Install MongoDB Enterprise Kubernetes Operator

MongoDB Enterprise Kubernetes Operator allows you to deploy MongoDB deployment items with Kubernetes and Ops Manager from a macOS or Linux host. This Operator uses Kubernetes and Ops Manager Application Programming Interface methods to deploy standalone, replica set, and sharded cluster deployments that Ops Manager manages.


This tutorial presumes some knowledge of Kubernetes, but does link to relevant Kubernetes documentation where possible. If you are unfamiliar with Kubernetes, please review that documentation first.


To install the MongoDB Enterprise Kubernetes Operator, you must:

  1. Have a Kubernetes solution available to use.

    If you need a Kubernetes solution, see the Kubernetes documentation on picking the right solution.

  2. Clone the MongoDB Enterprise Kubernetes Operator repository.


    You can use Helm to install the Kubernetes Operator. To learn how to install Helm, see its documentation on GitHub

  3. Have or create an Ops Manager Project.

  4. Have or generate a Public API Key.

  5. Add the IP or CIDR block of any hosts that serve the Kubernetes Operator to the API Whitelist.


Kubernetes Compatibility

MongoDB Enterprise Kubernetes Operator is compatible with Kubernetes v1.9 or later.

Kubernetes ClusterRole with Administrative Rights

The Kubernetes Operator must have a Kubernetes ClusterRole with admin rights, default name=cluster-admin. Edit the Helm Chart roles.yaml if it has a different name.

Install the MongoDB Enterprise Kubernetes Operator

Using Helm

  1. Change to the directory in which you cloned the repository.

  2. Invoke the following Helm command:

    helm install helm_chart/ --name mongodb-enterprise

Using kubectl

  1. Change to the directory in which you cloned the repository.

  2. Invoke the following kubectl command:

    kubectl apply -f mongodb-enterprise.yaml

Create Ops Manager Project

A Project for MongoDB Enterprise Kubernetes Operator uses a ConfigMap that links to your Ops Manager Project. To create a Project for Kubernetes Operator, you need to edit 4 lines of the example ConfigMap YAML file and apply the ConfigMap:

  1. Copy the example ConfigMap.

    apiVersion: v1
    kind: ConfigMap
      name: my-project
      namespace: mongodb
      projectId: my-project-id
      baseUrl: https://my-ops-cloud-manager-url
  2. Open your preferred text editor and paste the example ConfigMap into a new text file.

  3. Change the following four lines:

    Key Type Description Example string

    Label for a Kubernetes object.

    See also

    Kubernetes documentation on names.

    metadata.namespace string

    Scope of object names. Used to limit what can be managed to a subset of all objects. In this tutorial, mongodb is only a namespace example because it is the default value; you do not need to label your namespace as mongodb.


    The namespaces for the Kubernetes Operator and MongoDB Kubernetes resources should be in different namespaces.

    The ConfigMap must be created in the same namespace as the secret and MongoDB Kubernetes resources.

    See also

    Kubernetes documentation on namespaces.

    data.projectId string

    24 character hex string that uniquely identifies your MongoDB Project. It can be found in the URL when Ops Manager is open to your Deployment page:

    data.baseUrl string URL to your Ops Manager Application.
  4. Save this file with a .yaml file extension.

  5. Invoke the following Kubernetes command to create your project:

    kubectl apply -f my-project.yaml
  6. Invoke the following Kubernetes command to verify your project:

    kubectl describe configmaps my-project

    This command returns a ConfigMap description in the shell:

    Name:           my-project
    Namespace:      mongodb
    Labels:         <none>
    Annotations:    <none>

Create Credentials

For the Kubernetes Operator to create or update objects in your Ops Manager Project, you need to store your username and Public API Key as a Kubernetes secret. Creating a secret stores authentication credentials in a way that only Kubernetes can access.

Multiple secrets can exist in the same namespace. Each user should have their own secret.

To create your Kubernetes secret:

  1. Make sure you have your Ops Manager username and Public API Key.

    If you do not have your Public API Key, you need to generate a new Public API Key.

  2. Invoke the following Kubernetes command to create your secret:

    kubectl -n mongodb create secret generic \
      my-credentials --from-literal="user=<>" \


    The -n flag limits the namespace to which this secret applies. All MongoDB Kubernetes resources must be in the same namespace with the secrets and ConfigMaps. The Kubernetes Operator does not use either the secrets or ConfigMaps.

  3. Invoke the following Kubernetes command to verify your secret:

    kubectl describe secrets/my-credentials -n mongodb

    This command returns a secret description in the shell:

    Name:         my-credentials
    Namespace:    mongodb
    Labels:       <none>
    Annotations:  <none>
    Type:  Opaque
    publicApiKey:  31 bytes
    user:          22 bytes


Review the logs

If you have an issue with your Kubernetes resources, invoke this command:

kubectl logs

See also

Kubernetes documentation kubectl logs.

If you want to narrow your review to a specific pod, you can invoke this command:

kubectl logs <podInStatefulset>


If your replica set is labeled myrs, the pod log command is invoked as:

kubectl logs myrs-0

To find which pods are available, invoke this command first:

kubectl get pods -n <yourNamespace>

To review the Kubernetes Operator logs, invoke this command:

kubectl logs -f deployment/mongodb-enterprise-operator -n <yourOperatorNamespace>

See also

Kubernetes documentation on kubectl get.

You could check the Agent Logs to see if any issues were reported to Ops Manager.

Next Steps

After installing your Kubernetes Operator then creating your ConfigMap and secret, you can create your deployment items: