(DOCSP-15004) Fix Operator installation for cluster-wide scope (#566)

* (DOCSP-15004) Fix Operator installation for cluster-wide scope

* Moved topic into standalone, added tabs

* Adding draft review comments from Nikolas

* Continued with draft review

* Include copy review by Melissa

* Fixed warnings and replaced rst gh roles. Ready to merge

Author: JuliaMongo

conf.py

@@ -236,8 +236,7 @@
     'wikipedia' : ('https://en.wikipedia.org/wiki%s', ''),
     'k8sdocs': ('https://kubernetes.io/docs%s', ''),
     'v1.2': ('https://docs.mongodb.com/kubernetes-operator/v1.2%s', ''),
-    'gh' : ('https://github.com%s', ''),
-    'gh-meko' : ('https://github.com/mongodb/mongodb-enterprise-kubernetes%s', ''),
+    'github' : ('https://github.com%s', ''),
     'gopkg' : ('https://godoc.org%s',''),
     'npmjs' : ('https://www.npmjs.com/package%s',''),
     'osi' : ('https://opensource.org%s', ''),

source/includes/service-accounts-and-secrets-cluster-wide-no-helm.yaml

@@ -0,0 +1,53 @@
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: <namespace>
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: mongodb-enterprise-database-pods
+  namespace: <namespace>
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: mongodb-enterprise-ops-manager
+  namespace: <namespace>
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: <namespace>
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - patch
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: <namespace>
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: mongodb-enterprise-appdb
+subjects:
+  - kind: ServiceAccount
+    name: mongodb-enterprise-appdb
+    namespace: <namespace>
+...
+

source/includes/service-accounts-and-secrets-cluster-wide.yaml

@@ -1,18 +1,18 @@
 ---
-apiVersion: v1
 kind: ServiceAccount
+apiVersion: v1
 metadata:
   name: mongodb-enterprise-appdb
   namespace: <namespace>
 ---
-apiVersion: v1
 kind: ServiceAccount
+apiVersion: v1
 metadata:
   name: mongodb-enterprise-database-pods
   namespace: <namespace>
 ---
-apiVersion: v1
 kind: ServiceAccount
+apiVersion: v1
 metadata:
   name: mongodb-enterprise-ops-manager
   namespace: <namespace>
@@ -29,6 +29,12 @@ rules:
       - secrets
     verbs:
       - get
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - patch
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -44,3 +50,4 @@ subjects:
     name: mongodb-enterprise-appdb
     namespace: <namespace>
 ...
+

source/includes/steps-install-prereqs.yaml

@@ -12,7 +12,7 @@ content: |
 stepnum: 2
 level: 4
 ref: clone-k8s-repo
-title: "Clone the :gh:`MongoDB Enterprise Kubernetes Operator repository </mongodb/mongodb-enterprise-kubernetes>`."
+title: "Clone the :github:`MongoDB Enterprise Kubernetes Operator repository </mongodb/mongodb-enterprise-kubernetes>`."
 content: |
 
   .. code-block:: sh
@@ -23,7 +23,7 @@ content: |
 
      You can use `Helm <https://helm.sh/>`__ to install the
      |k8s-op-short|. To learn how to install Helm, see its
-     :gh:`documentation on GitHub </kubernetes/helm>`.
+     :github:`documentation on GitHub </kubernetes/helm>`.
 
 ---
 stepnum: 3

source/includes/steps-kind-quick-start.yaml

@@ -2,7 +2,7 @@
 stepnum: 1
 level: 4
 ref: clone-k8s-repo-kind
-title: "Clone the :gh:`MongoDB Enterprise Kubernetes Operator repository </mongodb/mongodb-enterprise-kubernetes>`."
+title: "Clone the :github:`MongoDB Enterprise Kubernetes Operator repository </mongodb/mongodb-enterprise-kubernetes>`."
 content: |
 
   .. code-block:: sh

source/reference/k8s-operator-om-specification.txt

@@ -14,7 +14,7 @@ Ops Manager Resource Specification
    :depth: 2
    :class: singlecol
 
-The :gh:`MongoDB Enterprise Kubernetes Operator </mongodb/mongodb-enterprise-kubernetes>`
+The :github:`MongoDB Enterprise Kubernetes Operator </mongodb/mongodb-enterprise-kubernetes>`
 creates a containerized |onprem| deployment from specification files
 that you write.
 

