Docs Menu
Docs Home
MongoDB Enterprise Kubernetes Operator

Configure Encryption

On this page

  • Enable HTTPS
  • Enable TLS

The Kubernetes Operator supports configuring Ops Manager to run over HTTPS.

Enable HTTPS before deploying your Ops Manager resources to avoid a situation where the Kubernetes Operator reports your resources' status as Failed.


See also:

The Kubernetes Operator supports TLS encryption. Use TLS with your MongoDB deployment to encrypt your data over the network.

The configuration in the following example enables TLS for the replica set. When TLS is enabled, all traffic between members of the replica set and clients is encrypted using TLS certificates.

To learn more about securing your MongoDB deployments using TLS, see Deploy a Replica Set.

The default TLS mode is requireTLS. You can customize it using the configuration parameter, as shown in the following abbreviated example.

2kind: MongoDB
4name: my-tls-enabled-rs
6 type: ReplicaSet
7 members: 3
8 version: 6.0.0-ent
10 opsManager:
11 configMapRef:
12 name: my-project
13 credentials: my-credentials
15 security:
16 tls:
17 enabled: true
18 ca: <custom-ca>
20 ...
21 additionalMongodConfig:
22 net:
23 ssl:
24 mode: "preferSSL"

See the full TLS configuration example in replica-set.yaml in the TLS samples directory. This directory also contains sample TLS configurations for sharded clusters and standalone deployments.


Apply OPA Gatekeeper Policies


Configure Encryption at Rest