Release Notes for MongoDB Enterprise Kubernetes Operator
On this page
- MongoDB Enterprise Kubernetes Operator 1.25 Series
- MongoDB Enterprise Kubernetes Operator 1.24 Series
- MongoDB Enterprise Kubernetes Operator 1.23 Series
- MongoDB Enterprise Kubernetes Operator 1.22 Series
- MongoDB Enterprise Kubernetes Operator 1.21 Series
- MongoDB Enterprise Kubernetes Operator 1.20 Series
- MongoDB Enterprise Kubernetes Operator 1.19 Series
- MongoDB Enterprise Kubernetes Operator 1.18 Series
- MongoDB Enterprise Kubernetes Operator 1.17 Series
- MongoDB Enterprise Kubernetes Operator 1.16 Series
- MongoDB Enterprise Kubernetes Operator 1.15 Series
- MongoDB Enterprise Kubernetes Operator 1.14 Series
- MongoDB Enterprise Kubernetes Operator 1.13 Series
- MongoDB Enterprise Kubernetes Operator 1.12 Series
- MongoDB Enterprise Kubernetes Operator 1.11 Series
- MongoDB Enterprise Kubernetes Operator 1.10 Series
- MongoDB Enterprise Kubernetes Operator 1.9 Series
- MongoDB Enterprise Kubernetes Operator 1.8 Series
- MongoDB Enterprise Kubernetes Operator 1.7 Series
- MongoDB Enterprise Kubernetes Operator 1.6 Series
- MongoDB Enterprise Kubernetes Operator 1.5 Series
- MongoDB Enterprise Kubernetes Operator 1.4 Series
- MongoDB Enterprise Kubernetes Operator 1.3 Series
- MongoDB Enterprise Kubernetes Operator 1.2 Series
- MongoDB Enterprise Kubernetes Operator 1.1 Series
- MongoDB Enterprise Kubernetes Operator 1.0 Series
- MongoDB Enterprise Kubernetes Operator Beta Series
MongoDB Enterprise Kubernetes Operator 1.25 Series
MongoDB Enterprise Kubernetes Operator 1.25.0
Released 2024-04-30
Breaking Change
MongoDBOpsManager resource. The Kubernetes Operator no longer supports Ops Manager 5.0. Upgrade to a later version of Ops Manager. While Ops Manager 5.0 may continue to work with the Kubernetes Operator, MongoDB won't test the Kubernetes Operator against Ops Manager 5.0.
New Features
MongoDBOpsManager resource: Adds support for deploying the Ops Manager Application on multiple Kubernetes clusters. To learn more, see Deploy Ops Manager Resources on Multiple Kubernetes Clusters.
(Public Preview) MongoDB, OpsManager resources: Introduces opt-in Static Containers (Public Preview) for all types of deployments.
In this release, use static containers only for testing purposes. Static containers might become the default in a later release.
To activate static containers mode, set the
MDB_DEFAULT_ARCHITECTURE
environment variable at the Kubernetes Operator level tostatic
. Alternatively, annotate a specificMongoDB
orOpsManager
custom resource withmongodb.com/v1.architecture: "static"
.The Kubernetes Operator supports seamless migration between the static and non-static architectures. To learn more, see:
OpsManager resource: Adds the
spec.internalConnectivity
field to allow overrides for the service used by the Kubernetes Operator to ensure internal connectivity to theOpsManager
resource-hosting Pods.MongoDB resource: You can recover a resource due to a broken Automation configuration in sharded clusters. In previous releases, you could recover other types of resources but not sharded clusters. To learn more, see Recover Resource Due to Broken Automation Configuration.
MongoDB, MongoDBMultiCluster resources: These resources now allow you to add placeholders in external services.
You can define annotations for external services managed by the Kubernetes Operator that contain placeholders which will be automatically replaced by the proper values. Previously, the Kubernetes Operator configured the same annotations for all external services created for each Pod. Starting with this release, you can add placeholders so that the Kubernetes Operator can customize annotations in each service with values that are relevant and unique for each particular Pod. To learn more, see:
MongoDB
resource:spec.externalAccess.externalService.annotations
MongoDBMultiCluster
resource spec.externalAccess.externalService.annotations
The
kubectl mongodb
plugin: Allows you to print build information when using the plugin.The
setup
command of thekubectl mongodb
plugin: Adds the registry.imagePullSecrets setting. If specified, created service accounts reference the specified secret on theimagePullSecrets
field.Improves handling of configurations when the Kubernetes Operator watches more than one namespace, and when you install the Kubernetes Operator in a namespace that differs from the namespace in which the Kubernetes Operator watches resources.
Optimizes setting up roles and permissions in member Kubernetes clusters using a single service account per Kubernetes cluster with correctly configured roles and role bindings (no cluster roles are necessary) for each watched namespace.
Extends the existing event-based reconciliation process by a time-based reconciliation that is triggered every 24 hours. This ensures that all Monitoring Agents are always upgraded in a timely manner.
OpenShift and OLM Operator: Removes the requirement for cluster-wide permissions. Previously, the Kubernetes Operator needed these permissions to configure admission webhooks. Starting with this release, webhooks are automatically configured by OLM.
Adds an optional
MDB_WEBHOOK_REGISTER_CONFIGURATION
environment variable for the Kubernetes Operator. The variable controls whether the Kubernetes Operator should perform automatic admission webhook configuration. The default istrue
. The variable is set tofalse
for OLM and OpenShift deployments.
Helm Chart Installation Changes
Adds a new
operator.webhook.registerConfiguration
parameter that controls whether the Kubernetes Operator should perform an automatic admission webhook configuration by setting theMDB_WEBHOOK_REGISTER_CONFIGURATION
environment variable for the Kubernetes Operator. The default istrue
. The variable is set tofalse
for OLM and OpenShift deployments.Changes the default
agent.version
to107.0.0.8502-1
. This changes the default Agent used in Kubernetes Operator deployments that you install using a Helm chart.Adds the
operator.additionalArguments
variable with the default of[]
to allow you to pass additional arguments for the Kubernetes Operator binary.Adds the
operator.createResourcesServiceAccountsAndRoles
variable with the default oftrue
to control whether to install roles and service accounts forMongoDB
andOpsManager
resources. When you use thekubectl mongodb
plugin to configure the Kubernetes Operator for a multi-Kubernetes cluster deployment, the plugin installs all necessary roles and service accounts. Therefore, to avoid clashes, in some cases don't install those roles using the Kubernetes Operator Helm chart.
Bug Fixes
MongoDBMultiCluster resource: Fixes an issue where the Kubernetes Operator reported that
spec.externalAccess.externalDomain
andspec.clusterSpecList[*].externalAccess.externalDomains
fields were required even though they weren't used. The Kubernetes Operator prematurely triggered a validation for these fields in cases where the custom resources contained a definedspec.externalAccess
structure. Starting with this release, the Kubernetes Operator checks for uniqueness of external domains only when you define the external domains inspec.externalAccess.externalDomain
orspec.clusterSpecList[*].externalAccess.externalDomains
settings.MongoDB resource: Fixes a bug where upon deleting a
MongoDB
resource, thecontrolledFeature
policies remained set on the related Ops Manager or Cloud Manager instance, making cleanup in the UI impossible in the case of losing the Kubernetes Operator.OpsManager resource: Fixes an issue where the
admin-key
secret was deleted when you removed theOpsManager
custom resource. Fixing theadmin-key
secret deletion enables easier re-installation of Ops Manager.MongoDB Readiness Probe: Fixes a misleading error message for the readiness probe:
"... kubelet Readiness probe failed:..."
. This affects all MongoDB deployments.Operator: Fixes cases where in some instances, while communicating with the
OpsManager
custom resource, the Kubernetes Operator skipped TLS verification, even if you enabled TLS.
Improvements
Kubectl plugin: The released
kubectl mongodb
plugin binaries are now signed, and the signatures are published with the release assets. The public key is available at this address. The releasedkubectl mongodb
plugin binaries are also notarized for MacOS.Released Images signed: All container images published for the Kubernetes Operator are cryptographically signed. This is visible in the MongoDB Quay registry. You can verify the signatures using the MongoDB public key. Released images are available at this address.
MongoDB Enterprise Kubernetes Operator 1.24 Series
MongoDB Enterprise Kubernetes Operator 1.24.0
Released 2023-12-21
MongoDBOpsManager Resource
New Features
Adds support for the upcoming Ops Manager 7.0.x series.
Bug Fixes
Fixes an issue that prevented terminating a backup correctly.
MongoDB Enterprise Kubernetes Operator 1.23 Series
MongoDB Enterprise Kubernetes Operator 1.23.0
Released 2023-11-13
Warnings and Breaking Changes
Aligns the component image version numbers with the Kubernetes Operator release tag so it's clear which images go with which version of the Kubernetes Operator. This affects the following images:
quay.io/mongodb/mongodb-enterprise-database-ubi
quay.io/mongodb/mongodb-enterprise-init-database-ubi
quay.io/mongodb/mongodb-enterprise-init-appdb-ubi
quay.io/mongodb/mongodb-enterprise-init-ops-manager-ubi
To learn more, see MongoDB Enterprise Kubernetes Operator kubectl and oc Installation Settings and MongoDB Enterprise Kubernetes Operator Helm Installation Settings.
Replaces
spec.exposedExternally
(deprecated in Kubernetes Operator 1.19) withspec.externalAccess
.
Bug Fixes
Fixes an issue with scaling a replica set in a multi-Kubernetes cluster MongoDB deployment when a member cluster has lost connectivity. The fix addresses both the manual and automated recovery procedures.
Fixes an issue where changing the names of the Automation Agent and MongoDB audit logs prevented them from being sent to the Kubernetes Pod logs. There are no restrictions on the file names of MongoDB audit logs as of Kubernetes Operator 1.22.
Allows the following new log types from the
mongodb-enterprise-database
container to stream directly to Kubernetes logs:agent-launcher-script
monitoring-agent
backup-agent
Fixes an issue that prevented storing the
MongoDBUser
resource in the namespace set inspec.mongodbResourceRef.namespace
.
MongoDB Enterprise Kubernetes Operator 1.22 Series
MongoDB Enterprise Kubernetes Operator 1.22.0
Released 2023-09-21
Breaking Changes
The Kubernetes Operator no longer uses the Reconciling
state for all custom resources.
In most cases this state has been replaced with Pending
and a corresponding
message. If you use monitoring tools with the custom MongoDB resources deployed
with the Kubernetes Operator, you might need to adjust your dashboards and alerting rules
to use the Pending
state name.
