diff --git a/docs/mongodbcommunity/deploy-configure.md b/docs/mongodbcommunity/deploy-configure.md index 9bfc1cd43..e295e88b4 100644 --- a/docs/mongodbcommunity/deploy-configure.md +++ b/docs/mongodbcommunity/deploy-configure.md @@ -17,17 +17,17 @@ The [`/config/samples`](../config/samples) directory contains example MongoDBCom ## Deploy a Replica Set **Warning:** When you delete MongoDB resources, persistent volumes remain -to help ensure that no unintended data loss occurs. If you create a new -MongoDB resource with the same name and persistent volumes, the +to help ensure that no unintended data loss occurs. If you create a new +MongoDB resource with the same name and persistent volumes, the pre-existing data might cause issues if the new MongoDB resources have a different topology than the previous ones. To deploy your first replica set: -1. Replace `` in [mongodb-community-operator/config/samples/mongodb.com_v1_mongodbcommunity_cr.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/mongodb.com_v1_mongodbcommunity_cr.yaml) to the password you wish to use. +1. Replace `` in [public/samples/community/mongodb.com_v1_mongodbcommunity_cr.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/mongodb.com_v1_mongodbcommunity_cr.yaml) to the password you wish to use. 2. Invoke the following `kubectl` command: ``` - kubectl apply -f mongodb-community-operator/config/samples/mongodb.com_v1_mongodbcommunity_cr.yaml --namespace + kubectl apply -f public/samples/community/mongodb.com_v1_mongodbcommunity_cr.yaml --namespace ``` 3. Verify that the MongoDBCommunity resource deployed: ``` @@ -258,7 +258,7 @@ To upgrade this resource from `4.0.6` to `4.2.7`: To deploy the operator on OpenShift you will have to provide the environment variable `MANAGED_SECURITY_CONTEXT` set to `true` for the operator deployment. -See [here](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/mongodb.com_v1_mongodbcommunity_openshift_cr.yaml) for +See [here](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/mongodb.com_v1_mongodbcommunity_openshift_cr.yaml) for an example of how to provide the required configuration for a MongoDB replica set. @@ -344,7 +344,7 @@ Under some circumstances it might be necessary to set your own custom values for the `ReadinessProbe` used by the MongoDB Community Operator. To do so, you should use the `statefulSet` attribute in `resource.spec`, as in the following provided example [yaml -file](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/mongodb.com_v1_mongodbcommunity_readiness_probe_values.yaml). +file](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/mongodb.com_v1_mongodbcommunity_readiness_probe_values.yaml). Only those attributes passed will be set, for instance, given the following structure: ```yaml @@ -392,4 +392,4 @@ For ex: env: - name: CLUSTER_DOMAIN value: $CUSTOM_DOMAIN -``` \ No newline at end of file +``` diff --git a/docs/mongodbcommunity/external_access.md b/docs/mongodbcommunity/external_access.md index ea3200830..0082fa458 100644 --- a/docs/mongodbcommunity/external_access.md +++ b/docs/mongodbcommunity/external_access.md @@ -37,7 +37,7 @@ kubectl create secret tls ca-key-pair --cert= --key=``` with your MongoDB deployment name. Also replace ``````, ``````, and `````` with the external FQDNs of the MongoDB replicaset members. Please remember that you will have to add an equal number of entries for each member of the replicaset, for example: +Edit the file [cert-manager-certificate.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/external_access/cert-manager-certificate.yaml) to replace `````` with your MongoDB deployment name. Also replace ``````, ``````, and `````` with the external FQDNs of the MongoDB replicaset members. Please remember that you will have to add an equal number of entries for each member of the replicaset, for example: ```yaml ... @@ -57,30 +57,30 @@ spec: Apply the manifests. Replace `````` with the namespace you are using for the deployment. ```sh -kubectl apply -f mongodb-community-operator/config/samples/external_access/cert-manager-issuer.yaml --namespace -kubectl apply -f mongodb-community-operator/config/samples/external_access/cert-manager-certificate.yaml --namespace +kubectl apply -f public/samples/community/external_access/cert-manager-issuer.yaml --namespace +kubectl apply -f public/samples/community/external_access/cert-manager-certificate.yaml --namespace ``` ### Create the MongoDB deployment -Edit [mongodb.com_v1_mongodbcommunity_cr.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/external_access/mongodb.com_v1_mongodbcommunity_cr.yaml). Replace with the desired MongoDB deployment name -- this should be the same as in the previous step. Replace ``````, ``````, and `````` with the external FQDNs of the MongoDB replicaset members. Please remember that you should have the same number of entries in this section as the number of your replicaset members. You can also edit the ports for external access to your preferred numbers in this section -- you will have to remember to change them in the next step too. Change `````` to your desired admin password for MongoDB. +Edit [mongodb.com_v1_mongodbcommunity_cr.