Docs Menu

Docs HomeMongoDB Atlas Kubernetes Operator

Atlas Kubernetes Operator Changelog

On this page

Note

You can find the full list of Atlas Kubernetes Operator releases here.

  • Adds support for AP1 and US1-Fed Datadog regions. To learn more, see Integrate with Third-Party Services.

  • Adds support for yearly backup frequencies for Cloud Backups.

  • Disables the --subobject-deletion-protection flag due to a bug that prevents users from modifying existing resources when deletion protection is enabled. You can still use the --object-deletion-protection flag to control deletion protection on a per-custom-resource basis.

  • Adds the terminationProtectionEnabled property to the deploymentSpec fields in the AtlasProject Custom Resource to achieve feature parity with serverless instances deployed with the AtlasDeployment Custom Resource.

  • Adds OIDC and AWS IAM authentication fields to the AtlasDatabaseUser Custom Resource. To learn more, see spec.oidcAuthType.

  • Custom resources you delete in Kubernetes won't get deleted in Atlas. Instead, Atlas Kubernetes Operator stops managing those resources. For example, if you delete an AtlasProject Custom Resource in Kubernetes, Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas, preventing accidental or unexpected deletions. To learn more, including how to revert this behavior to the default prior to Atlas Kubernetes Operator 2.0.1, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.

  • deploymentSpec replaces advancedDeploymentSpec in the AtlasDeployment custom resource. You must update your AtlasDeployment custom resource as follows:

    • If you use advancedDeploymentSpec, rename to deploymentSpec. You don't need to change any formatting.

    • If you used deploymentSpec prior to Atlas Kubernetes Operator 2.0.1, rewrite your AtlasDeployment custom resource to match the formatting used in the examples.

  • Improves snapshot distribution management by removing replicationSpecId from the AtlasBackupSchedule Custom Resource so it can be reused by multiple deployments managed by Atlas Kubernetes Operator. The replicationSpecId is now automatically set for every deployment that references it. As a result of this change, you can no longer configure replicationSpecId and should remove it from your AtlasBackupSchedule custom resource.

  • Forces the use of secretRef fields for encryptionAtRest and alertConfigurations features to promote security best practices. You should now store API secrets and credentials as secrets and reference them from the AtlasProject Custom Resource using the following fields:

    For spec.alertConfigurations.notifications:

    • Use APITokenRef instead of APIToken

    • Use DatadogAPIKeyRef instead of DatadogAPIKey

    • Use FlowdockTokenAPIRef instead of FlowdockTokenAPI

    • Use OpsGenieAPIKeyRef instead of OpsGenieAPIKey

    • Use VictorOpsSecretRef instead of VictorOpsAPIKey and VictorOpsRoutingKey

    To learn more, see Third-Party Alert Configuration Example.

    For spec.encryptionAtRest:

    • AWS Use secretRef instead of AccessKeyID, SecretAccessKey, CustomerMasterKeyID, and RoleID.

    • Azure Use secretRef instead of SubscriptionID, KeyVaultName, KeyIdentifier, and Secret.

    • GCP Use secretRef instead of ServiceAccountKey or KeyVersionResourceID.

    To learn more, see Encrypt Data Using a Key Management Service.

Warning

This release contains an issue that prevents Atlas Kubernetes Operator from reconciling the AtlasBackupSchedule Custom Resource when deletion protection is enabled. Don't use this version (2.0.0), and instead use Atlas Kubernetes Operator 2.0.1.

  • Fixes an issue that caused reconciliation to fail when you updated a deployment with autoscaling enabled.

  • Validation now rejects duplicate alert configurations.

  • Fixes a bug that duplicated projects listed in a team's status.

  • Refactors the IPAccessList reconciliation flow to avoid unneeded recreation.

  • Fixes backup schedule repeatedly updating.

  • Adds the AtlasFederatedAuth Custom Resource to configure federated authentication for Identity Providers that you already registered in Atlas.

  • Supports Atlas for Government deployments. You must configure the Gov endpoint accordingly. Atlas Kubernetes Operator supports only AWS as a cloud provider for Atlas for Government.

  • Supports database deployment resource tagging. To learn more, see the following settings:

  • Adds new arguments to serverless for continuous backups and termination protection.

  • Improves validation and handling of autoscaling reporting.

  • Provides guidance on using third-party secret management tools with Atlas Kubernetes Operator to support external key management systems. To learn how to configure external secret storage for Atlas Kubernetes Operator, see Configure Secret Storage.

  • Uses UBI micro base image instead of minimal. The micro base image is a smaller base image with fewer dependencies.

AtlasProject Custom Resource:

  • Fixes an issue that caused continual audit log updates in the project activity feed.

  • Fixes an issue that caused incorrect reconciliation of custom database roles.

AtlasDeployment Custom Resource:

  • Upgrades the Atlas client to v0.32.0.

AtlasProject Custom Resource:

AtlasDatabaseUser Custom Resource:

  • Fixes an issue where private endpoint connection strings were missing from sharded clusters.

AtlasDataFederation Custom Resource:

  • Moves leases.coordination.k8s.io to its own proxy-role rule.

AtlasProject Custom Resource:

  • Adds the spec.settings.IsExtendedStorageSizesEnabled parameter.

  • Upgrades Go to 1.20.

  • Updates the value of the spec.export.frequencyType parameter of the AtlasBackupSchedule custom resource from MONTHLY to monthly.

  • Fixes connection secret generation for different namespaces.

  • Fixes configuration of automated cloud backup export.

  • Fixes CVE-2023-0436: Secret logging may occur in debug mode of Atlas Operator

    The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version.

    Required Configuration:

    DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27)

    CVSS: 4.5

    CWE-319: Cleartext Transmission of Sensitive Information

  • Adds Openshift 4.12 compatibility.