MongoDBOpsManager Resource
Improvements
Adds support for configuring logRotate on the MongoDB Agent for the Application Database by adding the following new fields to the
MongoDBOpsManager
resource:You can now configure the systemLog to send logs to a custom location other than the default
/var/log/mongodb-mms-automation
directory using the following new fields in theMongoDBOpsManager
resource:Improves handling of Application Database clusters in multi-Kubernetes cluster MongoDB deployments.
In the last release, to scale down processes, the Kubernetes Operator required a connection to the Kubernetes cluster. This could block the reconciliation process due to a full-cluster outage.
In this release, the Kubernetes Operator successfully manages the remaining healthy clusters as long as they have a majority of votes to elect a primary. The Kubernetes Operator doesn't remove associated processes from the automation configuration and replica set configuration. The Kubernetes Operator deletes these processes only if you delete the corresponding cluster from
spec.applicationDatabase.clusterSpecList
or change the number of the cluster members to zero. When the Kubernetes Operator deletes these processes, it scales down the replica set by removing processes tied to that cluster one at a time.
MongoDB
Resource
Improvements
Adds an automatic recovery mechanism for
MongoDB
resources when a custom resource remains in aPending
orFailed
state for a longer period of time. In addition, introduces the following environment variables:To learn more, see Recover Resource Due to Broken Automation Configuration.
Allows you to route the audit logs for the
MongoDB
resource to the Kubernetes Pod logs. Ensure that you write theMongoDB
resource's audit logs to the/var/log/mongodb-mms-automation/mongodb-audit.log
file. The Pod hosting the resource monitors this file and appends its content to its Kubernetes logs.To send audit logs to the Kubernetes Pod logs, use the following example configuration in the
MongoDB
resource:spec: additionalMongodConfig: auditLog: destination: file format: JSON path: /var/log/mongodb-mms-automation/mongodb-audit.log The Kubernetes Operator tags audit log entries with the
mongodb-audit
key in the Pod logs.To extract audit log entries, use a command similar to the following example:
kubectl logs -c mongodb-enterprise-database replica-set-0 | \ jq -r 'select(.logType == "mongodb-audit") | .contents'
Bug Fixes
Fixes an issue where you couldn't set the spec.backup.autoTerminateOnDeletion
setting to true
for sharded clusters. This setting controls whether the
Kubernetes Operator stops and terminates the backup when you delete a MongoDB
resource. If omitted, the default value is false
.
MongoDB Enterprise Kubernetes Operator 1.21 Series
MongoDB Enterprise Kubernetes Operator 1.21.0
Released 2023-08-25
Breaking Changes
Renames the environment variable
CURRENT_NAMESPACE
toNAMESPACE
. This variable tracks the namespace of the Kubernetes Operator. If you've set this variable by editing theMongoDB
resources, updateCURRENT_NAMESPACE
toNAMESPACE
while upgrading the Kubernetes Operator.
Bug Fixes
Fixes an issue where
StatefulSet
override labels failed to override theStatefulSet
.
Improvements
Supports configuring backups of the Application Database and MongoDB for the
MongoDBMultiCluster
resource.Adds documentation for configuring a
MongoDBMultiCluster
resources deployment in a GitOps environment. To learn more, see Configure Resources for GitOps.Adds
MetadataWrapper
, a label and annotations wrapper, to theMongoDB
resource,MongoDBMultiCluster
resource andMongoDBOpsManager
resources. The wrapper supports overridingmetadata.Labels
andmetadata.Annotations
.
MongoDBOpsManager Resource
Breaking Changes and Deprecations
The
appdb-ca
is not automatically added to the JVM trust store in Ops Manager. Theappdb-ca
is the CA saved in the ConfigMap specified inspec.applicationDatabase.security.tls.ca
. This impacts you if:You use the same custom certificate for the
appdb-ca
and your S3 snapshot store.You use a version of Kubernetes Operator earlier than 1.17.0 or you've mounted your own trust store to Ops Manager.
If you need to use the same custom certificate for
appdb-ca
and the S3 snapshot store, specify the CA withspec.backup.s3Stores.customCertificateSecretRefs
.Deprecates the
spec.backup.s3Stores.customCertificate
andspec.backup.s3OpLogStores.customCertificate
settings. Usespec.backup.s3OpLogStores.customCertificateSecretRefs
andspec.backup.s3Stores.customCertificateSecretRefs
instead.
Bug Fixes
Fixes an issue that prevented setting an arbitrary port number for
spec.externalConnectivity.port
when using theLoadBalancer
service type to expose Ops Manager externally.Fixes an issue that caused Ops Manager to reject certificates by enabling the Kubernetes Operator to import the
appdb-ca
, which is a bundle of CAs, into the Ops Manager JVM trust store.
Improvements
Supports configuring the
MongoDBOpsManager
resource with a highly available Application Database across multiple Kubernetes clusters by adding the following new fields to theMongoDBOpsManager
resource:The default value for the new optional
spec.applicationDatabase.topology
field issingleCluster
, and it is used if you omit the value. To upgrade to Kubernetes Operator 1.21, you don't need to update yourMongoDBOpsManager
resources. This makes the addition of thespec.applicationDatabase.topology
setting backward-compatible with single Kubernetes cluster deployments of the Application Database. To learn more, see Deploy an Ops Manager Resource and the Ops Manager Resource Specification.Allows you to add a list of custom certificates for backups in the S3 snapshot store using the
spec.backup.s3Stores.customCertificateSecretRefs
andspec.backup.s3OpLogStores.customCertificateSecretRefs
fields in theMongoDBOpsManager
resource.
MongoDB Enterprise Kubernetes Operator 1.20 Series
MongoDB Enterprise Kubernetes Operator 1.20.1
Released 2023-06-07
This release fixes an issue that prevented upgrading the Kubernetes Operator to 1.20.0 in OpenShift.
Breaking Changes
Removes
appdb.connectionSpec.Project
, which was deprecated more than two years ago.
Bug Fixes
Fixes an issue where the
MongoDBMultiCluster
resource was not watching Ops Manager's connection ConfigMap and secret.Fixes support for rotating the
clusterfile
secret, which is used for internal X.509 authentication in theMongoDB
andMongoDBMultiCluster
resources.
MongoDBOpsManager Resource
Adds support for votes, priority, and tags by introducing the
spec.applicationDatabase.memberConfig.votes
,spec.applicationDatabase.memberConfig.priority
, andspec.applicationDatabase.memberConfig.tags
settings.Changes the container registry for the Application Database image from
quay.io/mongodb/mongodb-enterprise-appdb-database-ubi
toquay.io/mongodb/mongodb-enterprise-server
. This results in the following changes when you upgrade to this release:The Helm chart setting for the Application Database image,
values.mongodb.name
, defaults tomongodb-enterprise-server
.The Kubernetes Operator updates your Application Database replica set Pods to use the new images referenced in the
values.mongodb.name
Helm setting. The new images are functionally equivalent to the previous ones assuming that the MongoDB version is the same.The Kubernetes Operator automatically updates the tag suffix for all Application Database images that reference the new container registry from
-ent
to-ubi8
or the suffix set in MDB_IMAGE_TYPE or mongodb.imageType. For example, the Kubernetes Operator changesquay.io/mongodb/mongodb-enterprise-server:4.4.5-ent
toquay.io/mongodb/mongodb-enterprise-server:4.4.5-ubi8
. You don't need to update theapplicationDatabase.version
setting in theMongoDBOpsManager
resource.You can stop the Kubernetes Operator from automatically updating the tag suffix by setting MDB_APPDB_ASSUME_OLD_FORMAT or mongodb.appdbAssumeOldFormat to
true
. For example, you might want to stop the automatic suffix change if you're mirroring this image from your own repository.
Adds support for specifying versions without a suffix in
spec.applicationDatabase.version
. For example, you can specify a version, such as6.0.5
, without adding the-ubi8
suffix. The Kubernetes Operator automatically converts this to6.0.5-${MDB_IMAGE_TYPE}
. The default for theMDB_IMAGE_TYPE
environment variable is-ubi8
.
New Images
Changes all images to reference UBI variants by default. The new images use the suffix
-ubi
.quay.io/mongodb/mongodb-enterprise-database-ubi
quay.io/mongodb/mongodb-enterprise-init-database-ubi
quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
quay.io/mongodb/mongodb-enterprise-init-ops-manager-ubi
quay.io/mongodb/mongodb-enterprise-init-appdb-ubi
quay.io/mongodb/mongodb-agent-ubi
quay.io/mongodb/mongodb-enterprise-appdb-database-ubi
Changes the default Application Database image repository to use the official MongoDB Enterprise repository by setting
values.mongodb.name
toquay.io/mongodb/mongodb-enterprise-server
by default.Introduces the
values.mongodb.imageType
environment variable to override the new default-ubi8
Application Database image tag suffix used by theMongoDBOpsManager
resource.
MongoDB Enterprise Kubernetes Operator 1.20.0
Released 2023-06-07
Warning
Upgrade to 1.20.1
This release (1.20.0) is tied to a broken release on the Openshift Marketplace. Don't upgrade to 1.20.0, and instead upgrade to the 1.20.1 release.
MongoDB Enterprise Kubernetes Operator 1.19 Series
MongoDB Enterprise Kubernetes Operator 1.19.1
Released 2023-03-30
This release fixes an issue that prevented upgrading the Kubernetes Operator to 1.19.0. Upgrade to this release.
Breaking Changes
Makes the data.orgId
field required for the ConfigMap of the MongoDB
resources.
If you provide an empty orgId
, as in: orgId = ""
, Ops Manager
creates an organization with the project name. Before upgrading the
Kubernetes Operator to 1.19.1, set the orgId:""
in the Ops Manager ConfigMap
and reapply it.
Improvements
Introduces multi-Kubernetes cluster MongoDB deployments. To learn more, see Deploy MongoDB Resources on Multiple Kubernetes Clusters.
Makes the following changes to the multi-Kubernetes cluster MongoDB deployment support compared with the Beta version of the multi-Kubernetes cluster MongoDB deployment support in Kubernetes Operator 1.18.x:
Renames the
MongoDBMulti
resource in Beta versions to theMongoDBMultiCluster
resource.Renames the shortcut name of the
MongoDBMultiCluster
resource tomdbmc
. Use this shortcut name in all commands on theMongoDBMultiCluster
resource. For example, to check the status of yourMongoDBMultiCluster
resource, run:kubectl get mdbmc <resource-name> -o yaml -w Renames the "multi-cluster CLI" tool to the "
kubectl mongodb
plugin". To learn more, see the MongoDB Plugin Reference.Removes the unnecessary intermediate object
clusterSpecs
from theclusterSpecList
in theMongoDBMultiCluster
resource specification. For a valid example of aMongoDBMultiCluster
resource configuration file, see the Multi-Kubernetes-Cluster Resource Specification.
