting:`~spec.podSpec.persistence.multiple.journal`
+            - | ``spec.applicationDatabase``
+              | ``.podSpec.persistence.multiple.``
+              | :setting:`~spec.podSpec.persistence.multiple.logs`
+
+          .. include:: /includes/k8s/k8s-persistent-volumes-om.rst
+
+        - ``true``
+
+---
+title: "(Optional) Configure any additional settings for an |onprem| deployment."
+stepnum: 4
+level: 4
+ref: add-k8s-values
+content: |
+  
+  You can add any of the following optional settings to the
+  |k8s-obj| specification file for an |onprem| deployment:
+
+  - :opsmgrkube:`spec.clusterName`
+  - :opsmgrkube:`spec.configuration`
+  - ``spec.applicationDatabase.``:setting:`~spec.logLevel`
+  - ``spec.applicationDatabase.``:setting:`~spec.featureCompatibilityVersion`
+  - ``spec.applicationDatabase.podSpec.``:setting:`~spec.podSpec.cpu`
+  - ``spec.applicationDatabase.podSpec.``:setting:`~spec.podSpec.cpuRequests`
+  - ``spec.applicationDatabase.podSpec.``:setting:`~spec.podSpec.memory`
+  - ``spec.applicationDatabase.podSpec.``:setting:`~spec.podSpec.memoryRequests`
+  - ``spec.applicationDatabase.podSpec.persistence.``:setting:`~spec.podSpec.persistence.single`
+  - ``spec.applicationDatabase.podSpec.persistence.multiple.``:setting:`~spec.podSpec.persistence.multiple.data`
+  - ``spec.applicationDatabase.podSpec.persistence.multiple.``:setting:`~spec.podSpec.persistence.multiple.journal`
+  - ``spec.applicationDatabase.podSpec.persistence.multiple.``:setting:`~spec.podSpec.persistence.multiple.logs`
+  - ``spec.applicationDatabase.podSpec.``:setting:`~spec.podSpec.podAffinity`
+  - ``spec.applicationDatabase.podSpec.``:setting:`~spec.podSpec.podAntiAffinityTopologyKey`
+  - ``spec.applicationDatabase.podSpec.``:setting:`~spec.podSpec.nodeAffinity`
+
+---
+title: "Save this file with a ``.yaml`` file extension."
+stepnum: 5
+level: 4
+ref: save-object-spec
+
+---
+title: "Create your |onprem| instance."
+stepnum: 6
+level: 4
+ref: start-k8s-instance
+content: |
+
+   Invoke the following ``kubectl`` command on the filename of the
+   |onprem| resource definition:
+
+   .. code-block:: sh
+
+      kubectl apply -f <opsmgr-resource>.yaml
+
+---
+title: "Track the status of your |onprem| instance."
+stepnum: 7
+level: 4
+ref: track-k8s-instance
+content: |
+
+  To check the status of your |onprem| resource, invoke the following 
+  command:
+
+  .. code-block:: sh
+
+     kubectl get om -n <namespace> -o yaml -w
+  
+  The ``-w`` flag means "watch". With the "watch" flag set, the output
+  refreshes immediately when something changes.
+
+  If the deployment fails, see :doc:`/reference/troubleshooting`.
+
+---
+title: "Access your |onprem| instance from a browser."
+stepnum: 8
+level: 4
+ref: access-opsmgr-instance
+content: |
+  
+  a. After the resource deploys successfully, find the external port to 
+     your |onprem| instance.
+     
+     Invoke the following ``kubectl`` command on ``<metadata.name>-svc-external``:
+     ``metadata.name`` :
+
+     .. code-block:: sh
+
+        kubectl get svc <metadata.name>-svc-external -n <namespace>
+
+     The command returns the external port in the ``PORT(S)`` column. In
+     the following example output, the external port is ``30036``:
+
+     .. code-block:: sh
+        :copyable: false
+
+        NAME                            TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
+        <metadata.name>-svc-external    NodePort   100.66.92.110    <none>        8080:30036/TCP    1d
+  
+  #. Set your firewall rules to allow access from the Internet to the
+     external port on the host.
+
+  #. Open a browser window and navigate to the |onprem| application
+     using the |fqdn| and port number.
+
+     .. code-block:: sh
+
+        http://ops.example.com:30036
+  
+  #. Log in to |onprem| using the :ref:`admin user credentials 
+     <om-rsrc-prereqs>`.
+...

source/includes/toc-configure-k8s-operator-for-mdb-resources.yaml

@@ -0,0 +1,15 @@
+file: /tutorial/create-operator-credentials
+description: |
+  Create a |k8s-secret| so the |k8s-op-short| can create and update
+  |k8s-objs| in your |com| Project.
+---
+file: /tutorial/create-project-using-configmap
+description: |
+  Create a |k8s-configmap| to link the |k8s-op-short| to your |com|
+  Project.
+---
+file: /tutorial/create-x509-client-certs
+description:
+  Create an X.509 certificate to connect to an X.509-enabled
+  MongoDB deployment.
+...