  • Supports Kubernetes 1.25.

AtlasProject Custom Resource:

  • A project can now refer to a connection secret in a different namespace with the spec.connectionSecretRef.namespace parameter.

  • Supports multiple private endpoints per a single provider and region.

  • Supports storing all private endpoint connection strings.

  • Fixes an issue with Google Cloud KMS for the Encryption at Rest feature.

AtlasDeployment Custom Resource:

  • Deprecates the autoIndexingEnabled field.

  • Supports snapshot distribution.

AtlasProject Custom Resource:

  • Fixes an issue with an IP access list.

AtlasDeployment Custom Resource:

AtlasProject Custom Resource:

AtlasDeployment Custom Resource:

AtlasProject Custom Resource:

AtlasDeployment Custom Resource:

  • Fixes an issue with connection secret creation.

  • Fixes the minimum version of Openshift.

AtlasProject Custom Resource:

  • Fixes the InstanceSize must match issue.

  • Ensures private endpoints are always added to the status.

AtlasDeployment Custom Resource:

  • Converts the OplogMinRetentionHours field properly.

  • Updates the minimum required Openshift version to 4.8.

AtlasProject Custom Resource:

AtlasProject Custom Resource:

  • Adds support for audit logs. You can enable auditing with the spec.auditing.enabled field. For more information about Atlas Kubernetes Operator auditing, see Configure Audit Logs.

  • Adds support for project settings via the spec.settings field.

  • Adds support for alert configurations via the spec.alertConfigurations field.

AtlasDeployment Custom Resource:

  • Adds support for autoscaling of the instanceSize and diskSizeGB parameters.

  • Fixes an issue where adding an IP address with CIDR block /32 to Network Access could leave the IP Access List inactive indefinitely.

  • Fixes an issue where creating project integrations that require namespace references could result in errors when the user provides a namespace other than the project namespace, or does not provide a namespace.

AtlasProject Custom Resource:

AtlasDeployment Custom Resource:

  • Fixes a resource reconciliation issue that occured when you delete an AtlasDeployment Custom Resource after the API key has expired.

  • Fixes an issue where you could change the instanceSize and diskSizeGB parameters for deployments with autoscaling enabled. To change the instanceSize and diskSizeGB parameters, you must first disable autoscaling.

  • Fixes an error message that returns when Atlas Kubernetes Operator can't delete a project's backup policy or backup schedule.

  • Fixes an issue where the AtlasDeployment Custom Resource was not created successfully when the instance size for a deployed resource changed from M10 to M40.

  • Fixes an issue where creating an AtlasDeployment Custom Resource with advancedDeploymentSpec failed with autoscaling.diskGBEnabled and adds a new AdvancedAutoScalingSpec struct to AdvancedDeploymentSpecChanges.

  • Fixes an issue where you could decrease diskSizeGB for deployments with autoscaling enabled. To change the diskSizeGB parameter, you must first disable autoscaling.

  • Fixes a resource reconciliation issue where the Atlas API returns an empty object for scheduled backups.

  • Fixes an issue where private endpoint connection strings were missing from Kubernetes secrets.

  • Fixes an issue where Atlas Kubernetes Operator didn't remove conditions for unused resources.

  • Adds missing private endpoint fields to Pod conditions.

  • Adds log levels and JSON log output for Atlas Kubernetes Operator. To change the log level, you can provide the —log-level=debug | info | warn | error | dpanic | panic | fatal flag. To change the output format, you can provide the —log-encoder=json | console flag.

AtlasProject Custom Resource:

AtlasDeployment Custom Resource:

  • Upgrades the Controller Runtime to v0.11.0.

  • Upgrades Go to 1.17.

  • When you install a cluster using Helm Charts, Helm doesn't exit until the cluster is ready if you set postInstallHook.enabled to true.

  • Atlas Kubernetes Operator watches secrets only with the label atlas.mongodb.com/type=credentials to avoid watching unnecessary secrets.

  • Supports the mongodb.com/atlas-reconciliation-policy=skip annotation for configuring Atlas Kubernetes Operator to skip reconciliations on specific resources.

  • Supports X.509 authentication.

  • Fixes an issue that logged errors for resource deletion.

  • Adds the spec.advancedClusterSpec parameter to the AtlasCluster custom resource. The AtlasCluster custom resource now has two main configuration options. You must specify either spec.clusterSpec or spec.advancedClusterSpec. The spec.clusterSpec parameter uses the Atlas Cluster API Resource. The spec.advancedClusterSpec parameter uses the Atlas Advanced Cluster API Resource.

    Note

    To migrate an existing resource to use the spec.clusterSpec structure, you must move all fields currently under spec.* to spec.clusterSpec.* with the exception of spec.projectRef.

You can find the images in the following location:

https://quay.io/repository/mongodb/mongodb-atlas-operator

This Atlas Kubernetes Operator trial release lets you manage Atlas projects, clusters, and database users with Kubernetes specifications.

  • Introduces Global and per project Atlas authentication modes. To learn more, see Configure Access to Atlas.

  • Supports installing Atlas Kubernetes Operator clusterwide (all the namespaces in the Kubernetes cluster) or to its own namespace. To learn more, see Quick Start.

  • Introduces the AtlasProject Custom Resource. Use this resource to create Atlas projects and configure their IP access lists.

  • Introduces the AtlasCluster custom resource. Use this resource to create clusters in an Atlas project.

  • Introduces the AtlasDatabaseUser Custom Resource for creating database users in an Atlas project.

  • Allows you to create or update secrets for each database user and cluster. Applications can use these secrets in Kubernetes to connect to Atlas clusters.

←  Production Notes