Adds support for Kubernetes 1.26 and OpenShift 4.12. To learn more, see MongoDB Enterprise Kubernetes Operator Compatibility.
Allows you to configure
podSpec
per shard in a MongoDB sharded cluster by specifying an array ofpodSpecs
under thespec.shardSpecificPodSpec
setting for each shard.Makes the
data.orgId
field required for the ConfigMap of theMongoDB
resources. If you provide an emptyorgId
, as in:orgId = " "
, Ops Manager creates an organization with the project name.Adds documentation for the Multi-Kubernetes-Cluster Resource Specification.
Adds the Frequently Asked Questions for the Kubernetes Operator to the documentation.
Adds documentation for configuring file system backup stores in the Kubernetes Operator MongoDB deployments.
MongoDBMultiCluster Resource
Adds the spec.clusterSpecList.externalAccess.externalService, spec.clusterSpecList.externalAccess.externalService.annotations, spec.clusterSpecList.externalAccess.externalService, and spec.clusterSpecList.externalAccess.externalDomain settings to configure external connectivity settings for
MongoDBMultiCluster
resources. Use these settings to connect to a Multi-Cluster Resource from outside Kubernetes.Adds the spec.clusterSpecList.memberConfig.votes and spec.clusterSpecList.memberConfig.priority settings for configuring replica set member votes and member priority for
MongoDBMultiCluster
resources.Adds the spec.clusterSpecList.memberConfig.tags setting for adding tags to replica set members in
MongoDBMultiCluster
resources.Adds the spec.security.authentication.ldap.timeoutMS setting that specifies how many milliseconds an authentication request should wait before timing out.
MongoDB Resource
Adds the
spec.memberConfig.votes
andspec.memberConfig.priority
settings for configuring replica set member votes and member priority.Adds the
spec.memberConfig.tags
setting for adding tags to replica set members.Adds the
spec.podSpec.podTemplate.affinity.podAffinity
setting to determine whether multipleMongoDB
resource Pods must be co-located with other Pods in sharded MongoDB cluster deployments. To learn more about the use cases, see Affinity and Anti-Affinity in the Kubernetes documentation.Adds the
spec.externalAccess
setting for configuring external connectivity for MongoDB resources. Use this setting to connect to a MongoDB Resource from outside Kubernetes.Deprecates the
spec.exposedExternally
setting. This setting will be removed in the Kubernetes Operator 1.23.0 release. To connect to a MongoDB Resource from outside Kubernetes, use thespec.externalAccess
setting instead.
Bug Fixes
Fixes the handling of
WATCH_NAMESPACE='*'
environment variable for multi-Kubernetes cluster MongoDB deployments. In the following cases, API clients for member clusters are configured incorrectly resulting in deployment errors:The
WATCH_NAMESPACE='*'
environment variable is specified for the multi-Kubernetes cluster MongoDB deployment.A specific namespace is set in
kubeconfig
for member clusters.The
kubectl mongodb
plugin isn't used for configuring multi-Kubernetes cluster MongoDB deployments.
This leads to the following errors:
The secret object 'mdb-multi-rs-cert' does not contain all the valid certificates needed: secrets "mdb-multi-rs-cert-pem" already exists To avoid this issue, set the
WATCH_NAMESPACE
environment variable to specific namespaces instead of'*'
, and verify that thekubeconfig
settings for member clusters don't specify a namespace. To set the namespace for multi-Kubernetes cluster MongoDB deployments, see Set the Deployment's Scope and the MongoDB Plugin Reference.Fixes an issue when
CertificatesSecretsPrefix
is set but no relatedspec.security.tls
settings, such astls.additionalCertificateDomains
ortls.ca
are provided.Fixes an issue that allows you to explicitly specify the value
none
for thespec.security.authentication.ldap.transportSecurity
when TLS isn't used. Previously, the Kubernetes Operator treated this setting asnone
when you omitted the value and didn't specify thetls
value, but the Kubernetes Operator didn't allow you to specify the valuenone
explicitly.
MongoDB Enterprise Kubernetes Operator 1.19.0
Released 2023-03-28
Breaking Changes
Warning
Don't upgrade to 1.19.0. Instead, upgrade to 1.19.1
This release is tied to a broken release on the Openshift Marketplace. Don't upgrade to this release (1.19.0), and instead upgrade to the Kubernetes Operator 1.19.1 release.
This release removes Ubuntu-based images. Ubuntu-based images were deprecated in favor of UBI-based images in the Kubernetes Operator in 1.17.0. Migrate the Kubernetes Operator from Ubuntu-based Images to UBI-based images. All existing Ubuntu-based images will continue to be supported until their version's End of Life (EOL) dates.
MongoDB Enterprise Kubernetes Operator 1.18 Series
MongoDB Enterprise Kubernetes Operator 1.18.0
Released 2022-12-29
Improvements
Adds support for
SCRAM-SHA-1
for user and MongoDB Agent authentication. To enable either authentication, useMONGODB-CR
andSCRAM-SHA-1
in thespec.security.authentication.modes
andspec.security.authentication.agents.mode
settings.Adds support for the following features for OpsManager Backup configuration:
KMIP Backup Configuration support through the
spec.backup.encryption.kmip
parameter inOpsManager backup.encryption.kmip
andMongoDB backup.encryption.kmip
settings. To learn more, see Configure KMIP Backup Encryption for Ops Manager.Backup assignment labels settings in
spec.backup.[*].assignmentLabels
elements of the OpsManager and MongoDB resources for backups. Use assignment labels to identify that specific backup stores are associated with particular projects. To learn more, see:Backup snapshot schedule configuration through the
spec.backup.snapshotSchedule
setting in the OpsManager resource. To learn more, see Configure MongoDB Database Backups.
Adds support for disaster recovery in multi-Kubernetes cluster MongoDB deployments, which are in the beta release. To learn more, see Disaster Recovery and MongoDB kubectl Plugin Reference.
MongoDB Resource
Adds documentation for
spec.additionalMongodConfig.net.tls.disabledProtocols
.
Bug Fixes
Fixes the issue where you configure a liveness probe and it reports a positive result when you terminate a MongoDB Agent's process. This could cause Pods hosting MongoDB resources to run without the MongoDB Agent. In addition to this fix, consider configuring readiness probe overrides.
Fixes the startup script in database Pod that might report errors when the Pod restarts.
MongoDB Enterprise Kubernetes Operator 1.17 Series
MongoDB Enterprise Kubernetes Operator 1.17.2
Released 2022-10-18
Fixes the OpenShift installation issue mentioned in the v1.17.1 release notes. The Kubernetes Operator Lifecycle Manager upgrade graph automatically skips the v1.17.1 release and performs an upgrade from v1.17.0 directly to this release.
Improves the reliability of upgrades by adding startup probes for MongoDB and OpsManager custom resources with some defaults. Use
spec.podSpec.podTemplate
to override probe configurations.
MongoDB Enterprise Kubernetes Operator 1.17.1
Released 2022-10-10
Breaking Changes
Warning
Installations for OpenShift
This release has invalid quay.io digests referenced in the certified bundle's CSV. This affects only OpenShift deployments when you install or upgrade Kubernetes Operator from the certified bundle (OperatorHub) in quay.io.
If you use Kubernetes Operator with OpenShift, we recommend that you do NOT upgrade to this release (v1.17.1), and instead upgrade to the Kubernetes Operator v1.17.2, which is due the week commencing 17th October 2022.
As a result of this issue, installing this release could result in
ImagePullBackOff
errors in Pods hosting AppDB, the database for Ops Manager.
Errors will look similar to the following:
Failed to pull image "quay.io/mongodb/mongodb-agent-ubi@sha256:a4cadf209ab87eb7d121ccd8b1503fa5d88be8866b5c3cb7897d14c36869abf6": rpc error: code = Unknown desc = reading manifest sha256:a4cadf209ab87eb7d121ccd8b1503fa5d88be8866b5c3cb7897d14c36869abf6 in quay.io/mongodb/mongodb-agent-ubi: manifest unknown: manifest unknown
To continue using the Kubernetes Operator v1.17.1, use the following workaround
and update the Kubernetes Operator Subscription with the following spec.config.env
:
spec: config: env: - name: AGENT_IMAGE value: >- quay.io/mongodb/mongodb-agent-ubi@sha256:ffa842168cc0865bba022b414d49e66ae314bf2fd87288814903d5a430162620 - name: RELATED_IMAGE_AGENT_IMAGE_11_0_5_6963_1 value: >- quay.io/mongodb/mongodb-agent-ubi@sha256:e7176c627ef5669be56e007a57a81ef5673e9161033a6966c6e13022d241ec9e - name: RELATED_IMAGE_AGENT_IMAGE_11_12_0_7388_1 value: >- quay.io/mongodb/mongodb-agent-ubi@sha256:ffa842168cc0865bba022b414d49e66ae314bf2fd87288814903d5a430162620 - name: RELATED_IMAGE_AGENT_IMAGE_12_0_4_7554_1 value: >- quay.io/mongodb/mongodb-agent-ubi@sha256:3e07e8164421a6736b86619d9d72f721d4212acb5f178ec20ffec045a7a8f855
Remove this workaround as soon as you install the new Kubernetes Operator v1.17.2.
This release has the following additional breaking change:
Removes the
operator.deployment_name
parameter from Kubernetes Operator Helm charts. In previous releases, you might have used this parameter to customize the name of the Kubernetes Operator container.Starting with this release, the value of the
operator.name
Helm chart parameter determines the name of the Kubernetes Operator container.This is a breaking change only if you set
operator.deployment_name
to a different value thanoperator.name
and if you configured tooling to rely on the value ofoperator.deployment_name
.
Improvements
Uses Quay as an image registry for Kubernetes Operator on OpenShift. When you upgrade your Kubernetes Operator deployment, it automatically pulls new images from Quay. You don't need to take any action.
MongoDB Enterprise Kubernetes Operator 1.17.0
Released 2022-09-19
Improvements
Introduces support for Ops Manager 6.0.
Introduces the
spec.backup.s3OpLogStores.s3RegionOverride
andspec.backup.s3Stores.s3RegionOverride
parameters for specifying the regions where the custom S3-compatible buckets that you use for the oplog store or a snapshot store should reside.Improves security by introducing:
The
readOnlyRootFilesystem
setting for all deployed containers. This change also introduces additional volumes and volume mounts.The
allowPrivilegeEscalation
setting. This setting is by default set tofalse
for all deployed containers.
Breaking Changes and Deprecations
This release:
Removes support for Ops Manager 4.4 due to its End of Life. If you're using Ops Manager 4.4, upgrade to a newer Ops Manager version before you upgrade to Kubernetes Operator 1.17.