source/reference/k8s-operator-specification.txt

@@ -16,7 +16,7 @@ MongoDB Database Resource Specification
 
 .. include:: /includes/admonitions/note-substitute-opsm-with-cloudm.rst
 
-The :gh:`MongoDB Enterprise Kubernetes Operator </mongodb/mongodb-enterprise-kubernetes>`
+The :github:`MongoDB Enterprise Kubernetes Operator </mongodb/mongodb-enterprise-kubernetes>`
 creates |k8s| |k8s-statefulsets| from specification files that you
 wrote.
 

source/reference/production-notes.txt

@@ -106,9 +106,10 @@ sizes.
              storageClass: standard
 
 For a full example of persistent volumes configuration, see
-:gh-meko:`replica-set-persistent-volumes.yaml </blob/master/samples/mongodb/persistent-volumes/replica-set-persistent-volumes.yaml>`
-in the :gh-meko:`Persistent Volumes Samples
-</tree/master/samples/mongodb/persistent-volumes>` directory. This
+:github:`replica-set-persistent-volumes.yaml 
+</mongodb/mongodb-enterprise-kubernetes/blob/master/samples/mongodb/persistent-volumes/replica-set-persistent-volumes.yaml>`
+in the :github:`Persistent Volumes Samples
+</mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/persistent-volumes>` directory. This
 directory also contains sample persistent volumes configurations for
 sharded clusters and standalone deployments.
 
@@ -165,8 +166,8 @@ The following sections illustrate how to:
 - :ref:`set CPU and Memory for MongoDB Pods <mdb_pods_resources>`.
 
 For the Pods hosting |onprem|, use the
-:gh-meko:`default resource limits configurations
-</blob/master/samples/ops-manager/ops-manager-pod-spec.yaml#L38-L46>`.
+:github:`default resource limits configurations
+</mongodb/mongodb-enterprise-kubernetes/blob/master/samples/ops-manager/ops-manager-pod-spec.yaml#L38-L46>`.
 
 .. _operator_pod_resources:
 
@@ -254,7 +255,8 @@ numbers in the configuration file for the |k8s-op-short| Pod.
 
 For a full example of CPU and memory utilization resources and limits
 for the |k8s-op-short| Pod that satisfy parallel deployment of up to
-50 MongoDB replica sets, see the :gh-meko:`mongodb-enterprise.yaml </blob/master/mongodb-enterprise.yaml#L219-L235>`
+50 MongoDB replica sets, see the :github:`mongodb-enterprise.yaml
+</mongodb/mongodb-enterprise-kubernetes/blob/master/mongodb-enterprise.yaml#L219-L235>`
 file.
 
 .. seealso::
@@ -324,14 +326,14 @@ replica set member in your deployment.
 
 For a full example of CPU and memory utilization resources and limits
 for Pods hosting MongoDB replica set members, see the
-:gh-meko:`replica-set-podspec.yaml </blob/master/samples/mongodb/podspec/replica-set-podspec.yaml#L38-L45>`
-file in the the :gh-meko:`MongoDB Podspec Samples </tree/master/samples/mongodb/podspec>` directory.
+:github:`replica-set-podspec.yaml </mongodb/mongodb-enterprise-kubernetes/blob/master/samples/mongodb/podspec/replica-set-podspec.yaml#L38-L45>`
+file in the the :github:`MongoDB Podspec Samples </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/podspec>` directory.
 
 This directory also contains sample CPU and memory limits
 configurations for Pods used for:
 
-- A sharded cluster, in the :gh-meko:`sharded-cluster-podspec.yaml <blob/master/samples/mongodb/podspec/sharded-cluster-podspec.yaml#L62-91>`.
-- Standalone MongoDB deployments, in the :gh-meko:`standalone-podspec.yaml <blob/master/samples/mongodb/podspec/standalone-podspec.yaml#L36-39>`.
+- A sharded cluster, in the :github:`sharded-cluster-podspec.yaml </mongodb/mongodb-enterprise-kubernetesblob/master/samples/mongodb/podspec/sharded-cluster-podspec.yaml#L62-91>`.
+- Standalone MongoDB deployments, in the :github:`standalone-podspec.yaml </mongodb/mongodb-enterprise-kubernetesblob/master/samples/mongodb/podspec/standalone-podspec.yaml#L36-39>`.
 
