MongoDB Enterprise Kubernetes Operator 1.25 Series
MongoDB Enterprise Kubernetes Operator 1.25.0
Released 2024-04-30
Breaking Change
- MongoDBOpsManager resource. The Kubernetes Operator no longer supports Ops Manager 5.0. Upgrade to a later version of Ops Manager. While Ops Manager 5.0 may continue to work with the Kubernetes Operator, MongoDB won't test the Kubernetes Operator against Ops Manager 5.0. 
New Features
- MongoDBOpsManager resource: Adds support for deploying the Ops Manager Application on multiple Kubernetes clusters. To learn more, see Deploy Ops Manager Resources on Multiple Kubernetes Clusters. 
- (Public Preview) MongoDB, OpsManager resources: Introduces opt-in Static Containers (Public Preview) for all types of deployments. - In this release, use static containers only for testing purposes. Static containers might become the default in a later release. 
- To activate static containers mode, set the - MDB_DEFAULT_ARCHITECTUREenvironment variable at the Kubernetes Operator level to- static. Alternatively, annotate a specific- MongoDBor- OpsManagercustom resource with- mongodb.com/v1.architecture: "static".
- The Kubernetes Operator supports seamless migration between the static and non-static architectures. To learn more, see: 
 
- OpsManager resource: Adds the - spec.internalConnectivityfield to allow overrides for the service used by the Kubernetes Operator to ensure internal connectivity to the- OpsManagerresource-hosting Pods.
- MongoDB resource: You can recover a resource due to a broken Automation configuration in sharded clusters. In previous releases, you could recover other types of resources but not sharded clusters. To learn more, see Recover Resource Due to Broken Automation Configuration. 
- MongoDB, MongoDBMultiCluster resources: These resources now allow you to add placeholders in external services. - You can define annotations for external services managed by the Kubernetes Operator that contain placeholders which will be automatically replaced by the proper values. Previously, the Kubernetes Operator configured the same annotations for all external services created for each Pod. Starting with this release, you can add placeholders so that the Kubernetes Operator can customize annotations in each service with values that are relevant and unique for each particular Pod. To learn more, see: - MongoDBresource:- spec.externalAccess.externalService.annotations
- MongoDBMultiClusterresource spec.externalAccess.externalService.annotations
 
 
- The - kubectl mongodbplugin: Allows you to print build information when using the plugin.
- The - setupcommand of the- kubectl mongodbplugin: Adds the registry.imagePullSecrets setting. If specified, created service accounts reference the specified secret on the- imagePullSecretsfield.
- Improves handling of configurations when the Kubernetes Operator watches more than one namespace, and when you install the Kubernetes Operator in a namespace that differs from the namespace in which the Kubernetes Operator watches resources. 
- Optimizes setting up roles and permissions in member Kubernetes clusters using a single service account per Kubernetes cluster with correctly configured roles and role bindings (no cluster roles are necessary) for each watched namespace. 
- Extends the existing event-based reconciliation process by a time-based reconciliation that is triggered every 24 hours. This ensures that all Monitoring Agents are always upgraded in a timely manner. 
- OpenShift and OLM Operator: Removes the requirement for cluster-wide permissions. Previously, the Kubernetes Operator needed these permissions to configure admission webhooks. Starting with this release, webhooks are automatically configured by OLM. 
- Adds an optional - MDB_WEBHOOK_REGISTER_CONFIGURATIONenvironment variable for the Kubernetes Operator. The variable controls whether the Kubernetes Operator should perform automatic admission webhook configuration. The default is- true. The variable is set to- falsefor OLM and OpenShift deployments.
Helm Chart Installation Changes
- Adds a new - operator.webhook.registerConfigurationparameter that controls whether the Kubernetes Operator should perform an automatic admission webhook configuration by setting the- MDB_WEBHOOK_REGISTER_CONFIGURATIONenvironment variable for the Kubernetes Operator. The default is- true. The variable is set to- falsefor OLM and OpenShift deployments.
- Changes the default - agent.versionto- 107.0.0.8502-1. This changes the default Agent used in Kubernetes Operator deployments that you install using a Helm chart.
- Adds the - operator.additionalArgumentsvariable with the default of- []to allow you to pass additional arguments for the Kubernetes Operator binary.
- Adds the - operator.createResourcesServiceAccountsAndRolesvariable with the default of- trueto control whether to install roles and service accounts for- MongoDBand- OpsManagerresources. When you use the- kubectl mongodbplugin to configure the Kubernetes Operator for a multi-Kubernetes cluster deployment, the plugin installs all necessary roles and service accounts. Therefore, to avoid clashes, in some cases don't install those roles using the Kubernetes Operator Helm chart.