Deprecates Ubuntu-based images. Starting with Kubernetes Operator 1.19.0, Ubuntu-based images will no longer be made available. All existing Ubuntu-based images will continue to be supported until their version's End of Life (EOL) dates. We strongly recommend that you Migrate MongoDB Enterprise Kubernetes Operator from Ubuntu-based Images to UBI-based Images as soon as possible.
Removes support for TLS certificates in concatenated PEM format. These certificates were deprecated in Kubernetes Operator 1.13.0. If you want to use these certificates, the last version to which you can upgrade is Kubernetes Operator 1.16.4.
Starting with the Kubernetes Operator 1.17.0 release, you must manually migrate old-style TLS secrets from opaque to kubernetes.io/tls type secrets by creating new secrets that contain the relevant certificates and signing keys. To learn how to create these secrets, see the following resources:
MongoDB Enterprise Kubernetes Operator 1.16 Series
MongoDB Enterprise Kubernetes Operator 1.16.4
Released 2022-08-03
MongoDB Resource
Init-Ops-Manager and Operator binaries now use Go 1.18.4, which addresses security issues.
MongoDB Enterprise Kubernetes Operator 1.16.3
Released 2022-07-15
MongoDB Resource
Fixed a bug where
securityContext
defined at the Pod level is not respected as the Kubernetes Operator overrides it with asecurityContext
at the container level. To learn more, see the description of thespec.persistent
setting.Adds
timeoutMS
, anduserCacheInvalidationInterval
fields to thespec.security.authentication.ldap
object.Fixes behavior where the
additionalMongodConfig.net.tls.mode
setting was ignored formongos
,configSrv
, andshard
objects when configuringShardedCluster
resources.
MongoDB Enterprise Kubernetes Operator 1.16.2
Released 2022-06-28
Warning
Breaking Changes
This release removes WiredTiger cache computation, which was required for MongoDB versions earlier than 4.0.9. Before you upgrade to this release, you must upgrade your database deployment to use MongoDB version 4.0.9 or later.
To learn how to upgrade your deployment, see Upgrade MongoDB Version and FCV.
MongoDB Resource
Removes the
spec.podSpec.podAntiAffinityTopologyKey
,spec.podSpec.podAffinity
, andspec.podSpec.nodeAffinity
settings.Instead, use
spec.podSpec.podTemplate
to configure these parameters.
MongoDBOpsManager Resource
Removes the
spec.applicationDatabase.podSpec.podAntiAffinityTopologyKey
,spec.applicationDatabase.podSpec.podAffinity
, andspec.applicationDatabase.podSpec.nodeAffinity
settings.Instead, use
spec.applicationDatabase.podSpec.podTemplate
to configure these parameters.
MongoDB Multi-Cluster Resource
Added support for LDAP client authentication and for managing database users with LDAP to multi-Kubernetes cluster MongoDB deployments.
This feature is a beta release. Use multi-Kubernetes cluster MongoDB deployment deployments only in development environments.
MongoDB Enterprise Kubernetes Operator 1.16.1
Released 2022-05-24
MongoDB Resource
Deprecates the
spec.service
parameter. Usespec.statefulSet.spec.serviceName
to provide a custom service name.
MongoDB Enterprise Kubernetes Operator 1.16.0
Released 2022-04-29
MongoDB Resource
Removes the
spec.security.tls.secretRef.name
parameter.Kubernetes Operator version
v1.10.0
deprecated this parameter.To specify the secret name containing the certificate for the database, use
spec.security.certsSecretPrefix
.Create the secret containing the certificates accordingly.
Removes the
spec.podSpec.cpu
andspec.podSpec.memory
parameters.To override the CPU/Memory resources for the database pod, set the
statefulset
parameter underspec.podSpec.podTemplate.spec.containers
.Propagates custom labels specified under
metadata.labels
to the database StatefulSet and the Persistent Volume Claim objects.Allows adding Prometheus scraping endpoints to the MongoDB resources using the
spec.prometheus
configuration attribute.Find a sample Prometheus configuration in the GitHub repository.
MongoDBOpsManager Resource
Removes the
spec.applicationDatabase.security.tls.secretRef.name
parameter.Kubernetes Operator version
v1.10.0
deprecated this parameter.To specify the secret name containing the certificate for AppDB, use the
spec.applicationDatabase.security.certsSecretPrefix
parameter.Create the secret containing the certificates accordingly.
Removes
spec.applicationDatabase.podSpec.cpu
andspec.applicationDatabase.podSpec.memory
.To override the CPU/Memory resources for the appDB pod, use the
statefulset
parameter underspec.applicationDatabase.podSpec.podTemplate.spec.containers
.Propagates custom labels specified under
metadata.labels
to the Ops Manager, AppDB and BackupDaemon StatefulSets and the Persistent Volume Claim objects.Allows adding Prometheus scraping endpoints to the
ApplicationDatabase
resources using thespec.applicationDatabase.prometheus
configuration attribute.
MongoDBUser Resource
Adds the optional parameter spec.connectionStringSecretName
. This
parameter provides a deterministic secret name for the user-specific
connection string secret that Kubernetes Operator generates.
MongoDB Enterprise Kubernetes Operator 1.15 Series
MongoDB Enterprise Kubernetes Operator 1.15.2
Released 2022-03-24
MongoDBOpsManager Resource
Bug Fixes
To enable custom TLS certificates for S3 oplog stores, you must configure the following settings:
Specify
spec.security.tls.ca
.Specify
spec.security.certsSecretPrefix
.Set
spec.backup.s3OpLogStores.customCertificate
totrue
.
To enable custom TLS certificates for S3 snapshot stores, you must configure the following settings:
Specify
spec.security.tls.ca
.Specify
spec.security.certsSecretPrefix
.Set
spec.backup.s3Stores.customCertificate
totrue
.
Fixes an issue where the Kubernetes Operator mounted the incorrect CA to the Application Database Pod.
MongoDB Enterprise Kubernetes Operator 1.15.1
Released 2022-03-04
MongoDB Resource
Changes
Init-database, Init-Ops-Manager, and Operator binaries now use Go 1.17.7 to prevent CVE-2022-23773.
MongoDBOpsManager Resource
Bug Fixes
Fixes an issue that prevented the Operator upgrade when managing a TLS-enabled ApplicationDB whose TLS certificate is stored in a
Secret
of type Opaque.
MongoDB Enterprise Kubernetes Operator 1.15.0
Released 2022-02-11
Kubernetes Operator version 1.15.1 fixes an issue that prevented the Kubernetes Operator upgrade when managing a TLS-enabled Application Database whose TLS certificate is stored in an Opaque secret.
We recommend that you upgrade to Kubernetes Operator version 1.16.0 or later.
We strongly advise against upgrading to Kubernetes Operator version 1.14.0 or 1.15.0.
MongoDB Resource
Changes
The
spec.security.tls.enabled
andspec.security.tls.secretRef.prefix
fields are now deprecated and will be removed in a future release.To enable TLS for MongoDB database resources, provide a value for the
spec.security.certsSecretPrefix
field.
MongoDBOpsManager Resource
Changes
Adds the
spec.backup.queryableBackupSecretRef
field. This field's value references a secret that stores certificates for Queryable Backups.Adds two fields to enable support for configuring custom TLS certificates for the S3 Oplog and Snapshot Stores for backup:
spec.security.tls.ca
andspec.security.tls.secretRef
.Adds the ability to back up Application Databases. To back up an application database, you must first disable its processes using the
spec.applicationDatabase.automationConfig.processes[n].disabled
field.The
spec.security.tls.enabled
,spec.security.tls.secretRef.prefix
,spec.applicationDatabase.security.tls.enabled
andspec.applicationDatabase.security.tls.prefix
fields are now deprecated and will be removed in a future release.To enable TLS for Ops Manager resources, provide a value for the
spec.security.certsSecretPrefix
field.To enable TLS for Application Database resources, provide a value for the
spec.applicationDatabase.security.certsSecretPrefix
field.
New Images
Find all new images at:
https://quay.io/repository/mongodb (ubuntu-based)
https://connect.redhat.com/ (rhel-based)
MongoDB Enterprise Kubernetes Operator 1.14 Series
MongoDB Enterprise Kubernetes Operator 1.14.0
Released 2021-12-16
Kubernetes Operator
Kubernetes Operator version 1.15.1 fixes an issue that prevented the Kubernetes Operator upgrade when managing a TLS-enabled Application Database whose TLS certificate is stored in an Opaque secret.
We recommend that you upgrade to Kubernetes Operator version 1.16.0 or later.
We strongly advise against upgrading to Kubernetes Operator version 1.14.0 or 1.15.0.
Changes
The Kubernetes Operator now supports HashiCorp Vault as a secret storage tool. To store secrets in Vault instead of Kubernetes secrets, see Configure Secret Storage.
MongoDB
Resource
Changes
This release adds the
spec.backup.autoTerminateOnDeletion
setting, which indicates if the Kubernetes Operator should stop and terminate the backup when you delete theMongoDB
resource.
Bug Fixes
Fixes an issue that caused a
ShardedCluster
resource to fail when disabling authentication.
MongoDBOpsManager
Resource
Changes
This release adds the ability to configure S3 oplog stores using the
spec.backup.s3OpLogStores.name
setting and other related settings.
Bug Fixes
Fixes an issue that prevented the Kubernetes Operator from triggering a resource reconciliation when rotating the Application Database TLS certificate.
Fixes an issue where the Kubernetes Operator didn't mount the custom CA specified in the
MongoDBOpsManager
resource into the Backup Daemon Pod. This issue prevented backups from working when you configured Ops Manager to run in hybrid mode and used a custom CA.
MongoDB Enterprise Kubernetes Operator 1.13 Series
MongoDB Enterprise Kubernetes Operator 1.13.0
Released 2021-10-21
Kubernetes Operator
Warning
Breaking Changes
The Kubernetes Operator no longer generates TLS certificates for
MongoDB
and MongoDBOpsManager
resources.
Changes
The Kubernetes Operator now integrates with the Gatekeeper Open Policy Agent (OPA). This allows you to control your deployments with policies set in the OPA Gatekeeper.
The Kubernetes Operator can now watch a list of namespaces. To learn more, see Operator Uses a Subset of Namespaces.
When deploying resources to more than one namespace, create
imagePullSecrets
only in the namespace where you installed the Kubernetes Operator. The Kubernetes Operator synchronizes this secret across all watched namespaces.The
spec.credentials
secret now accepts fields namedpublicKey
andprivateKey
. Use these fields instead of theuser
andpublicApiKey
fields supported in previous releases.
The Kubernetes Operator now supports TLS secrets of the kubernetes.io/tls type.