 .. seealso::
 
@@ -386,8 +388,8 @@ availability zones configuration.
                  - e2e-az2
 
 See the full example of multiple availability zones configuration in
-:gh-meko:`replica-set-affinity.yaml </blob/master/samples/mongodb/affinity/replica-set-affinity.yaml>`
-in the :gh-meko:`Affinity Samples </tree/master/samples/mongodb/persistent-volumes>`
+:github:`replica-set-affinity.yaml </mongodb/mongodb-enterprise-kubernetes/blob/master/samples/mongodb/affinity/replica-set-affinity.yaml>`
+in the :github:`Affinity Samples </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/persistent-volumes>`
 directory.
 
 This directory also contains sample affinity and multiple zones
@@ -466,8 +468,8 @@ To specify Pod affinity:
 
 See the full example of multiple availability zones and node affinity
 configuration in
-:gh-meko:`replica-set-affinity.yaml </blob/master/samples/mongodb/affinity/replica-set-affinity.yaml>`
-in the :gh-meko:`Affinity Samples </tree/master/samples/mongodb/persistent-volumes>`
+:github:`replica-set-affinity.yaml </mongodb/mongodb-enterprise-kubernetes/blob/master/samples/mongodb/affinity/replica-set-affinity.yaml>`
+in the :github:`Affinity Samples </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/persistent-volumes>`
 directory.
 
 This directory also contains sample affinity and multiple
@@ -563,8 +565,8 @@ parameter, as shown in the following abbreviated example.
         mode: "preferSSL"
 
 See the full |tls| configuration example in
-:gh-meko:`replica-set.yaml </tree/master/samples/mongodb/tls/replica-set>`
-in the :gh-meko:`TLS </tree/master/samples/mongodb/tls>`
+:github:`replica-set.yaml </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/tls/replica-set>`
+in the :github:`TLS </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/tls>`
 samples directory. This directory also contains sample |tls| configurations for
 sharded clusters and standalone deployments.
 
@@ -589,9 +591,9 @@ MongoDB users and the {+mdbagent+} instances.
 The |k8s-op-short| generates and distributes the certificate.
 
 See the full X.509 certificates configuration examples in the
-:gh-meko:`x509 Authentication
-</tree/master/samples/mongodb/authentication/x509>` directory in
-the :gh-meko:`Authentication </tree/master/samples/mongodb/authentication>`
+:github:`x509 Authentication
+</mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/authentication/x509>` directory in
+the :github:`Authentication </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/authentication>`
 samples directory. This directory also contains sample LDAP and SCRAM configurations.
 
 Example Deployment CRD

source/reference/troubleshooting.txt

@@ -1,8 +1,8 @@
 .. _k8s-troubleshooting:
 
-==================================
-Troubleshooting the |k8s-op-short|
-==================================
+===============================
+Troubleshoot the |k8s-op-short|
+===============================
 
 .. default-domain:: mongodb
 

source/release-notes.txt

@@ -298,7 +298,7 @@ Improvements
 - To manage Database Pod resources, use the
   :setting:`spec.podSpec.podTemplate` MongoDB Custom Resource attribute.
   For an example resource definition of each supported type, see the
-  :gh:`samples/mongodb/podspec </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/podspec>`
+  :github:`samples/mongodb/podspec </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/podspec>`
   directory. The following attributes are deprecated:
 
   - :setting:`spec.podSpec.cpu`
@@ -385,7 +385,7 @@ Ops Manager Resource Changes
 - Allows the Application Database to be configured with SCRAM-SHA-256
   authentication when using |onprem| 4.4 or newer version.
 - Changes the validation of the |onprem| :setting:`spec.version` field
-  to allow for tags that do not match the :gh:`semver </blang/semver>`
+  to allow for tags that do not match the :github:`semver </blang/semver>`
   requirements. The :setting:`spec.version` field must start with the
   ``Major.Minor.Patch`` string that represents the |onprem| version. To
   learn more about this field, see :ref:`k8s-om-specification`.
@@ -537,7 +537,7 @@ MongoDB Resource Changes
 
 - Supports LDAP as an authorization mechanism for MongoDB database
   resources you deploy with the |k8s-op-short|. For more information,
-  see the sample LDAP configurations on :gh:`GitHub
+  see the sample LDAP configurations on :github:`GitHub
   </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/authentication/ldap>`
 
 Bug Fixes
@@ -620,7 +620,7 @@ MongoDB Resource Changes
 
 - Supports LDAP as an authentication mechanism for MongoDB database
   resources you deploy with the |k8s-op-short|. For more information,
-  see the sample LDAP configurations on :gh:`GitHub
+  see the sample LDAP configurations on :github:`GitHub
   </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/authentication/ldap>`.
 