Bug Fixes
- MongoDBMultiCluster resource: Fixes an issue where the Kubernetes Operator reported that - spec.externalAccess.externalDomainand- spec.clusterSpecList[*].externalAccess.externalDomainsfields were required even though they weren't used. The Kubernetes Operator prematurely triggered a validation for these fields in cases where the custom resources contained a defined- spec.externalAccessstructure. Starting with this release, the Kubernetes Operator checks for uniqueness of external domains only when you define the external domains in- spec.externalAccess.externalDomainor- spec.clusterSpecList[*].externalAccess.externalDomainssettings.
- MongoDB resource: Fixes a bug where upon deleting a - MongoDBresource, the- controlledFeaturepolicies remained set on the related Ops Manager or Cloud Manager instance, making cleanup in the UI impossible in the case of losing the Kubernetes Operator.
- OpsManager resource: Fixes an issue where the - admin-keysecret was deleted when you removed the- OpsManagercustom resource. Fixing the- admin-keysecret deletion enables easier re-installation of Ops Manager.
- MongoDB Readiness Probe: Fixes a misleading error message for the readiness probe: - "... kubelet Readiness probe failed:...". This affects all MongoDB deployments.
- Operator: Fixes cases where in some instances, while communicating with the - OpsManagercustom resource, the Kubernetes Operator skipped TLS verification, even if you enabled TLS.
Improvements
- Kubectl plugin: The released - kubectl mongodbplugin binaries are now signed, and the signatures are published with the release assets. The public key is available at this address. The released- kubectl mongodbplugin binaries are also notarized for MacOS.
- Released Images signed: All container images published for the Kubernetes Operator are cryptographically signed. This is visible in the MongoDB Quay registry. You can verify the signatures using the MongoDB public key. Released images are available at this address. 
MongoDB Enterprise Kubernetes Operator 1.24 Series
MongoDB Enterprise Kubernetes Operator 1.24.0
Released 2023-12-21
MongoDBOpsManager Resource
New Features
- Adds support for the upcoming Ops Manager 7.0.x series. 
Bug Fixes
- Fixes an issue that prevented terminating a backup correctly. 
MongoDB Enterprise Kubernetes Operator 1.23 Series
MongoDB Enterprise Kubernetes Operator 1.23.0
Released 2023-11-13
Warnings and Breaking Changes
- Aligns the component image version numbers with the Kubernetes Operator release tag so it's clear which images go with which version of the Kubernetes Operator. This affects the following images: - quay.io/mongodb/mongodb-enterprise-database-ubi
- quay.io/mongodb/mongodb-enterprise-init-database-ubi
- quay.io/mongodb/mongodb-enterprise-init-appdb-ubi
- quay.io/mongodb/mongodb-enterprise-init-ops-manager-ubi
 - To learn more, see MongoDB Enterprise Kubernetes Operator kubectl and oc Installation Settings and MongoDB Enterprise Kubernetes Operator Helm Installation Settings. 
- Replaces - spec.exposedExternally(deprecated in Kubernetes Operator 1.19) with- spec.externalAccess.
Bug Fixes
- Fixes an issue with scaling a replica set in a multi-Kubernetes cluster MongoDB deployment when a member cluster has lost connectivity. The fix addresses both the manual and automated recovery procedures. 
- Fixes an issue where changing the names of the Automation Agent and MongoDB audit logs prevented them from being sent to the Kubernetes Pod logs. There are no restrictions on the file names of MongoDB audit logs as of Kubernetes Operator 1.22. 
- Allows the following new log types from the - mongodb-enterprise-databasecontainer to stream directly to Kubernetes logs:- agent-launcher-script
- monitoring-agent
- backup-agent
 
- Fixes an issue that prevented storing the - MongoDBUserresource in the namespace set in- spec.mongodbResourceRef.namespace.
MongoDB Enterprise Kubernetes Operator 1.22 Series
MongoDB Enterprise Kubernetes Operator 1.22.0
Released 2023-09-21
Breaking Changes
The Kubernetes Operator no longer uses the Reconciling state for all custom resources.
In most cases this state has been replaced with Pending and a corresponding
message. If you use monitoring tools with the custom MongoDB resources deployed
with the Kubernetes Operator, you might need to adjust your dashboards and alerting rules
to use the Pending state name.
MongoDBOpsManager Resource
Improvements
- Adds support for configuring logRotate on the MongoDB Agent for the Application Database by adding the following new fields to the - MongoDBOpsManagerresource:
- You can now configure the systemLog to send logs to a custom location other than the default - /var/log/mongodb-mms-automationdirectory using the following new fields in the- MongoDBOpsManagerresource:
- Improves handling of Application Database clusters in multi-Kubernetes cluster MongoDB deployments. - In the last release, to scale down processes, the Kubernetes Operator required a connection to the Kubernetes cluster. This could block the reconciliation process due to a full-cluster outage. - In this release, the Kubernetes Operator successfully manages the remaining healthy clusters as long as they have a majority of votes to elect a primary. The Kubernetes Operator doesn't remove associated processes from the automation configuration and replica set configuration. The Kubernetes Operator deletes these processes only if you delete the corresponding cluster from - spec.applicationDatabase.clusterSpecListor change the number of the cluster members to zero. When the Kubernetes Operator deletes these processes, it scales down the replica set by removing processes tied to that cluster one at a time.