The Kubernetes Operator reads these secrets and automatically generates new
.pem
files that contain the concatenatedtls.crt
andtls.key
fields when you update these secrets.This removes the need to manually concatenate these vales to create
.pem
files and enables you to natively reference secrets that Kubernetes-native tools, such as cert-manager, generate.
For TLS-enabled resources, the operator now watches the ConfigMap that contains the CA and the secrets that contain TLS certificates. Changes to these ConfigMaps and secrets now trigger a reconciliation of the related resource.
MongoDB
Resource
Warning
Breaking Changes
This release removes the spec.project
setting from the
MongoDB Database Resource Specification.
If your MongoDB
resource specifications use the
spec.project
setting, update your specifications to instead
use spec.opsManager.configMapRef.name
or
spec.cloudManager.configMapRef.name
before you upgrade the
Kubernetes Operator to 1.13.0 or later.
Changes
This release adds several new fields that determine the names that you must give the secrets that contain your TLS and X.509 certificates for MongoDB resources.
To learn more, see
spec.security.certsSecretPrefix
and the Secure Client Connections tutorials.
Bug Fixes
Fixes an issue where Sharded Cluster backups could not be correctly configured using
MongoDB
resource specifications.Fixes an issue where Backup Daemon fails to start after you update an Ops Manager deployment by updating
spec.version
.
MongoDBOpsManager
Resource
The Kubernetes Operator now reports the status of file system snapshot stores that you configure in the
spec.backup.fileSystemStores
setting in theMongoDBOpsManager
resource specification.You must manually configure the file system snapshot stores.
This release adds a new field,
spec.backup.externalServiceEnabled
, to theMongoDBOpsManager
resource specification.By default, the Kubernetes Operator creates a LoadBalancer service when you enable queryable backups.
Set
spec.backup.externalServiceEnabled
tofalse
before you enable queryable backups to prevent the Kubernetes Operator from creating a LoadBalancer service.The Kubernetes Operator now automatically upgrades personal API keys to programmatic API keys when you upgrade an Ops Manager deployment to version 5.0.0 or later. You no longer must change the keys manually to upgrade your deployment.
This release adds the
spec.security.certsSecretPrefix
field to determine the name that you must give the secret that contains your TLS certificate forMongoDBOpsManager
resources.To learn more, see
spec.security.certsSecretPrefix
and the HTTPS tab in the Deploy an Ops Manager Resource tutorial.
MongoDBUser
Resource
Warning
Breaking Changes
This release removes the spec.project setting from the MongoDBUser
CustomResourceDefinition.
If your MongoDBUser
resource specifications use the
spec.project setting, update your specifications to instead
use spec.MongoDBResourceRef.name
before you upgrade the
Kubernetes Operator to 1.13.0 or later.
Miscellaneous
Ops Manager 4.4.7, 4.4.9, 4.4.10, 4.4.11, 4.4.12 and 4.4.13 base images have been updated to Ubuntu 20.04.
Ops Manager versions 4.4.16 and 5.0.1 are now supported.
MongoDB Enterprise Kubernetes Operator 1.12 Series
MongoDB Enterprise Kubernetes Operator 1.12.0
Released 2021-07-15
MongoDB
Resource
If you set
spec.externalConnectivity
tofalse
after it was set totrue
, the Kubernetes Operator deletes the corresponding service.
Bug Fixes
Fixes a bug where you could specify
net.ssl.mode
and notnet.tls.mode
inspec.additionalMongodConfig
.
MongoDBOpsManager
Resource
If you set
spec.externalConnectivity
tofalse
after it was set totrue
, the Kubernetes Operator deletes the corresponding service.You can specify the number of backup daemon Pods with
spec.backup.members
. If not set, the value defaults to1
.
Changes to Images and Supported Versions
The Kubernetes Operator now supports the following Ops Manager versions:
4.4.13, 4.4.14, 4.4.15, 4.2.25 and 5.0.0.
Before upgrading Ops Manager to version 5.0.0, check that the Kubernetes Operator uses a programmatic API key.
Ubuntu based Kubernetes Operator images are now based on Ubuntu 20.04 instead of Ubuntu 16.04.
Ubuntu based MongoDB images starting from 2.0.1 are based on Ubuntu 18.04 instead of Ubuntu 16.04.
Warning
MongoDB 4.0. does not support Ubuntu 18.04
MongoDB 4.0. does not support Ubuntu 18.04. If you want to use MongoDB 4.0. with the Kubernetes Operator, use previously released images.
Ubuntu based Ops Manager images after 4.4.13 are based on Ubuntu 20.04 instead of Ubuntu 16.04.
Newly released UBI images for the Kubernetes Operator, Ops Manager and MongoDB are based on
ubi-minimal
instead ofubi
.
MongoDB Enterprise Kubernetes Operator 1.11 Series
MongoDB Enterprise Kubernetes Operator 1.11.0
Released 2021-06-03
Kubernetes Operator
Removes the topic "Migrate to One Resource per Project (Required for Version 1.3.0)" from the current documentation because v.1.3.0 is EOL. This topic has been archived.
Bug Fixes
Fixes an issue with the Liveness Probe that could cause the database Pods to be restarted in the middle of a restore operation from Backup.
New Images
mongodb-agent 10.29.0.6830-1
located in the following registries:UBI images: quay.io/mongodb/mongodb-agent-ubi:10.29.0.6830-1
Ubuntu images: quay.io/mongodb/mongodb-agent:10.29.0.6830-1
mongodb-enterprise-appdb-database
located in the following registries:UBI images: quay.io/mongodb/mongodb-enterprise-appdb-database-ubi
Ubuntu images: quay.io/mongodb/mongodb-enterprise-appdb-database
mongodb-enterprise-init-appdb 1.0.7
located in the following registries:UBI images: quay.io/mongodb/mongodb-enterprise-init-appdb-ubi:1.0.7
Ubuntu images: quay.io/mongodb/mongodb-enterprise-init-appdb:1.0.7
mongodb-enterprise-init-database 1.0.3
located in the following registries:
MongoDBOpsManager
Resource
Warning
Breaking Changes
Beginning with this release, you can use any version of MongoDB for the Application Database. You must specify this version explicitly when you deploy the
MongoDBOpsManager
resource.To upgrade the Kubernetes Operator, you must specify the Application Database's version. Check that the
spec.applicationDatabase.version
has a value in your configuration files for theMongoDBOpsManager
custom resource deployment.Each Application Database Pod consists of the following containers (instead of one container with a bundled MongoDB version, as in previous releases):
mongodb
mongodb-agent
mongodb-agent-monitoring
The
spec.applicationDatabase.persistent
setting is removed. The Kubernetes Operator always uses persistent volumes for the Application Database deployed by yourMongoDBOpsManager
custom resources.
MongoDB Enterprise Kubernetes Operator 1.10 Series
MongoDB Enterprise Kubernetes Operator 1.10.0
Released 2020-03-25
Kubernetes Operator
Changes
Updates the CustomResourceDefinitions from the
v1beta1
version to thev1
version. Clusters on Kubernetes 1.16 and higher should remain unimpacted. The CustomResourceDefinitions cannot install in clusters on Kubernetes versions lower than 1.16.
Bug Fixes
Fixes an issue that prevented multiple Ops Manager resources from having the same name in different namespaces.
Fixes an issue that caused new MongoDB resources created with
spec.backup.mode=disabled
to fail.Fixes an issue with saving changes on the S3 Store page.
Fixes an issue that changed the replica set status to
Fail
, increased the replica set members, and disabled TLS.
MongoDBOpsManager
Resource
Known Issues
When you use remote or hybrid mode, and set
automation.versions.download.baseUrl
, you must set theautomation.versions.download.baseUrl.allowOnlyAvailableBuilds
property tofalse
. Ops Manager 4.4.11 fixes this issue.
MongoDB Enterprise Kubernetes Operator 1.9 Series
MongoDB Enterprise Kubernetes Operator 1.9.2
Released 2020-02-05
Kubernetes Operator
Bug Fixes
Fixes errors in the CSV (This only effects the Red Hat market)
MongoDBOpsManager
Resource
Known Issues
You can't use MongoDB 4.4 as an application database for an Ops Manager resource.
New Images
mongodb-enterprise-operator:1.9.2
You can find all images in the following registries:
Ubuntu-based images: https://quay.io/repository/mongodb
RHEL-based images: /mongodb-enterprise-operator
MongoDB Enterprise Kubernetes Operator 1.9.1
Released 2020-01-15
Kubernetes Operator
Bug Fixes
Fixes an issue where you could not specify the
service-account-name
in the StatefulSetpodSpec
override.Removes the unnecessary
delete service
permission from Operator role.
MongoDB
Resource
Bug Fixes
Fixes an issue where removing the
privileges
array inspec.security.roles
caused the resource to enter a bad state.
MongoDBOpsManager
Resource
Warning
Breaking Changes
This release introduces:
A new Application Database image,
mongodb-enterprise-appdb:10.2.15.5958-1_4.2.11-ent
. The image includes MongoDB4.2.11-ent
instead of4.2.2-ent
. You must push the new image to any private repositories that your Kubernetes Operator installation uses, otherwise theMongoDBOpsManager
resource won't start.A new required environment variable,
APPDB_AGENT_VERSION
. If you don't setAPPDB_AGENT_VERSION
, theMongoDBOpsManager
resource can't fetch the MongoDB Agent version for the Application Database.
Known Issues
You can't use MongoDB 4.4 as an application database for an Ops Manager resource.
Changes
The Ops Manager user now has backup, restore and hostManager roles, allowing for backups and restores on the Application Database.
If you omit
spec.applicationDatabase.version
, the Kubernetes Operator uses4.2.11-ent
as the default MongoDB version.
New Images
mongodb-enterprise-operator:1.9.1
mongodb-enterprise-appdb:10.2.15.5958-1_4.2.11-ent
mongodb-enterprise-init-appdb:1.0.2
mongodb-enterprise-init-database:1.0.6
You can find all images in the following registries:
Ubuntu-based images: https://quay.io/repository/mongodb
RHEL-based images: https://catalog.redhat.com/software/containers/mongodb/enterprise-operator/5b8052d069aea356ff258479
MongoDB Enterprise Kubernetes Operator 1.9.0
Released 2020-12-08
Kubernetes Operator
Bug Fixes
Fixes an issue where the Kubernetes Operator didn't close connections to Ops Manager, causing too many open file descriptors.
MongoDB
Resource
Changes
You can now configure continuous backup for a MongoDB database resource in its CustomResourceDefinition.
Note
To enable continuous backup in the MongoDB CustomResourceDefinition, you must
enable backup
in an Ops Manager instance that you deployed using the Kubernetes Operator.
MongoDBOpsManager
Resource
Known Issues
You can't use MongoDB 4.4 as an application database for an Ops Manager resource.
