Skip to content

Install Percona Server for MongoDB on OpenShift

Percona Operator for Percona Server for MongoDB is a Red Hat Certified Operator. This means that Percona Operator is portable across hybrid clouds and fully supports the Red Hat OpenShift lifecycle.

Installing Percona Server for MongoDB on OpenShift includes two steps:

  • Installing the Percona Operator for MongoDB,
  • Install Percona Server for MongoDB using the Operator.

Install the Operator

You can install Percona Operator for MongoDB on OpenShift using the Red Hat Marketplace web interface or using the command line interface.

Install the Operator via the Red Hat Marketplace

  1. login to the Red Hat Marketplace and register your cluster following the official instructions.
  2. Go to the Percona Operator for MongoDB page and click the Free trial button:


    Here you can “purchase” the Operator for 0.0 USD.

  3. When finished, chose Workspace->Software in the system menu on the top and choose the Operator:


    Click the Install Operator button.

Install the Operator via the command-line interface

  1. Clone the percona-server-mongodb-operator repository:

    $ git clone -b v1.13.0
    $ cd percona-server-mongodb-operator


    It is crucial to specify the right branch with -b option while cloning the code on this step. Please be careful.

  2. The Custom Resource Definition for Percona Server for MongoDB should be created from the deploy/crd.yaml file. The Custom Resource Definition extends the standard set of resources which Kubernetes “knows” about with the new items, in our case these items are the core of the operator.

    This step should be done only once; it does not need to be repeated with other deployments.

    Apply it as follows:

    $ oc apply -f deploy/crd.yaml


    Setting Custom Resource Definition requires your user to have cluster-admin role privileges.

    If you want to manage Percona Server for MongoDB cluster with a non-privileged user, the necessary permissions can be granted by applying the next clusterrole:

    $ oc create clusterrole psmdb-admin --verb="*",,,,,
    $ oc adm policy add-cluster-role-to-user psmdb-admin <some-user>

    If you have a cert-manager installed, then you have to execute two more commands to be able to manage certificates with a non-privileged user:

    $ oc create clusterrole cert-admin --verb="*",
    $ oc adm policy add-cluster-role-to-user cert-admin <some-user>
  3. Create a new psmdb project:

    $ oc new-project psmdb
  4. Add role-based access control (RBAC) for Percona Server for MongoDB is configured with the deploy/rbac.yaml file. RBAC is based on clearly defined roles and corresponding allowed actions. These actions are allowed on specific Kubernetes resources. The details about users and roles can be found in OpenShift documentation.

    $ oc apply -f deploy/rbac.yaml
  5. Start the Operator within OpenShift:

    $ oc apply -f deploy/operator.yaml

Install Percona Server for MongoDB

  1. Add the MongoDB Users secrets to OpenShift. These secrets should be placed as plain text in the stringData section of the deploy/secrets.yaml file as login name and passwords for the user accounts (see Kubernetes documentation for details).

    After editing the yaml file, the secrets should be created with the following command:

    $ oc create -f deploy/secrets.yaml

    More details about secrets can be found in Users.

  2. Now certificates should be generated. By default, the Operator generates certificates automatically, and no actions are required at this step. Still, you can generate and apply your own certificates as secrets according to the TLS instructions.

  3. Percona Server for MongoDB cluster can be created at any time with the following steps:

    1. Uncomment the deploy/cr.yaml field #platform: and edit the field to platform: openshift. The result should be like this:

      kind: PerconaServerMongoDB
        name: my-cluster-name
        platform: openshift
    2. (optional) In you’re using minishift, please adjust antiaffinity policy to none

           antiAffinityTopologyKey: "none"
    3. Create/apply the Custom Resource file:

      $ oc apply -f deploy/cr.yaml

      The creation process will take time. The process is complete when all Pods have reached their Running status. You can check it with the following command:

      $ oc get pods

      The result should look as follows:

      NAME                                               READY   STATUS    RESTARTS   AGE
      my-cluster-name-cfg-0                              2/2     Running   0          11m
      my-cluster-name-cfg-1                              2/2     Running   1          10m
      my-cluster-name-cfg-2                              2/2     Running   1          9m
      my-cluster-name-mongos-0                           1/1     Running   0          11m
      my-cluster-name-mongos-1                           1/1     Running   0          11m
      my-cluster-name-mongos-2                           1/1     Running   0          11m
      my-cluster-name-rs0-0                              2/2     Running   0          11m
      my-cluster-name-rs0-1                              2/2     Running   0          10m
      my-cluster-name-rs0-2                              2/2     Running   0          9m
      percona-server-mongodb-operator-665cd69f9b-xg5dl   1/1     Running   0          37m
  4. Check connectivity to newly created cluster.

    First of all, run a container with a MongoDB client and connect its console output to your terminal. The following command will do this, naming the new Pod percona-client:

    $ oc run -i --rm --tty percona-client --image=percona/percona-server-mongodb:4.4.16-16 --restart=Never -- bash -il

    Executing it may require some time to deploy the correspondent Pod. Now run mongo tool in the percona-client command shell using the login (which is userAdmin) with a proper password obtained from the Secret:

    percona-client:/$ mongo "mongodb://userAdmin:userAdmin123456@my-cluster-name-mongos.psmdb.svc.cluster.local/admin?ssl=false"

Last update: 2022-11-03