Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Kubernetes Operator, refer to the upgrade documentation.
  • Reference >
  • Ops Manager Resource Specification

Ops Manager Resource Specification

The MongoDB Enterprise Kubernetes Operator creates a containerized Ops Manager deployment from specification files that you write.

After you create or update an Ops Manager resource specification, you direct MongoDB Enterprise Kubernetes Operator to apply this specification to your Kubernetes environment. Kubernetes Operator creates the services and custom Kubernetes resources that Ops Manager requires, then deploys Ops Manager and its backing application database in containers in your Kubernetes environment.

Each Ops Manager resource uses an object specification in YAML to define the characteristics and settings of the deployment.

Example

The following example shows a resource specification for an Ops Manager deployment:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
apiVersion: mongodb.com/v1
kind: MongoDBOpsManager
metadata:
 name: om
spec:
 replicas: 1
 version: 4.2.6
 adminCredentials: ops-manager-admin
 configuration:
  mms.fromEmailAddr: admin@example.com
  mms.security.allowCORS: "false"
 backup:
  enabled: true
  headDB:
   storage: 30Gi
   labelSelector:
    matchLabels:
     app: my-app
  opLogStores:
   - name: oplog1
     mongodbResourceRef:
      name: my-oplog-db
     mongodbUserRef:
      name: my-oplog-user
  s3Stores:
   - name: s3store1
     mongodbResourceRef:
      name: my-s3-metadata-db
     mongodbUserRef:
      name: my-s3-store-user
     s3SecretRef:
       name: my-s3-credentials
     pathStyleAccessEnabled: true
     s3BucketEndpoint: s3.region.amazonaws.com
     s3BucketName: my-bucket

 applicationDatabase:
   passwordSecretKeyRef:
    name: om-db-user-secret
    key: password
   members: 3
   version: 4.2.2-ent
   persistent: true
   podSpec:
     cpu: 0.25

Required Ops Manager Resource Settings

This section describes settings that you must use for all Ops Manager resources.

apiVersion

Type: string

Required. Version of the MongoDB Kubernetes resource schema.

kind

Type: string

Required. Kind of MongoDB Kubernetes resource to create. Set this to MongoDBOpsManager.

metadata.name

Type: string

Required. Name of the MongoDB Kubernetes resource you are creating.

Resource names must be 44 characters or less.

spec.replicas

Type: number

Required. Number of Ops Manager instances to run in parallel.

The minimum accepted value is 1.

Highly Available Ops Manager Resources

For high availability, set this value to more than 1. Multiple Ops Manager instances can read from the same Application Database, ensuring failover if one instance is unavailable and enabling you to update the Ops Manager resource without downtime.

spec.version

Type: number

Required. Version of Ops Manager that you want to install on this MongoDB Kubernetes resource.

spec.adminCredentials

Type: string

Required. Name of the Kubernetes secret you created for the Ops Manager admin user. When you deploy the Ops Manager resource, Kubernetes Operator creates a user with these credentials.

The admin user is granted the Global Owner role.

spec.applicationDatabase.members

Type: integer

Required. Number of members in the Application Database replica set.

spec.applicationDatabase.version

Type: number

Optional. Version of MongoDB installed on the Ops Manager Application Database. If you don’t specify a specific version, Kubernetes Operator uses the default value.

This value defaults to 4.2.2-ent.

Deploy Ops Manager Resource Offline

To deploy Ops Manager inside Kubernetes without an Internet connection, omit this setting or leave the value empty. The Kubernetes Operator installs the bundled MongoDB Enterprise version 4.2.2 by default.

Note

If you update this value to a later version, consider setting spec.featureCompatibilityVersion to give yourself the option to downgrade if necessary.

Optional Ops Manager Resource Settings

Ops Manager resources can use the following settings:

spec.applicationDatabase

Type: collection

Ops Manager Application Database resource definition.

The following settings from the replica set resource specification are optional:

spec.applicationDatabase.passwordSecretKeyRef.name

Type: string

Name of the secret that contains the password for the Ops Manager database user mongodb-ops-manager. Ops Manager uses this password to authenticate to the Application Database.

spec.applicationDatabase.passwordSecretKeyRef.key

Type: string

Name of the field in the secret that contains the password for the Ops Manager database user mongodb-ops-manager. Ops Manager uses this password to authenticate to the Application Database.

The default value is password.

spec.applicationDatabase.security.tls.ca

Type: string

Name of the Kubernetes ConfigMap containing the CA file for the application database.

spec.applicationDatabase.security.tls.secretRef.name

Type: string

Name of the Kubernetes secret object created to secure the application database resources.

spec.backup.enabled

Type: boolean

Flag that enables Backup for your Ops Manager resource. When set to false, Backup is disabled.