Changes
When you upgrade the Kubernetes Operator to this version, the Kubernetes Operator deletes and re-creates the Backup Daemon statefulset.
This is a safe operation.
The new Kubernetes service that enables Queryable Backups requires a change to the
matchLabels
Backup Daemon StatefulSet attribute.The Kubernetes Operator changes the way it collects the status of MongoDB Agent's in Application Database Pods.
New Images
mongodb-enterprise-operator:1.9.0
You can find all images in the following registries:
Ubuntu-based images: https://quay.io/repository/mongodb
RHEL-based images: https://catalog.redhat.com/software/containers/mongodb/enterprise-operator/5b8052d069aea356ff258479
MongoDB Enterprise Kubernetes Operator 1.8 Series
MongoDB Enterprise Kubernetes Operator 1.8.2
Released 2020-11-16
Known Issues
You can't use MongoDB 4.4 as an application database for an Ops Manager resource.
Bug Fix
Fixes an issue where the Ops Manager resource would reach a Failing
state when both spec.externalConnectivity
and
spec.backup.enabled
were enabled.
MongoDB Enterprise Kubernetes Operator 1.8.1
Released 2020-11-13
Known Issues
You can't use MongoDB 4.4 as an application database for an Ops Manager resource.
When both
spec.externalConnectivity
andspec.backup.enabled
are enabled in Ops Manager at the same time, the Ops Manager resource fails to reconcile.
Bug Fixes
Fixes a bug where
spec.security.authentication.ignoreUnknownUsers
could not be modified after creating a MongoDB resource.Fixes failed queryable backups. The Kubernetes Operator now creates a Kubernetes Service that Ops Manager uses to access backups.
Fixes an issue that made it impossible to move from non-TLS to a TLS-enabled Application Database.
Improvements
Init containers do not run as root.
Ops Manager Backup daemon runs in unprivileged mode.
To manage Database Pod resources, use the
spec.podSpec.podTemplate
MongoDB Custom Resource attribute. For an example resource definition of each supported type, see the samples/mongodb/podspec directory. The following attributes are deprecated:spec.podSpec.cpu
spec.podSpec.cpuRequests
spec.podSpec.memory
spec.podSpec.memoryRequests
New Images
New Ops Manager Images
For a list of the packages installed and any security vulnerabilities detected in the build process, see the Quay repository for the MongoDB Enterprise Operator and the MongoDB Enterprise Database.
MongoDB Enterprise Kubernetes Operator 1.8.0
Released 2020-09-30
Warning
Breaking Changes
The MongoDB Enterprise Database image now requires an init container.
If you are using a private repository, you must set the INIT_DATABASE_IMAGE_REPOSITORY
environment variable in the Operator deployment, and the new
init container must exist inside this repository.
MongoDB Resource Changes
Introduces new configuration fields:
spec.security.authentication.requireClientTLSAuthentication
for using the MongoDB Agent client certificate authentication in conjunction with any other authentication mechanism.spec.security.authentication.agents.clientCertificateSecretRef
for configuring the client TLS certificate used by the MongoDB Agent when enabling ClientTLSAuthentication.
Changes the default permissions of volumes created from secrets from
0644
to0640
.
Ops Manager Resource Changes
Allows the Application Database to be configured with SCRAM-SHA-256 authentication when using Ops Manager 4.4 or newer version.
Changes the validation of the Ops Manager
spec.version
field to allow for tags that do not match the semver requirements. Thespec.version
field must start with theMajor.Minor.Patch
string that represents the Ops Manager version. To learn more about this field, see Ops Manager Resource Specification.
Bug Fixes
Fixes an issue that caused the Operator to choose an incorrect project name when creating MongoDB users.
Fixes an issue that caused the MongoDB Ops Manager CRD to have the CA path in the incorrect location.
Fixes a bug where the MongoDB Agent could not correctly recognize the parameters that passed through
spec.agent.startupOptions
.Fixes an issue that could cause potential deadlock when certain configuration options are modified in parallel.
Known Issues
You can't use MongoDB 4.4 as an application database for an Ops Manager resource.
When you enable queryable backup, you must manually create two additional services for:
Exposing the queryable backup port (default: 25999) for the Ops Manager pod.
The Backup Daemon pod, to ensure that it is resolvable from the Ops Manager pod.
If you deploy Ops Manager in local mode and upgrade from v4.4.1, you must upgrade the MongoDB tools located in the
automation.versions.directory
, which defaults to/mongodb-ops-manager/mongodb-releases/
.
MongoDB Enterprise Kubernetes Operator 1.7 Series
MongoDB Enterprise Kubernetes Operator 1.7.1
Released 2020-09-02
MongoDB Resource Changes
Supports setting the Distinguished Name (DN) of the LDAP group to which the MongoDB Agent user belongs with the
spec.security.authentication.agents.automationLdapGroupDN
setting.Requires you to provide
spec.security.authentication.agents.mode
if you specify more than one mode inspec.security.authentication.modes
.Supports setting MongoDB Agent startup parameters for MongoDB Database resources with the following settings:
spec.applicationDatabase.agent.startupOptions
Bug Fixes
Ops Manager resources:
Fixes a bug where you could not enable
SCRAM-SHA
authentication for application database resources using certain MongoDB versions with Ops Manager 4.4.Fixes a bug where application database monitoring was not correctly configured in Ops Manager when you enabled TLS for the application database.
Fixes a bug to move the Ops Manager CA configuration from
spec.applicationDatabase.security.tls.ca
tospec.security.tls.ca
.
MongoDB resources:
Fixes a bug that prevented you from increasing or decreasing the number of members in a replica set or a sharded cluster by more than one member at a time for MongoDB 4.4 deployments.
Fixes an issue where the Kubernetes Operator could not enable agent authentication if you enabled
LDAP
authentication for a MongoDB resource.Fixes an issue where you could not create
SCRAM
users and enableSCRAM
authentication in any order for a MongoDB resource.Fixes an issue where the Kubernetes Operator did not remove the backup automation configuration before starting the agent on a MongoDB resource Pod.
Known Issues
If you enable TLS on the application database, you must not provide the
spec.applicationDatabase.version
field in an Ops Manager resource definition.You can't use MongoDB 4.4 as an application database for an Ops Manager resource.
When you upgrade to the Kubernetes Operator 1.7.1, you might have to delete the
mongodb-enterprise-operator
deployment due to deployment configuration changes.This is a safe operation. Deleting the
mongodb-enterprise-operator
Pod does not affect the MongoDB custom resources.If you use TLS certificates signed by a custom CA, you must:
Omit the
spec.version.applicationDatabase
setting from your Ops Manager resource definition, andDeploy Ops Manager in local mode. You must manually copy installation archives for all MongoDB versions you want to use to a Persistent Volume for the Ops Manager StatefulSet.
MongoDB Enterprise Kubernetes Operator 1.7.0
Released 2020-08-14
Important
Final Release with OpenShift 3.11 Support
Kubernetes Operator 1.7.x is the final minor version release series that supports OpenShift 3.11. Do not upgrade to any future major or minor version releases if you want to continue to deploy the Kubernetes Operator using OpenShift 3.11.
The planned end of life for the Kubernetes Operator 1.7.x release series is July 2021.
Docker Image Changes
All Kubernetes Operator Red Hat Docker images are now based on UBI 8. In the previous release, Kubernetes Operator Red Hat Docker images were based on UBI 7.
MongoDB Resource Changes
Supports LDAP as an authorization mechanism for MongoDB database resources you deploy with the Kubernetes Operator. For more information, see the sample LDAP configurations on GitHub
Bug Fixes
Fixes a bug that prevented scaling down a replica set from three members to one member.
Known Issues
Ops Manager cannot monitor Application Databases secured using TLS.
For MongoDB 4.4 deployments, you can increase or decrease the number of members in a replica set or a sharded cluster by only one member at a time.
MongoDB Enterprise Kubernetes Operator 1.6 Series
MongoDB Enterprise Kubernetes Operator 1.6.1
Released 2020-07-30
Ops Manager Resource Changes
Ops Manager image for version 4.4.0 is available.
Docker Image Changes
The Red Hat
database
andoperator
Docker images are now based on the latest UBI 7 release. Two high criticality issues have been resolved.The following Docker images have been released:
Image TypeUbuntu 16.04Red Hat UBI 7Kubernetes Operator
quay.io/mongodb/mongodb-enterprise-operator:1.6.1quay.io/mongodb/mongodb-enterprise-operator-ubi:1.6.1MongoDB Databasequay.io/mongodb/mongodb-enterprise-database:1.6.1quay.io/mongodb/mongodb-enterprise-database-ubi:1.6.1Ops Manager
quay.io/mongodb/mongodb-enterprise-ops-manager:4.4.0quay.io/mongodb/mongodb-enterprise-ops-manager-ubi:4.4.0
Bug Fixes
Fixes a bug where the Kubernetes Operator did not store a configuration of your deployed resources in a secret.
Fixes a bug where the Kubernetes Operator did not allow passwords of any length or complexity for Application Database, oplog store, and blockstore database resources defined in Ops Manager resources.
Fixes a bug where the authentication configuration was not removed from Ops Manager or Cloud Manager projects when you remove a MongoDB database resource.
MongoDB Enterprise Kubernetes Operator 1.6.0
Released 2020-07-16
MongoDB Resource Changes
Supports LDAP as an authentication mechanism for MongoDB database resources you deploy with the Kubernetes Operator. For more information, see the sample LDAP configurations on GitHub.
Note
LDAP authorization is not yet supported.
Kubernetes Operator Changes
Preserves backup history by retaining Ops Manager cluster records when you enable backup.
Bug Fixes
Fixes a bug that prevented the Kubernetes Operator from raising errors when a
projectName
contained spaces.Fixes a bug that prevented Ops Manager to monitor for all MongoDB database resources that you deploy with the Kubernetes Operator.
MongoDB Enterprise Kubernetes Operator 1.5 Series
MongoDB Enterprise Kubernetes Operator 1.5.5
Released 2020-07-02
MongoDB Resource Changes
Provides additional options for more granular configuration of
mongod
/mongos
processes. You can find an example of how to apply these options in the/samples/mongodb/mongodb-options
file of the MongoDB Enterprise Kubernetes Operator repository.
Bug Fixes
Fixes a bug introduced in 1.5.4 where MongoDB Enterprise Kubernetes Operator would not tag projects correctly when working on Ops Manager versions older than 4.2.2. In this version, MongoDB Enterprise Kubernetes Operator tags the projects correctly.
MongoDB Enterprise Kubernetes Operator 1.5.4
Released 2020-06-22
MongoDB Resource Changes
Allows modification of authentication settings using the Cloud Manager or Ops Manager UI if the
spec.security.authentication
setting is not provided in the MongoDB resource object definition.
