MongoDB Enterprise Kubernetes Operator
OTHER License
Bot releases are hidden (Show)
Published by mms-build-account almost 3 years ago
publicKey
and privateKey
. These should be preferred to the existent user
and publicApiKey
when using Programmatic API Keys in Ops Manager.operator.watchNamespace
to a comma-separated list of Namespaces.Deprecation Notice
The usage of generic secrets, manually created by concatenating certificate and private key, is now deprecated.
spec.project
has been removed from MongoDB spec, this field has been deprecated since operator version 1.3.0
. Make sure to specify the project configmap name under spec.opsManager.configMapRef.name
or spec.cloudManager.configMapRef.name
before upgrading the operator.spec.security.certsSecretPrefix
. This string is now used to determine the name of the secrets containing various TLS certificates:
<spec.security.certsSecretPrefix>-<resource-name>-cert
spec.security.tls.secretRef.name
or spec.security.tls.secretRef.prefix
are specified, these will take precedence over the new field<resource-name>-cert
spec.security.certsSecretPrefix
is specified, the secret name is<spec.security.certsSecretPrefix>-<resource-name>-agent-certs
spec.authentication.agents.clientCertificateSecretRef
is specified, this will take precedence over the new fieldagent-certs
spec.security.certsSecretPrefix
is specified, the secret name is <spec.security.certsSecretPrefix>-<resource-name>-clusterfile
<resource-name>-clusterfile
spec.backup.fileSystemStores
in OM CR. The FS however needs to be manually configured.spec.backup.externalServiceEnabled
to false
in OM CR. By default, the operator would create the LoadBalancer type service object.spec.security.certSecretPrefix
. This is string is now used to determine the name of the secret containing the TLS certificate for OpsManager.
spec.security.tls.secretRef.Name
is specified, it will take the precedence
spec.security.certSecretPrefix
is specified, the secret name will be <spec.security.certSecretPrefix>-<om-resource-name>-cert
spec.project
has been removed from User spec, this field has been deprecated since operator version 1.3.0
. Make sure to specify the MongoDB resource name under spec.MongoDBResourceRef.name
before upgrading the operator.Sample policies are now available in opa_examples directory
Published by chatton over 3 years ago
net.ssl.mode
and not net.tls.mode
in the spec.additionalMongodConfig
field.spec.exposedExternally
is set to false
after being set to true
, the Operator will now delete the corresponding servicespec.externalConnectivity
is unset after being set, the Operator will now delete the corresponding servicespec.backup.members
field. The value defaults to 1 if not set.Ops Manager versions 4.4.13, 4.4.14, 4.4.15 and 4.2.25 are now supported
Ops Manager version 5.0.0 is now supported
Ubuntu based operator images are now based on Ubuntu 20.04 instead of Ubuntu 16.04
Ubuntu based database images starting from 2.0.1 will be based on Ubuntu 18.04 instead of Ubuntu 16.04
NOTE: MongoDB 4.0.0 does not support Ubuntu 18.04 - If you want to use MongoDB 4.0.0, stay on previously released images
Ubuntu based Ops Manager images after 4.4.13 will be based on Ubuntu 20.04 instead of Ubuntu 16.04
Newly released ubi images for Operator, Ops Manager and Database will be based un ubi-minimal instead of ubi
Published by bznein over 3 years ago
LivenessProbe
that could cause the database Pods to be restarted in the middle of a restore operation from Backup.mongodb
, mongodb-agent
, mongodb-agent-monitoring
) and it does not bundle anymore a MongoDB versionspec.applicationDatabase.version
is no longer optional.spec.applicationDatabase.persistent
does not exist anymore, the Operator will now always use persistent volumes for the AppDB.mongodb-agent 10.29.0.6830-1:
mongodb-enterprise-appdb-database
mongodb-enterprise-init-appdb 1.0.7
mongodb-enterprise-init-database 1.0.3
Published by rodrigovalin over 3 years ago
Changes
v1beta1
to v1
version. This should not have any impact on Kubernetes clusters 1.16 and up. The CRDs won't be installable in clusters with versions older than 1.16.Bug fixes
spec.backup.mode=disabled
fail.automation.versions.download.baseUrl
has been set, the property automation.versions.download.baseUrl.allowOnlyAvailableBuilds
false
. This has been fixed in Ops Manager version 4.4.11.Published by chatton over 3 years ago
Published by irajdeep almost 4 years ago
delete service
permission from operator role.spec.security.authentication.roles
by removing the privileges
array would cause the resource to enter a bad statemongodb-enterprise-appdb:10.2.15.5958-1_4.2.11-ent
was released. The image needs4.2.11-ent
instead of 4.2.2-ent
.spec.applicationDatabase.version
is omitted the Operator will use 4.2.11-ent
as a default MongoDB.Published by chatton almost 4 years ago
spec.backup.enabled
to true
. Note: You must have an Ops Manager resource already configured with backup. See the docs for more information.matchLabels
attribute,Service
to allow for Queryable Backups feature to work.Published by antonlisovenko almost 4 years ago
MongoDBOpsManager
resource gets to Failing
state when both external connectivity and backups are enabledUbuntu 16.04: quay.io/mongodb/mongodb-enterprise-operator:1.8.2
UBI8: quay.io/mongodb/mongodb-enterprise-operator-ubi:1.8.2
Published by rodrigovalin almost 4 years ago
Note: quay.io/mongodb/mongodb-enterprise-init-ops-manager:1.0.2 will support new release versions.