Default value is true.

spec.backup.headDB

Type: collection

Configuration settings for the head database. Kubernetes Operator creates a Persistent Volume Claim with the specified configuration.

Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 30Gi.

Example

If the head database requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.backup.jvmParameters

Type: array of strings

Optional. JVM parameters passed to the Ops Manager backup service in the container.

This Kubernetes Operator parameter defaults to an empty list.

spec:
  backup:
    jvmParameters: ["-XX:+UseStringCache"]

Change the JVM Memory Heap values at your own risk

Kubernetes Operator calculates the JVM memory heap values of the backup service based on the container’s memory. Changing the -Xms and -Xmx values can cause issues with Ops Manager.

spec.backup.opLogStores

Type: collection

Required if you enable Backup.

Array of oplog stores used for Backup. Each item in the array references a MongoDB database resource deployed in the Kubernetes cluster by the Kubernetes Operator.

spec.backup.opLogStores.name

Type: string

Required if you enable Backup.

Name of the oplog store.

Important

Once specified, do not edit the name of the oplog store.

spec.backup.opLogStores.mongodbResourceRef.name

Type: string

Required if you enable Backup.

Name of the MongoDB database resource that you create to store oplog slices. You must deploy this database resource in the same namespace as the Ops Manager resource.

The Oplog database only supports the SCRAM authentication mechanism. You cannot enable other authentication mechanisms.

If you enable SCRAM authentication on the oplog database, you must:

  • Specify a MongoDB version earlier than v4.0 in the oplog database resource definition.
  • Create a MongoDB user resource to connect Ops Manager to the oplog database.
  • Specify the name of the user in the Ops Manager resource definition.

If a MongoDB database resource with this name doesn’t exist, the backup resource enters a Pending state. The Kubernetes Operator retries every 10 seconds until a MongoDB database resource with this name is created.

Note

The Kubernetes Operator begins to reconcile the Ops Manager resource automatically when you make security changes to the database resources you reference in this setting. The Kubernetes Operator updates the mongoURI and ssl flags in the Ops Manager configuration based on your changes.

spec.backup.opLogStores.mongodbUserRef.name

Type: string

Required if SCRAM authentication is enabled on the oplog store database.

Name of the MongoDB user resource used to connect to the oplog store database. Deploy this user resource in the same namespace as the Ops Manager resource and with the readWriteAnyDatabase and dbAdminAnyDatabase roles.

spec.backup.blockStores

Type: collection

Required if you enable Backup using a blockstore.

Array of blockstores used for Backup. Each item in the array references a MongoDB database resource deployed in the Kubernetes cluster by the Kubernetes Operator.

spec.backup.blockStores.name

Type: string

Required if you enable Backup using a blockstore.

Name of the blockstore.

Important

Once specified, do not edit the name of the blockstore.

spec.backup.blockStores.mongodbResourceRef.name

Type: string

Required if you enable Backup using a blockstore.

Name of the MongoDB database resource that you create for the blockstore. You must deploy this database resource in the same namespace as the Ops Manager resource.

The blockstore database only supports the SCRAM authentication mechanism. You cannot enable other authentication mechanisms.

If you enable SCRAM authentication on the blockstore database, you must:

  • Specify a MongoDB version earlier than v4.0 in the blockstore database resource definition.
  • Create a MongoDB user resource to connect Ops Manager to the blockstore database.
  • Specify the name of the user in the Ops Manager resource definition.

If a MongoDB database resource with this name doesn’t exist, the backup resource enters a Pending state. The Kubernetes Operator retries every 10 seconds until a MongoDB database resource with this name is created.

Note

The Kubernetes Operator begins to reconcile the Ops Manager resource automatically when you make security changes to the database resources you reference in this setting. The Kubernetes Operator updates the mongoURI and ssl flags in the Ops Manager configuration based on your changes.

spec.backup.blockStores.mongodbUserRef.name

Type: string

Required if SCRAM authentication is enabled on the blockstore database.

Name of the MongoDB user resource used to connect to the blockstore database. Deploy this user resource in the same namespace as the Ops Manager resource and with the readWriteAnyDatabase and dbAdminAnyDatabase roles.

spec.backup.statefulSet.spec

Type: collection

Specification for the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Backup Daemon Service.

To review which fields you can add to spec.backup.statefulSet.spec, see the Kubernetes documentation.

spec.backup.statefulSet.spec.template

Type: collection

Template for the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Backup Daemon Service.

