(DOCS-13947): add yaml for non-helm openshift cluster-wide deployments (#434)

jwilliams-mongo · jwilliams-mongo · commit 1ca683fe6179 · 2025-04-14T17:11:17.000-05:00
* (DOCS-13947): add yaml for non-helm openshift cluster-wide deployments

* (DOCS-13947): copy review feedback
diff --git a/source/includes/service-accounts-and-secrets-cluster-wide.yaml b/source/includes/service-accounts-and-secrets-cluster-wide.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: <namespace>
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-enterprise-database-pods
+  namespace: <namespace>
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-enterprise-ops-manager
+  namespace: <namespace>
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: <namespace>
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: <namespace>
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: mongodb-enterprise-appdb
+subjects:
+  - kind: ServiceAccount
+    name: mongodb-enterprise-appdb
+    namespace: <namespace>
+...
diff --git a/source/tutorial/plan-k8s-op-considerations.txt b/source/tutorial/plan-k8s-op-considerations.txt
@@ -173,10 +173,24 @@ following adjustments:
       helm_chart --show-only templates/database-roles.yaml | kubectl
       apply -f -
       
-If you install a cluster-wide |k8s-op-short| without ``helm``, ensure
-that ``spec.template.spec.containers.name.env.name: WATCH_NAMESPACE`` is
-set to ``*`` in :gh:`mongodb-enterprise.yaml
-</mongodb/mongodb-enterprise-kubernetes/blob/master/mongodb-enterprise.yaml>`. 
+If you install a cluster-wide |k8s-op-short| without ``helm``: 
+
+- Ensure that ``spec.template.spec.containers.name.env.name:
+  WATCH_NAMESPACE`` is set to ``*`` in :gh:`mongodb-enterprise.yaml
+  </mongodb/mongodb-enterprise-kubernetes/blob/master/mongodb-enterprise.yaml>`.
+- If you deploy the |k8s-op-short| to OpenShift, ensure that you 
+  create all required local |k8s| service accounts and secrets. Use |oc|
+  or the OpenShift Container Platform UI to apply the following |yaml|
+  file before you deploy the |k8s-op-short|:
+
+  .. note::
+
+     In the sample |yaml| file, replace ``<namespace>`` with the
+     namespace that you want to deploy the |k8s-op-short| to.
+
+  .. literalinclude:: /includes/service-accounts-and-secrets-cluster-wide.yaml
+     :language: yaml
+     :linenos:
 
 Customize the CustomResourceDefinitions that the |k8s-op-short| Watches
 -----------------------------------------------------------------------