A list of the packages installed, and any security vulnerabilities detected in our build process, are outlined here
For the MongoDB Enterprise Operator
https://quay.io/repository/mongodb/mongodb-enterprise-operator?tab=tags
And for the MongoDB Enterprise Database
https://quay.io/repository/mongodb/mongodb-enterprise-database?tab=tags
Published by chatton about 4 years ago
INIT_DATABASE_IMAGE_REPOSITORY
environment variable must be configured in the operator deployment, and the new init container must exist inside this repository.spec.security.authentication.requireClientTLSAuthentication
spec.security.authentication.agents.clientCertificateSecretRef
A list of the packages installed, and any security vulnerabilities detected in our build process, are outlined here
For the MongoDB Enterprise Operator
https://quay.io/repository/mongodb/mongodb-enterprise-operator?tab=tags
And for the MongoDB Enterprise Database
https://quay.io/repository/mongodb/mongodb-enterprise-database?tab=tags
Published by LouisPlisso about 4 years ago
Published by LouisPlisso about 4 years ago
The 1.7.x releases will be the last versions to support OpenShift 3.11. Please, make sure to stay with the 1.7.x release series in order to support OpenShift 3.11. Planned EOL for 1.7.x is July 2021.
New Features:
samples/mongodb/authentication/ldap
directory for examples on how to enable LDAP for your Replica Set and Sharded Clusters.Bug fixes:
Known Issues:
Published by rodrigovalin about 4 years ago
quay.io/mongodb/mongodb-enterprise-operator:1.6.1
quay.io/mongodb/mongodb-enterprise-operator-ubi:1.6.1
quay.io/mongodb/mongodb-enterprise-database:1.6.1
quay.io/mongodb/mongodb-enterprise-database-ubi:1.6.1
quay.io/mongodb/mongodb-enterprise-ops-manager:4.4.0
quay.io/mongodb/mongodb-enterprise-ops-manager-ubi:4.4.0
quay.io/mongodb/mongodb-enterprise-init-appdb:1.0.2
quay.io/mongodb/mongodb-enterprise-init-appdb-ubi:1.0.2
Published by LouisPlisso over 4 years ago
Published by rodrigovalin over 4 years ago
public/samples/mongodb/mongodb-options
and in the MongoDB documentation.Published by LouisPlisso over 4 years ago
Published by rodrigovalin over 4 years ago
Published by rodrigovalin over 4 years ago
Published by chatton over 4 years ago
Fixed issue where when no authentication was configured by the operator, the operator would disable authentication in Ops Manager or Cloud Manager. The operator will no longer disable authentication unless spec.security.authentication.enabled: false
is explicitly set.
The generation of TLS certificates by the operator is being deprecated. Warning messages will now appear if operator generated certificates are used. See the documentation https://docs.mongodb.com/kubernetes-operator/stable/secure/ for how to configure secure deployments.
Published by LouisPlisso over 4 years ago
Better support for custom TLS certificates by using spec.security.tls.secretRef and spec.security.tls.ca configuration properties
TLS certificate generation by the Operator is now deprecated. We recommend migration to custom TLS certificates
The MongoDBOpsManager resource is now Generally Available (GA).
Breaking change: removes the spec.podSpec and spec.backup.podSpec fields in favour of spec.statefulSet and spec.backup.statefulSet configuration properties.
Breaking change: new Operator configuration properties INIT_OPS_MANAGER_IMAGE_REPOSITORY, INIT_APPDB_IMAGE_REPOSITORY, APPDB_IMAGE_REPOSITORY were added. When using a private docker registry, these properties have to point to the relevant registries after having copied the images from our distribution channels.
Adds support for Backup Blockstore Snapshot Stores
The Backup S3 Snapshot Store now uses Application Database as a metadata database by default
Adds support for spec.jvmParameter and spec.backup.jvmParameter to add or override JVM parameters in Ops Manager and Backup Daemon processes
Ops Manager and Backup Daemon JVM memory parameters are automatically configured based on pod memory availability
Adds support for TLS for Ops Manager and the Application Database
Adds more detailed information to status field
Support for Ops Manager Local Mode for MongoDBOpsManager resources with multiple replicas by enabling users to specify PersistentVolumeClaimTemplates in spec.statefulSet
New Image Versioning Scheme
Known Issues: To enable S3 Snapshot stores in Ops Manager 4.2.10 and 4.2.12, users must set "brs.s3.validation.testing: disabled"
See the sample YAML files for new feature usage examples.