Note

The Kubernetes Operator doesn’t validate the fields you provide in spec.backup.statefulSet.spec.template.

spec.backup.statefulSet.spec.template.metadata

Type: collection

Metadata for the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Backup Daemon Service.

To review which fields you can add to spec.backup.statefulSet.spec.template.metadata, see the Kubernetes documentation.

spec.backup.statefulSet.spec.template.spec

Type: collection

Specifications of the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Backup Daemon Service.

To review the complete list of fields you can add to spec.backup.statefulSet.spec.template.spec, see the Kubernetes documentation.

The following example spec.backup.statefulSet.spec.template.spec defines minimum and maximum CPU and memory capacity for one Backup Daemon Service container the MongoDB Enterprise Kubernetes Operator deploys:

statefulSet:
  spec:
    template:
      spec:
        containers:
        - name: mongodb-backup-daemon
          resources:
            requests:
              cpu: '0.50'
              memory: '4500M'
            limits:
              cpu: '1'
              memory: '6000M'
spec.backup.statefulSet.spec.template.spec.containers

Type: collection

List of containers that belong to the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Backup Daemon Service.

To modify the specifications of the Backup Daemon Service container, you must provide the exact name of the container using the name field, as shown in the following example:

backup:
 statefulSet:
   spec:
     template:
       spec:
         containers:
         - name: mongodb-backup-daemon

Note

When you add containers to spec.backup.statefulSet.spec.template.spec.containers, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the Backup Daemon Service containers in the pod.

spec.backup.statefulSet.spec.template.spec.containers.resources.requests.cpu

Type: string

Minimum CPU capacity that must be available on a Kubernetes node to host the Backup Daemon Service.

The requested value must be less than or equal to spec.backup.statefulSet.spec.template.spec.containers.resources.limits.cpu.

spec.backup.statefulSet.spec.template.spec.containers.resources.limits.cpu

Type: string

Maximum CPU capacity for the node being created to host the Backup Daemon Service. If omitted, this value is set to spec.backup.statefulSet.spec.template.spec.containers.resources.requests.cpu.

spec.backup.statefulSet.spec.template.spec.containers.resources.requests.memory

Type: string

Minimum memory capacity that must be available on a Kubernetes node to host the Backup Daemon Service on Kubernetes. This value is expressed as an integer followed by a unit of memory in JEDEC notation.

Note

Set this value to at least 4.5Gi. Values of less than 4.5Gi might result in an error.

The requested value must be less than or equal to spec.backup.statefulSet.spec.template.spec.containers.resources.limits.memory.

spec.backup.statefulSet.spec.template.spec.containers.resources.limits.memory

Type: string

Maximum memory capacity for the node being created to host the Backup Daemon Service. If omitted, this value is set to spec.backup.statefulSet.spec.template.spec.containers.resources.requests.memory.

The Kubernetes Operator calculates and sets parameters for Java heap size based on the container’s memory.

Limit this value to less than 32 GB

Setting this value to a value greater than 32 GB (32Gi) can cause issues with the backup service. Excessive heaps can cause unpredictable results in Ops Manager.

spec.backup.s3Stores.name

Type: string

Required if you enable Backup using an S3 store.

Name of the S3 snapshot store.

Important

Once specified, do not edit the name of the S3 snapshot store. This change will likely fail if backups use the old name. The consequences of a successful change are unpredictable.

spec.backup.s3Stores.mongodbResourceRef.name

Type: string

Name of the MongoDB database resource that you create to store metadata for the S3 snapshot store. You must deploy this database resource in the same namespace as the Ops Manager resource.

Note

Omit this setting to use the application database to store metadata for the S3 snapshot store.

If you omit this setting, you must also omit the spec.backup.s3Stores.mongodbUserRef.name setting. The Kubernetes Operator handles SCRAM user authentication internally.

If you enable SCRAM authentication on this database, you must:

  • Specify a MongoDB version earlier than v4.0 in the database resource definition.
  • Create a MongoDB user resource to connect Ops Manager to the database.
  • Specify the name of the user in the Ops Manager resource definition.

Important

Once specified, do not edit the name of the S3 snapshot store. This change will likely fail if backups use the old name. The consequences of a successful change are unpredictable.

If a MongoDB database resource with this name doesn’t exist, the backup resource enters a Pending state. The Kubernetes Operator retries every 10 seconds until a MongoDB database resource with this name is created.