MongoDB Resource
Improvements
- Adds an automatic recovery mechanism for - MongoDBresources when a custom resource remains in a- Pendingor- Failedstate for a longer period of time. In addition, introduces the following environment variables:- To learn more, see Recover Resource Due to Broken Automation Configuration. 
- Allows you to route the audit logs for the - MongoDBresource to the Kubernetes Pod logs. Ensure that you write the- MongoDBresource's audit logs to the- /var/log/mongodb-mms-automation/mongodb-audit.logfile. The Pod hosting the resource monitors this file and appends its content to its Kubernetes logs.- To send audit logs to the Kubernetes Pod logs, use the following example configuration in the - MongoDBresource:- spec: - additionalMongodConfig: - auditLog: - destination: file - format: JSON - path: /var/log/mongodb-mms-automation/mongodb-audit.log - The Kubernetes Operator tags audit log entries with the - mongodb-auditkey in the Pod logs.- To extract audit log entries, use a command similar to the following example: - kubectl logs -c mongodb-enterprise-database replica-set-0 | \ - jq -r 'select(.logType == "mongodb-audit") | .contents' 
Bug Fixes
Fixes an issue where you couldn't set the spec.backup.autoTerminateOnDeletion
setting to true for sharded clusters. This setting controls whether the
Kubernetes Operator stops and terminates the backup when you delete a MongoDB
resource. If omitted, the default value is false.
MongoDB Enterprise Kubernetes Operator 1.21 Series
MongoDB Enterprise Kubernetes Operator 1.21.0
Released 2023-08-25
Breaking Changes
- Renames the environment variable - CURRENT_NAMESPACEto- NAMESPACE. This variable tracks the namespace of the Kubernetes Operator. If you've set this variable by editing the- MongoDBresources, update- CURRENT_NAMESPACEto- NAMESPACEwhile upgrading the Kubernetes Operator.
Bug Fixes
- Fixes an issue where - StatefulSetoverride labels failed to override the- StatefulSet.
Improvements
- Supports configuring backups of the Application Database and MongoDB for the - MongoDBMultiClusterresource.
- Adds documentation for configuring a - MongoDBMultiClusterresources deployment in a GitOps environment. To learn more, see Configure Resources for GitOps.
- Adds - MetadataWrapper, a label and annotations wrapper, to the- MongoDBresource,- MongoDBMultiClusterresource and- MongoDBOpsManagerresources. The wrapper supports overriding- metadata.Labelsand- metadata.Annotations.
MongoDBOpsManager Resource
Breaking Changes and Deprecations
- The - appdb-cais not automatically added to the JVM trust store in Ops Manager. The- appdb-cais the CA saved in the ConfigMap specified in- spec.applicationDatabase.security.tls.ca. This impacts you if:- You use the same custom certificate for the - appdb-caand your S3 snapshot store.
- You use a version of Kubernetes Operator earlier than 1.17.0 or you've mounted your own trust store to Ops Manager. 
 - If you need to use the same custom certificate for - appdb-caand the S3 snapshot store, specify the CA with- spec.backup.s3Stores.customCertificateSecretRefs.
- Deprecates the - spec.backup.s3Stores.customCertificateand- spec.backup.s3OpLogStores.customCertificatesettings. Use- spec.backup.s3OpLogStores.customCertificateSecretRefsand- spec.backup.s3Stores.customCertificateSecretRefsinstead.
Bug Fixes
- Fixes an issue that prevented setting an arbitrary port number for - spec.externalConnectivity.portwhen using the- LoadBalancerservice type to expose Ops Manager externally.
- Fixes an issue that caused Ops Manager to reject certificates by enabling the Kubernetes Operator to import the - appdb-ca, which is a bundle of CAs, into the Ops Manager JVM trust store.
Improvements
- Supports configuring the - MongoDBOpsManagerresource with a highly available Application Database across multiple Kubernetes clusters by adding the following new fields to the- MongoDBOpsManagerresource:- The default value for the new optional - spec.applicationDatabase.topologyfield is- singleCluster, and it is used if you omit the value. To upgrade to Kubernetes Operator 1.21, you don't need to update your- MongoDBOpsManagerresources. This makes the addition of the- spec.applicationDatabase.topologysetting backward-compatible with single Kubernetes cluster deployments of the Application Database. To learn more, see Deploy an Ops Manager Resource and the Ops Manager Resource Specification.
- Allows you to add a list of custom certificates for backups in the S3 snapshot store using the - spec.backup.s3Stores.customCertificateSecretRefsand- spec.backup.s3OpLogStores.customCertificateSecretRefsfields in the- MongoDBOpsManagerresource.
Older Release Notes
To see the release notes for older versions of the operator, click here.