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/external_access/mongodb.com_v1_mongodbcommunity_cr.yaml). Replace with the desired MongoDB deployment name -- this should be the same as in the previous step. Replace ``````, ``````, and `````` with the external FQDNs of the MongoDB replicaset members. Please remember that you should have the same number of entries in this section as the number of your replicaset members. You can also edit the ports for external access to your preferred numbers in this section -- you will have to remember to change them in the next step too. Change `````` to your desired admin password for MongoDB. Apply the manifest. ```sh -kubectl apply -f mongodb-community-operator/config/samples/external_access/mongodb.com_v1_mongodbcommunity_cr.yaml --namespace +kubectl apply -f public/samples/community/external_access/mongodb.com_v1_mongodbcommunity_cr.yaml --namespace ``` Wait for the replicaset to be available. ### Create the external NodePort services for accessing the MongoDB deployment from outside the Kubernetes cluster -Edit [external_services.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/external_access/external_services.yaml) and replace `````` with the MongoDB deployment name that you have used in the preceeding steps. You can change the ```nodePort``` and ```port``` to reflect the changes (if any) you have made in the previous steps. +Edit [external_services.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/external_access/external_services.yaml) and replace `````` with the MongoDB deployment name that you have used in the preceeding steps. You can change the ```nodePort``` and ```port``` to reflect the changes (if any) you have made in the previous steps. Apply the manifest. ```sh -kubectl apply -f mongodb-community-operator/config/samples/external_access/external_services.yaml --namespace +kubectl apply -f public/samples/community/external_access/external_services.yaml --namespace ``` ### Retrieve the certificates from a MongoDB replicaset member diff --git a/docs/mongodbcommunity/x509-auth.md b/docs/mongodbcommunity/x509-auth.md index 6662f7e1f..b9068019c 100644 --- a/docs/mongodbcommunity/x509-auth.md +++ b/docs/mongodbcommunity/x509-auth.md @@ -1,6 +1,6 @@ # Enable X.509 Authentication -You can use Helm or `kubectl` to enable X.509 authentication for the +You can use Helm or `kubectl` to enable X.509 authentication for the MongoDB Agent and client. ## Prerequisites @@ -16,25 +16,25 @@ MongoDB Agent and client. 1. Install `cert-manager`: ``` - helm install cert-manager jetstack/cert-manager --namespace cert-manager \ + helm install cert-manager jetstack/cert-manager --namespace cert-manager \ --create-namespace --set installCRDs=true ``` ## Use Helm to Enable X.509 Authentication -You can use Helm to install and deploy the MongoDB Community Kubernetes -Operator with X.509 Authentication enabled for the MongoDB Agent and +You can use Helm to install and deploy the MongoDB Community Kubernetes +Operator with X.509 Authentication enabled for the MongoDB Agent and client. To learn more, see [Install the Operator using Helm](https://github.com/mongodb/mongodb-kubernetes/blob/master/docs/install-upgrade.md#install-the-operator-using-helm). -1. To deploy the MongoDB Community Kubernetes Operator, copy and paste - the following command and replace the `` variable with the +1. To deploy the MongoDB Community Kubernetes Operator, copy and paste + the following command and replace the `` variable with the namespace: **Note:** The following command deploys a sample resource with X.509 enabled for both the MongoDB Agent and client authentication. It also creates - a sample X.509 user and the certificate that the user can use to + a sample X.509 user and the certificate that the user can use to authenticate. ``` @@ -47,58 +47,58 @@ client. To learn more, see [Install the Operator using Helm](https://github.com/ ## Use `kubectl` to Enable X.509 Authentication -You can use Helm to install and deploy the MongoDB Community Kubernetes -Operator with X.509 Authentication enabled for the MongoDB Agent and +You can use Helm to install and deploy the MongoDB Community Kubernetes +Operator with X.509 Authentication enabled for the MongoDB Agent and client. -1. To install the MongoDB Community Kubernetes Operator, see +1. To install the MongoDB Community Kubernetes Operator, see [Install the Operator using kubectl](https://github.com/mongodb/mongodb-kubernetes/blob/master/docs/install-upgrade.md#install-the-operator-using-kubectl). -1. To create a CA, ConfigMap, secrets, issuer, and certificate, see +2. To create a CA, ConfigMap, secrets, issuer, and certificate, see [Enable External Access to a MongoDB Deployment](https://github.com/mongodb/mongodb-kubernetes/blob/master/docs/external_access.md). -1. Create a YAML file for the MongoDB Agent certificate. For an example, - see [agent-certificate.