Note

The Kubernetes Operator begins to reconcile the Ops Manager resource automatically when you make security changes to the database resources you reference in this setting. The Kubernetes Operator updates the mongoURI and ssl flags in the Ops Manager configuration based on your changes.

spec.backup.s3Stores.mongodbUserRef.name

Type: string

Required if you created a MongoDB database resource to store |s3| snapshot metadata and SCRAM is enabled on this database.

Name of the MongoDB user resource used to connect to the metadata database of the S3 snapshot store. Deploy this user resource in the same namespace as the Ops Manager resource and with the readWriteAnyDatabase and dbAdminAnyDatabase roles.

Important

Once specified, do not edit the name of the S3 metadata snapshot store username.

spec.backup.s3Stores.s3SecretRef.name

Type: string

Required if you enable Backup using an S3 store.

Name of the secret that contains the accessKey and secretKey fields. The Backup Daemon Service uses the values of these fields as credentials to access your AWS S3 or S3-compatible bucket. The S3 snapshot store can’t be configured if the secret is missimg either key.

spec.backup.s3Stores.pathStyleAccessEnabled

Type: boolean

Indicates the style of the bucket endpoint URL.

Value Description Example
true Path-style URL s3.amazonaws.com/<bucket>
false Virtual-host-style URL <bucket>.s3.amazonaws.com

Default value is true.

spec.backup.s3Stores.s3BucketEndpoint

Type: string

Required if you enable Backup using an S3 store.

URL of the AWS S3 bucket or S3-compatible bucket that hosts the snapshot store.

spec.backup.s3Stores.s3BucketName

Type: string

Required if you enable Backup using an S3 store.

Name of the AWS S3 bucket or S3-compatible bucket that hosts the snapshot store.

spec.clusterDomain

Type: string

Kubernetes assigns each pod a FQDN. The Kubernetes Operator calculates the FQDN for each pod using a provided clusterDomain. Kubernetes does not provide an API to query these hostnames.

spec.clusterName

spec.clusterName is Deprecated

Use spec.clusterDomain instead.

Type: string

Kubernetes assigns each pod a FQDN. The Kubernetes Operator calculates the FQDN for each pod using a provided clusterName. Kubernetes does not provide an API to query these hostnames.

spec.configuration

Type: collection

Ops Manager configuration properties. See Ops Manager Configuration Settings for property names and descriptions. Each property takes a value of type string.

Important

If Ops Manager will manage MongoDB resources deployed outside of the Kubernetes cluster it’s deployed to, you must add the mms.centralUrl setting to spec.configuration.

Set the value to the URL by which Ops Manager is exposed outside of the Kubernetes cluster.

spec.configuration.mms.mongoDbUsage.defaultUsageType

Type: string

The Kubernetes service’s default server type.

Accepted values are: PRODUCTION_SERVER, TEST_SERVER, DEV_SERVER, and RAM_POOL.

spec.externalConnectivity

Type: collection

Configuration object that enables external connectivity to Ops Manager. If provided, the Kubernetes Operator creates a Kubernetes service that allows traffic originating from outside of the Kubernetes cluster to reach the Ops Manager application.

If not provided, the Kubernetes Operator does not create a Kubernetes service. You must create one manually or use a third-party solution that enables you to route external traffic to the Ops Manager Application in your Kubernetes cluster.

spec.externalConnectivity.type

Type: string

The Kubernetes service ServiceType that exposes Ops Manager outside of Kubernetes.

Required if spec.externalConnectivity.type is present.

Accepted values are: LoadBalancer and NodePort. LoadBalancer is recommended if your cloud provider supports it. Use NodePort for local deployments.

spec.externalConnectivity.port

Type: integer

If spec.externalConnectivity.type is NodePort, the port on the Kubernetes service from which external traffic is routed to the Ops Manager Application.

Note

You must configure your network’s firewall to allow traffic over this port.

If spec.externalConnectivity.type is LoadBalancer, the load balancer resource that your cloud provider creates routes traffic to this port on the Kubernetes service. You don’t need to provide this value. Kubernetes uses an open port within the default range and handles internal traffic routing appropriately.

In both cases, if this value is not provided, the Kubernetes service routes traffic from an available port within the following default range to the Ops Manager Application: 30000-32767.

spec.externalConnectivity.loadBalancerIP

Type: string

The IP address the LoadBalancer Kubernetes service uses when the Kubernetes Operator creates it.

This setting can only be used if your cloud provider supports it and spec.externalConnectivity.type is LoadBalancer. To learn more about the Type LoadBalancer, see the Kubernetes documentation.

spec.externalConnectivity.externalTrafficPolicy

Type: string

Routing policy for external traffic to the Ops Manager Kubernetes service. The service routes external traffic to node-local or cluster-wide endpoints depending the value of this setting.

