• Security >
• Configure Encryption

Configure Encryption

Enable HTTPS

The Kubernetes Operator supports configuring Ops Manager to run over HTTPS.

Enable HTTPS before deploying your Ops Manager resources to avoid a situation where the Kubernetes Operator reports your resources’ status as Failed.

See also

• HTTPS Enabled After Deployment

Enable TLS

The Kubernetes Operator supports TLS encryption. Use TLS with your MongoDB deployment to encrypt your data over the network.

The configuration in the following example enables TLS for the replica set. When TLS is enabled, all traffic between members of the replica set and clients is encrypted using TLS certificates.

To learn more about securing your MongoDB deployments using TLS, see Deploy a Replica Set.

The default TLS mode is requireTLS. You can customize it using the spec.additionalMongodConfig.net.ssl.mode configuration parameter, as shown in the following abbreviated example.

apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: my-tls-enabled-rs
spec:
  type: ReplicaSet
  members: 3
  version: 4.4.0-ent

 opsManager:
   configMapRef:
     name: my-project
 credentials: my-credentials

 security:
   tls:
     enabled: true
     ca: <custom-ca>

 ...
 additionalMongodConfig:
   net:
     ssl:
      mode: "preferSSL"

See the full TLS configuration example in replica-set.yaml in the TLS samples directory. This directory also contains sample TLS configurations for sharded clusters and standalone deployments.

←   Security Enable Authentication  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.