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/external_access/agent-certificate.yaml). +3. Create a YAML file for the MongoDB Agent certificate. For an example, + see [agent-certificate.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/external_access/agent-certificate.yaml). **Note:** - - For the `spec.issuerRef.name` parameter, specify the + - For the `spec.issuerRef.name` parameter, specify the `cert-manager` issuer that you created previously. - - For the `spec.secretName` parameter, specify the same - value as the `spec.security.authentication.agentCertificateSecretRef` - parameter in your resource. This secret should contain a signed + - For the `spec.secretName` parameter, specify the same + value as the `spec.security.authentication.agentCertificateSecretRef` + parameter in your resource. This secret should contain a signed X.509 certificate and a private key for the MongoDB agent. -1. To apply the file, copy and paste the following command and replace - the `` variable with the name of your MongoDB Agent +4. To apply the file, copy and paste the following command and replace + the `` variable with the name of your MongoDB Agent certificate and the `` variable with the namespace: ``` kubectl apply -f .yaml --namespace ``` -1. Create a YAML file for your resource. For an example, see - [mongodb.com_v1_mongodbcommunity_x509.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/mongodb.com_v1_mongodbcommunity_x509.yaml). +5. Create a YAML file for your resource. For an example, see + [mongodb.com_v1_mongodbcommunity_x509.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/mongodb.com_v1_mongodbcommunity_x509.yaml). **Note:** - For the `spec.security.tls.certificateKeySecretRef.name` parameter, specify a reference to the secret that contains the private key and - certificate to use for TLS. The operator expects the PEM encoded key - and certificate available at "tls.key" and "tls.crt". Use the same - format used for the standard "kubernetes.io/tls" Secret type, but no - specific type is required. Alternatively, you can provide - an entry called "tls.pem" that contains the concatenation of the - certificate and key. If all of "tls.pem", "tls.crt" and "tls.key" - are present, the "tls.pem" entry needs to equal the concatenation + certificate to use for TLS. The operator expects the PEM encoded key + and certificate available at "tls.key" and "tls.crt". Use the same + format used for the standard "kubernetes.io/tls" Secret type, but no + specific type is required. Alternatively, you can provide + an entry called "tls.pem" that contains the concatenation of the + certificate and key. If all of "tls.pem", "tls.crt" and "tls.key" + are present, the "tls.pem" entry needs to equal the concatenation of "tls.crt" and "tls.key". - For the `spec.security.tls.caConfigMapRef.name` parameter, specify the ConfigMap that you created previously. - For the `spec.authentication.modes` parameter, specify `X509`. - - - If you have multiple authentication modes, specify the + + - If you have multiple authentication modes, specify the `spec.authentication.agentMode` parameter. - The `spec.authentication.agentCertificateSecretRef` parameter @@ -106,10 +106,10 @@ client. - For the `spec.users.db` parameter, specify `$external`. - - Do not set the `spec.users.scramCredentialsSecretName` parameter + - Do not set the `spec.users.scramCredentialsSecretName` parameter and the `spec.users.passwordSecretRef` parameters. -1. To apply the file, copy and paste the following command and replace +6. To apply the file, copy and paste the following command and replace the `` variable with your resource and the `` variable with the namespace: @@ -117,11 +117,11 @@ client. kubectl apply -f .yaml --namespace ``` -1. Create a YAML file for the client certificate. For an example, see - [cert-x509.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/mongodb-community-operator/config/samples/external_access/cert-x509.yaml). +7. Create a YAML file for the client certificate. For an example, see + [cert-x509.yaml](https://github.com/mongodb/mongodb-kubernetes/blob/master/public/samples/community/external_access/cert-x509.yaml). -1. To apply the file, copy and paste the following command and replace - the `` variable with the name of your client +8. To apply the file, copy and paste the following command and replace + the `` variable with the name of your client certificate and the `` variable with the namespace: ```