Accepted values are: Cluster and Local. To learn which of values meet your requirements, see Source IPs in Kubernetes in the Kubernetes documentation.

Note

If you select Cluster, the Source-IP of your clients are lost during the network hops that happen at the Kubernetes network boundary.

spec.externalConnectivity.annotations

Type: collection

Key-value pairs that allow you to provide cloud provider-specific configuration settings.

To learn more about Annotations and TLS support on AWS, see the Kubernetes documentation.

spec.jvmParameters

Type: array of strings

Optional. JVM parameters passed to the Ops Manager Application in the container. Any parameters given replace the default JVM parameters for the Ops Manager Application.

This Kubernetes Operator parameter defaults to an empty list.

spec:
  jvmParameters: ["-XX:+HeapDumpOnOutOfMemoryError","-XX:HeapDumpPath=/tmp"]

Change the JVM Memory Heap values at your own risk

Kubernetes Operator calculates its JVM memory heap values of the Ops Manager Application based on the container’s memory. Changing the -Xms and -Xmx values can cause issues with Ops Manager.

spec.security.tls.secretRef.name

Type: string

Name of the Kubernetes secret you created for your TLS certificate. Used when creating an Ops Manager instance which runs over HTTPS.

To learn how to configure your Ops Manager instance to run over HTTPS, see Deploy an Ops Manager Resource.

spec.statefulSet.spec

Type: collection

Specification for the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for Ops Manager.

To review which fields you can add to spec.statefulSet.spec, see the Kubernetes documentation.

spec.statefulSet.spec.template

Type: collection

Template for the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Ops Manager.

Note

The Kubernetes Operator doesn’t validate the fields you provide in spec.statefulSet.spec.template.

spec.statefulSet.spec.template.metadata

Type: collection

Metadata for the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Ops Manager.

To review which fields you can add to spec.statefulSet.spec.template.metadata, see the Kubernetes documentation.

spec.statefulSet.spec.template.spec

Type: collection

Specifications of the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Ops Manager.

To review the complete list of fields you can add to spec.statefulSet.spec.template.spec, see the Kubernetes documentation.

The following example spec.statefulSet.spec.template.spec defines minimum and maximum CPU and memory capacity for one Ops Manager container the MongoDB Enterprise Kubernetes Operator deploys:

statefulSet:
  spec:
    template:
      spec:
        containers:
          - name: mongodb-ops-manager
            resources:
              requests:
                cpu: '0.70'
                memory: '6Gi'
              limits:
                cpu: '1'
                memory: '7000M'
spec.statefulSet.spec.template.spec.containers

Type: collection

List of containers that belong to the Kubernetes pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the Ops Manager.

To modify the specifications of the Ops Manager container, you must provide the exact name of the container using the name field, as shown in the following example:

backup:
 statefulSet:
   spec:
     template:
       spec:
         containers:
         - name: mongodb-ops-manager

Note

When you add containers to spec.statefulSet.spec.template.spec.containers, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the Ops Manager containers in the pod.

spec.statefulSet.spec.template.spec.containers.resources.requests.cpu

Type: string

Minimum CPU capacity that must be available on a Kubernetes node to host the Ops Manager.

The requested value must be less than or equal to spec.statefulSet.spec.template.spec.containers.resources.limits.cpu.

spec.statefulSet.spec.template.spec.containers.resources.limits.cpu

Type: string

Maximum CPU capacity for the node being created to host the Ops Manager. If omitted, this value is set to spec.statefulSet.spec.template.spec.containers.resources.requests.cpu.

spec.statefulSet.spec.template.spec.containers.resources.requests.memory

Type: string

Minimum memory capacity that must be available on a Kubernetes node to host the Ops Manager on Kubernetes. This value is expressed as an integer followed by a unit of memory in JEDEC notation.

Example

If Ops Manager on Kubernetes requires 6 gigabytes of memory, set this value to 6Gi.

Note

MongoDB recommends setting this value to at least 5Gi.

The requested value must be less than or equal to spec.statefulSet.spec.template.spec.containers.resources.limits.memory.

spec.statefulSet.spec.template.spec.containers.resources.limits.memory

Type: string

Maximum memory capacity for the node being created to host the Ops Manager. If omitted, this value is set to spec.statefulSet.spec.template.spec.containers.resources.requests.memory.

The Kubernetes Operator calculates and sets parameters for Java heap size based on the container’s memory.

Limit this value to less than 32 GB

Setting this value to a value greater than 32 GB (32Gi) can cause issues with the backup service. Excessive heaps can cause unpredictable results in Ops Manager.