Kubernetes Operator Changes
Supports Helm installation with
helm install
in addition tohelm template | kubectl apply
.helm install
is now the recommended way to install with Helm.Supports configuring the MongoDB Agent authentication mechanism independently from the cluster authentication mechanism.
Supports configuring monitoring for the Application Database to send metrics to Ops Manager. To learn more about the monitoring function of the MongoDB Agent, see MongoDB Agent.
Bug Fixes
Fixes a bug that affected transitioning authentication mechanisms from X.509 to SCRAM.
Fixes a bug that prevented the MongoDB Agent from reaching a goal state if SCRAM configuration was changed in the Ops Manager UI.
MongoDB Enterprise Kubernetes Operator 1.5.3
Released 2020-05-29
Kubernetes Operator Changes
Passes Ops Manager and MongoDB deployment configuration properties as Secret environment variables.
Bug Fixes
Correctly configures shutdown timeouts for Ops Manager and the Backup Daemon.
Fixes an issue where Kubernetes Operator-watched Secrets and ConfigMaps triggered unnecessary reconciliations.
Fixes an issue where the status of custom resources failed to update in OpenShift 3.11.
MongoDB Enterprise Kubernetes Operator 1.5.2
Released 2020-05-08
Ops Manager Resource Changes
Runs Ops Manager and Backup Daemon pods under a dedicated service account.
Kubernetes Operator Changes
Can configure the Kubernetes Operator to watch a subset of provided CustomResourceDefinitions. You can find more information in the documentation.
Can generate CustomResourceDefinitions without using subresources. Some versions of Openshift 3.11 require this capability. To avoid using subresources, use
--set subresourceEnabled=false
when installing the Kubernetes Operator with helm.
Bug Fixes
Fixes setting the
spec.statefulSet
andspec.backup.statefulSet
fields on theMongoDBOpsManager
Resource.Fixes an issue that requires a restart of the Kubernetes Operator during setup of webhook.
Fixes an issue that could make an Ops Manager resource to reach an unrecoverable state if the provided admin password has insufficient strength.
MongoDB Enterprise Kubernetes Operator 1.5.1
Released 2020-04-30
Deprecates the generation of TLS certificates by the Kubernetes Operator. If you use Kubernetes Operator-generated certificates, warning messages now appear in the Kubernetes Operator logs. To configure secure deployments, see Secure Client Connections.
Bug Fixes
Fixes an issue where, when no authentication is configured by the
Kubernetes Operator, the Kubernetes Operator disables authentication in Cloud Manager or Ops Manager.
The Kubernetes Operator no longer disables authentication unless you
explicitly set spec.security.authentication.enabled
to
false
.
Known Issues
When you configure the
spec.statefulSet.spec
and
spec.backup.statefulSet.spec
settings of the
MongoDBOpsManager resource, you can only
configure the spec.statefulSet.spec.template
and
spec.backup.statefulSet.spec.template
fields. Any other
spec.statefulSet.spec
or
spec.backup.statefulSet.spec
field has no effect.
MongoDB Enterprise Kubernetes Operator 1.5.0
Released 2020-04-24
Kubernetes Operator Changes
Adds the ability to start the Kubernetes Operator with some but not all
MongoDB CustomResourceDefinitions installed. Administrators can specify the container
argument watch-resource
to limit the Kubernetes Operator to deploy either
MonogDB instances or Ops Manager, or both.
Warning
Breaking Changes
Adds the following new Kubernetes Operator configuration properties:
INIT_OPS_MANAGER_IMAGE_REPOSITORY
INIT_APPDB_IMAGE_REPOSITORY
APPDB_IMAGE_REPOSITORY
When using a private docker registry, these properties must point to the relevant registries after you copy the images from the MongoDB distribution channels.
MongoDB Resource Changes
Increases support for custom TLS certificates with the
spec.security.tls.secretRef
andspec.security.tls.ca
configuration settings.Deprecates TLS certificate generation by the Kubernetes Operator. Migrating to custom TLS certificates is recommended.
Ops Manager Resource Changes
Releases the MongoDBOpsManager resource as Generally Available (GA). MongoDB now supports using the Kubernetes Operator to deploy Ops Manager resources to Kubernetes in production environments.
Supports Backup Blockstore Snapshot Stores.
Defaults to the Application Database as a metadata database for Backup S3 Snapshot Stores.
Supports
spec.jvmParameters
andspec.backup.jvmParameters
to add or override JVM parameters in Ops Manager and Backup Daemon processes.Automatically configures Ops Manager and Backup Daemon JVM memory parameters based on Pod memory availability.
Supports TLS for Ops Manager and the Application Database.
Adds more detailed information to the
status
field.Supports Ops Manager Local Mode for
MongoDBOpsManager
resources with multiple replicas by enabling users to specifyPersistentVolumeClaimTemplates
inspec.statefulSet.spec
.Implements a new image versioning scheme.
Warning
Breaking Changes
Removes the
spec.podSpec
configuration setting. Usespec.statefulSet.spec
instead.Removes the
spec.backup.podSpec
configuration setting. Usespec.backup.statefulSet.spec
instead.
See the sample YAML files for new feature usage examples.
MongoDB Enterprise Kubernetes Operator 1.4 Series
MongoDB Enterprise Kubernetes Operator 1.4.5
Fixes CVE-2020-7922: Kubernetes Operator generates potentially insecure certificates.
CVE Description
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Kubernetes Operator to generate their X.509 certificates are unaffected.
Common Weakness Enumeration
CWE-295: Improper Certificate Validation CVSS score: 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Versions
1.0, 1.1
1.2.0 - 1.2.4
1.3.0 - 1.3.1
1.4.0 - 1.4.4
Fixed Versions
1.2.5
1.4.5 and above
MongoDB Enterprise Kubernetes Operator 1.4.4
MongoDB Resource Changes
Supports changes in the Cloud Manager API.
Ops Manager Resource Changes (Beta Release)
Properly terminates resources with a termination hook.
Implements stricter validations.
Bug Fixes
MongoDB resources:
Fixes an issue when working with Ops Manager with custom HTTPS certificates.
MongoDB Enterprise Kubernetes Operator 1.4.3
Released 2020-02-24
Kubernetes Operator Changes
Adds a webhook to validate a Kubernetes Operator configuration.
MongoDB Resource Changes
Adds support for sidecars for
MongoDB
resource pods using thespec.podSpec.podTemplate
setting.Allows users to change the
PodSecurityContext
to allow privileged sidecar containers.
Ops Manager Resource Changes (Beta Release)
Adds the
spec.podSpec
configuration settings for Ops Manager, the Backup Daemon, and the Application Database. See Ops Manager Resource Specification.Ops Manager image for version 4.2.8 is available.
Bug Fixes
MongoDB resources:
Fixes potential race conditions when deleting
MongoDB
resources.
Ops Manager resources:
Supports the
spec.clusterDomain
setting for Ops Manager and Application Database resources.No longer starts monitoring and backup processes for the Application Database.
See the sample YAML files for new feature usage examples.
MongoDB Enterprise Kubernetes Operator 1.4.2
Released 2020-01-24
MongoDB Resource Changes
Runs MongoDB database Kubernetes Pods under a dedicated Kubernetes service account:
mongodb-enterprise-database-pods
.Adds the
spec.podSpec.podTemplate
setting, which allows you to apply templates to Kubernetes Pods that the Kubernetes Operator generates for each database StatefulSet.Renames the
spec.clusterName
setting tospec.clusterDomain
.
Ops Manager Resource Changes (Beta Release)
Adds offline mode support for the Application Database. Bundles MongoDB Enterprise version 4.2.2 with the Application Database image. Internet access is not required to install the application database if
spec.applicationDatabase.version
is set to"4.2.2-ent"
or omitted.Renames the
spec.clusterName
setting tospec.clusterDomain
.Ops Manager images for versions 4.2.6 and 4.2.7 are available.
Bug Fixes
MongoDB resources:
Fixes the order of sharded cluster component creation.
Allows TLS to be enabled on Amazon EKS.
Ops Manager resources:
Enables the Kubernetes Operator to use the
spec.clusterDomain
setting.
See the sample YAML files for new feature usage examples.
MongoDB Enterprise Kubernetes Operator 1.4.1
Released 2019-12-13
Includes CVE fixes and RHSA security fixes.
Fixes an issue that prevented backup from starting on MongoDB 4.0.
MongoDB Enterprise Kubernetes Operator 1.4.0
Released 2019-12-09
MongoDB Resource Changes
Adds split horizon DNS support for MongoDB replica sets, which allows clients to connect to a replica set from outside of the Kubernetes cluster.
Supports requests for Kubernetes Operator-generated certificates for additional certificate domains, which makes them valid for the specified subdomains.
Ops Manager Resource Changes (Beta Release)
Promotes the
MongoDBOpsManager
resource to Beta. Ops Manager version 4.2.4 is available.Supports Backup and restore in Kubernetes Operator-deployed Ops Manager instances. This is a semi-automated process that deploys everything you need to enable backups in Ops Manager. You can enable Backup by setting the
spec.backup.enabled
setting in the Ops Manager custom resource. You can configure the Head Database, Oplog Store, and S3 Snapshot Store by using theMongoDBOpsManager
resource specification.Supports access to Ops Manager from outside the Kubernetes cluster through the
spec.externalConnectivity
setting.Enables SCRAM-SHA-1 authentication on Ops Manager's Application Database by default.
Adds support for OpenShift (Red Hat UBI Images).
For more information on how to enable new features, see the sample YAML files in the samples directory.
Bug Fixes
Improves overall stability of X.509 user management.
MongoDB Enterprise Kubernetes Operator 1.3 Series
MongoDB Enterprise Kubernetes Operator 1.3.1
Released 2019-11-08
Important
This release introduces significant changes that may not be compatible with previous deployments or resource configurations. Migrate to one resource per project before upgrading the Kubernetes Operator.
MongoDB Resource Changes
Requires one MongoDB resource per Ops Manager project. If you have more than one MongoDB resource in a project, all resources will change to a
Pending
status and the Kubernetes Operator won’t perform any changes on them. The existing MongoDB databases will still be accessible. You must migrate to one resource per project.Supports
SCRAM-SHA
authentication mode. See the MongoDB Enterprise Kubernetes Operator GitHub repository for examples.Requires that the project (ConfigMap) and credentials (secret) referenced from a MongoDB resource be in the same namespace.
Adds OpenShift installation files (YAML file and Helm chart configuration).
Ops Manager Resource Changes (Alpha Release)
Supports highly available Ops Manager resources by introducing the
spec.replicas
setting.Runs Pods as a non-root user.
