Docs Home → MongoDB Enterprise Kubernetes Operator
Verify MongoDB Signatures
On this page
You can require that the MongoDB Agent verifies the signature file after it downloads the MongoDB binary by enabling a setting in the Ops Manager Resource Specification. Once you enable signature verification, the MongoDB Agent requires signature files for all MongoDB deployments that your Ops Manager instance manages. You can enable signature verification for local or remote deployments.
Prerequisites
Your Ops Manager server must run over HTTPS so the MongoDB Agent downloads the signature files. To learn more, see Configure Ops Manager to Run over HTTPS.
Procedure
In the Ops Manager Resource Specification, add
spec.configuration.mms.featureFlag.automation.verifyDownloads
and set to enabled
.
For example:
spec: configuration: mms.featureFlag.automation.verifyDownloads=enabled
Note
Once you enable signature verification, the MongoDB Agent requires signature files for all MongoDB binaries that it downloads.
Ensure the MongoDB Agent can locate the MongoDB binary and its signature (.sig) file from the same directory, the location of which depends on whether your deployment is local or remote.
Save and apply the Ops Manager Resource Specification.
kubectl apply -f <my-ops-manager-resource-specification>.yaml
After you've applied the Ops Manager Resource Specification, the MongoDB Agent performs a rolling restart on the cluster nodes, reconciling the changes.