   .. note::
@@ -659,7 +659,7 @@ MongoDB Resource Changes
 - Provides additional options for more granular configuration of
   |mongod| / |mongos| processes. You can find an example of how to apply
   these options in the ``/samples/mongodb/mongodb-options`` file of the
-  :gh:`MongoDB Enterprise Kubernetes Operator repository </mongodb/mongodb-enterprise-kubernetes>`.
+  :github:`MongoDB Enterprise Kubernetes Operator repository </mongodb/mongodb-enterprise-kubernetes>`.
 
 Bug Fixes
 `````````
@@ -869,7 +869,7 @@ Ops Manager Resource Changes
    - Removes the ``spec.backup.podSpec`` configuration setting. Use
      :opsmgrkube:`spec.backup.statefulSet.spec` instead.
 
-See the :gh:`sample YAML files
+See the :github:`sample YAML files
 </mongodb/mongodb-enterprise-kubernetes/tree/master/samples>`
 for new feature usage examples.
 
@@ -981,7 +981,7 @@ Bug Fixes
   - No longer starts monitoring and backup processes for the Application
     Database.
 
-See the :gh:`sample YAML files
+See the :github:`sample YAML files
 </mongodb/mongodb-enterprise-kubernetes/tree/master/samples>` for new
 feature usage examples.
 
@@ -1028,7 +1028,7 @@ Bug Fixes
 
   - Enables the |k8s-op-short| to use the ``spec.clusterDomain`` setting.
 
-See the :gh:`sample YAML files
+See the :github:`sample YAML files
 </mongodb/mongodb-enterprise-kubernetes/tree/master/samples>` for new
 feature usage examples.
 
@@ -1080,7 +1080,7 @@ MongoDB Resource Changes
 - Adds support for OpenShift (Red Hat UBI Images).
 
 For more information on how to enable new features, see the sample YAML
-files in the :gh:`samples directory
+files in the :github:`samples directory
 </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/ops-manager>`.
 
 Bug Fixes
@@ -1117,7 +1117,7 @@ MongoDB Resource Changes
   accessible. You must :ref:`migrate to one resource per project
   <migrate-single-cluster>`.
 
-- Supports ``SCRAM-SHA`` authentication mode. See :gh:`the MongoDB
+- Supports ``SCRAM-SHA`` authentication mode. See :github:`the MongoDB
   Enterprise Kubernetes Operator GitHub repository
   </mongodb/mongodb-enterprise-kubernetes/tree/master/samples/mongodb/authentication/scram>`
   for examples.
@@ -1344,9 +1344,9 @@ This feature is an alpha release. It is not ready for production use.
   :manual:`featureCompatibilityVersion </reference/command/setFeatureCompatibilityVersion>`.
 - **Fix:** |tls| can be disabled in a deployment.
 - **Improvement:** Adds
-  :gh-meko:`script </blob/master/support/mdb_operator_diagnostic_data.sh>`
+  :github:`script </blob/master/support/mdb_operator_diagnostic_data.sh>`
   in the
-  :gh-meko:`support </tree/master/support>` directory that can gather
+  :github:`support </tree/master/support>` directory that can gather
   information of your MongoDB resources in Kubernetes.
 - **Improvement:** In a |tls| environment, the |k8s-op-short| can use a
   custom |certauth|. All the certificates must be passed as |k8s-secret|
@@ -1432,7 +1432,7 @@ This feature is an alpha release. It is not ready for production use.
   replica sets and sharded clusters. The |tls| certificates are created
   automatically by the |k8s-op-short|. Refer to the sample
   ``.yaml`` files in the
-  :gh-meko:`GitHub repository </tree/master/samples>`
+  :github:`GitHub repository </tree/master/samples>`
   for examples.
 
 - Wide or asterisk roles have been replaced with strict listing of
@@ -1614,7 +1614,7 @@ This feature is an alpha release. It is not ready for production use.
 
 - The Operator no longer creates the CustomResourceDefinition objects.
   The user needs to create them manually. Download and apply
-  :gh:`this new yaml file </mongodb/mongodb-enterprise-kubernetes/blob/master/crds.yaml>`
+  :github:`this new yaml file </mongodb/mongodb-enterprise-kubernetes/blob/master/crds.yaml>`
   (``crd.yaml``) to create/configure these objects.
 
 - ClusterRoles are no longer required. How the Operator watches