MongoDB Enterprise Kubernetes Operator 1.3.0
Released 2019-10-25
Important
This release introduces significant changes that may not be compatible with previous deployments or resource configurations. Migrate to one resource per project before installing or upgrading the Kubernetes Operator.
Specification Schema Changes
Moves to a one resource per project configuration. This follows the warnings introduced in a previous version of the operator. The operator now requires each cluster to be contained within a new project.
Authentication settings are now contained within the security section of the MongoDB resource specification rather than the project ConfigMap.
Replaces the
project
field with thespec.opsManager.configMapRef.name
orspec.cloudManager.configMapRef.name
fields.User resources now refer to MongoDB resources rather than project ConfigMaps.
No longer requires
data.projectName
in the project ConfigMap. The name of the project defaults to the name of the MongoDB resource in Kubernetes.
Ops Manager Resource Changes (Alpha Release)
This release introduces significant changes to the Ops Manager resource's architecture. The Ops Manager application database is now managed by the Kubernetes Operator, not by Ops Manager.
Bug Fixes
Stops unnecessary recreation of NodePorts.
Fixes logging so it's always in JSON format.
Sets
USER
in the Kubernetes Operator Docker image.
MongoDB Enterprise Kubernetes Operator 1.2 Series
MongoDB Enterprise Kubernetes Operator 1.2.5
Fixes CVE-2020-7922: Kubernetes Operator generates potentially insecure certificates.
CVE Description
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Kubernetes Operator to generate their X.509 certificates are unaffected.
Common Weakness Enumeration
CWE-295: Improper Certificate Validation CVSS score: 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Versions
1.0, 1.1
1.2.0 - 1.2.4
1.3.0 - 1.3.1
1.4.0 - 1.4.4
Fixed Versions
1.2.5
1.4.5 and above
MongoDB Enterprise Kubernetes Operator 1.2.4
Released 2019-10-02
Increases stability of Sharded Cluster deployments.
Improves internal testing infrastructure.
MongoDB Enterprise Kubernetes Operator 1.2.3
Released 2019-09-13
Update: The MongoDB Enterprise Kubernetes Operator will remove support for multiple clusters per project in a future release. If a project contains more than one cluster, a warning will be added to the status of the MongoDB Resources. Additionally, any new cluster being added to a non-empty project will result in a Failed state, and won't be processed.
Fix: The overall stability of the operator has been improved. The operator is now more conservative in resource updates both on Kubernetes and Cloud Manager or Ops Manager.
MongoDB Enterprise Kubernetes Operator 1.2.2
Released 2019-08-30
Security Fix: Clusters configured by Kubernetes Operator versions 1.0 through 1.2.1 used an insufficiently strong keyfile for internal cluster authentication between
mongod
processes. This only affects clusters which are using X.509 for user authentication, but are not using X.509 for internal cluster authentication. Users are advised to upgrade to version 1.2.2, which will replace all managed keyfiles.Security Fix: Clusters configured by Kubernetes Operator versions 1.0 through 1.2.1 used an insufficiently strong password to authenticate the MongoDB Agent. This only affects clusters which have been manually configured to enable
SCRAM-SHA-1
, which is not a supported configuration. Users are advised to upgrade to version 1.2.2, which will reset these passwords.
MongoDB Enterprise Kubernetes Operator 1.2.1
Released 2019-08-23
Fix: The Kubernetes Operator no longer recreates CSRs when X.509 authentication is enabled and the approved CSRs have been deleted.
Fix: If the
OPERATOR_ENV
environment variable is set to something unrecognized by the Kubernetes Operator, it will no longer result in aCrashLoopBackOff
of the pod. A default value ofprod
is used.The Kubernetes Operator now supports more than 100 agents in a given project.
MongoDB Enterprise Kubernetes Operator 1.2.0
Released 2019-08-13
GA Release
Adds a readinessprobe to the MongoDB Pods to improve the reliability of rolling upgrades.
Alpha Release
This feature is an alpha release. It is not ready for production use.
Can use the Kubernetes Operator to manage Ops Manager 4.2. To deploy an |onprem| instance, you use a new resource:
MongoDBOpsManager
.
MongoDB Enterprise Kubernetes Operator 1.1 Series
MongoDB Enterprise Kubernetes Operator 1.1
Released 2019-07-19
Fix: Adds sample yaml files, in particular, the attribute related to featureCompatibilityVersion.
Fix: TLS can be disabled in a deployment.
Improvement: Adds script in the support directory that can gather information of your MongoDB resources in Kubernetes.
Improvement: In a TLS environment, the Kubernetes Operator can use a custom CA. All the certificates must be passed as secret objects.
MongoDB Enterprise Kubernetes Operator 1.0 Series
MongoDB Enterprise Kubernetes Operator 1.0
Released 2019-06-18
Supports Kubernetes v1.11 or later.
Provisions any kind of MongoDB deployment in the Kubernetes Cluster of your Organization:
Configures TLS on the MongoDB deployments and encrypt all traffic. Hosts and clients can verify each other’s identities.
Manages MongoDB users.
Supports X.509 authentication to your MongoDB databases.
Tip
See also:
To learn how to install and configure the Operator, see Install and Configure the Kubernetes Operator.
Note
Questions about the Kubernetes Operator GA release
If you have any questions regarding this release, use the #enterprise-kubernetes Slack channel.
MongoDB Enterprise Kubernetes Operator Beta Series
MongoDB Enterprise Kubernetes Operator 0.12
Released 2019-06-07
Rolling upgrades of MongoDB resources ensure that
rs.stepDown()
is called for the primary member. Requires MongoDB patch version 4.0.8 and later or MongoDB patch version 4.1.10 and later.During a MongoDB major version upgrade, the
featureCompatibilityVersion
field can be set.Fixed a bug where replica sets with more than seven members could not be created.
X.509 Authentication can be enabled at the Project level. Requires Cloud Manager, Ops Manager patch version 4.0.11 and later, or Ops Manager patch version 4.1.7 and later.
Internal cluster authentication based on X.509 can be enabled at the deployment level.
MongoDB users with X.509 authentication can be created, using the new
MongoDBUser
custom resource.
MongoDB Enterprise Kubernetes Operator 0.11
Released 2019-04-29
NodePort
service creation can be disabled.TLS can be enabled for internal authentication between MongoDB in replica sets and sharded clusters. The TLS certificates are created automatically by the Kubernetes Operator. Refer to the sample
.yaml
files in the GitHub repository for examples.Wide or asterisk roles have been replaced with strict listing of verbs in
roles.yaml
.Printing
mdb
objects withkubectl
will provide more information about the MongoDB object: type, state, and MongoDB server version.
MongoDB Enterprise Kubernetes Operator 0.10
Released 2019-04-02
The Kubernetes Operator and database images are now based on ubuntu:16.04.
The Kubernetes Operator now uses a single CustomResourceDefinition named
MongoDB
instead of theMongoDbReplicaSet
,MongoDbShardedCluster
, andMongoDbStandalone
CRDs.Important
Follow the upgrade procedure to transfer existing
MongoDbReplicaSet
,MongoDbShardedCluster
, andMongoDbStandalone
resources to the new format.For a list of the packages installed and any security vulnerabilities detected in our build process, see:
MongoDB Enterprise Kubernetes Operator 0.9
Released 2019-03-19
The Operator and Database images are now based on
debian:stretch-slim
which is the latest and up-to-date Docker image for Debian 9.
MongoDB Enterprise Kubernetes Operator 0.8
Released 2019-02-26
Perform Ops Manager clean-up on deletion of MongoDB resource without the use of finalisers.
Bug fix: Race conditions when communicating with Ops Manager.
Bug fix:
ImagePullSecrets
being incorrectly initialized in OpenShift.Bug fix: Unintended fetching of closed projects.
Bug fix: Creation of duplicate organizations.
Bug fix: Reconciliation could fail for the MongoDB resource if some other resources in Ops Manager were in error state.
MongoDB Enterprise Kubernetes Operator 0.7
Released 2019-02-01
Improved detailed status field for MongoDB resources.
The Kubernetes Operator watches changes to configuration parameters in a project configMap and the credentials secret then performs a rolling upgrade for relevant Kubernetes resources.
Added JSON structured logging for MongoDB Agent Pods.
Support DNS SRV records for MongoDB access.
Bug fix: Avoiding unnecessary reconciliation.
Bug fix: Improved Ops Manager/Cloud Manager state management for deleted resources.
MongoDB Enterprise Kubernetes Operator 0.6
Released 2018-12-17
Refactored code to use the controller-runtime library to fix issues where Operator could leave resources in inconsistent state. This also introduced a proper reconciliation process.
Added new
status
field for all MongoDB Kubernetes resources.Can configure Operator to watch any single namespace or all namespaces in a cluster (requires cluster role).
Improved database logging by adding a new configuration property
logLevel
. This property is set toINFO
by default. MongoDB Agent and MongoDB logs are merged in to a single log stream.Added new configuration Operator timeout. It defines waiting time for database pods start while updating
MongoDB
resources.Fix: Fixed failure detection for
mongos
.
MongoDB Enterprise Kubernetes Operator 0.5
Released 2018-11-14
Image for database no longer includes the binary for the Automation Agent. The container downloads the Automation Agent binary from Ops Manager when it starts.
Fix: Communication with Ops Manager failed if the project with the same name existed in different organization.
MongoDB Enterprise Kubernetes Operator 0.4
Released 2018-10-04
If a backup was enabled in Ops Manager for a Replica Set or Sharded Cluster that the Kubernetes Operator created, then the Kubernetes Operator disables the backup before removing a resource.
Improved persistence support:
The data, journal and log directories are mounted to three mountpoints in one or three volumes depending upon the
podSpec.persistence
setting.SettingMount Directories topodSpec.persistence.single
One volumepodSpec.persistence.multiple
Three volumesPrior to this release, only the data directory was mounted to persistent storage.
A new parameter,
labelSelector
, allows you to specify the selector for volumes that Kubernetes Operator should consider mounting.If StorageClass is not specified in the
persistence
configuration, then the defaultStorageClass
for the cluster is used. In most of public cloud providers, this results in dynamic volume provisioning.
MongoDB Enterprise Kubernetes Operator 0.3
Released 2018-08-07
The Operator no longer creates the CustomResourceDefinition objects. The user needs to create them manually. Download and apply this new yaml file (
crd.yaml
) to create/configure these objects.ClusterRoles are no longer required. How the Operator watches resources has changed. Until the last release, the Operator would watch for any resource on any namespace. With 0.3, the Operator watches for resources in the same namespace in which it was created. To support multiple namespaces, multiple Operators can be installed. This allows isolation of MongoDB deployments.
Permissions changes were made to how PersistentVolumes are mounted.
Added configuration to Operator to not create SecurityContexts