This version of the documentation is archived and no longer supported, and the MongoDB Enterprise Kubernetes Operator is deprecated. The new MongoDB Controllers for Kubernetes Operator replaces the MongoDB Enterprise Kubernetes Operator. The first version of the Controllers for Kubernetes Operator is functionally equivalent to the last version of the Enterprise Kubernetes Operator, v1.33. For more information about this change, and guidance on migrating to the new Operator, see the release notes for the first new version. There will be no future releases of the MongoDB Enterprise Kubernetes Operator. Each version will reach end of life according to the existing one year support policy. Please migrate to the Controllers for Kubernetes Operator for continued support.
启用 HTTPS
Kubernetes 操作符 支持将 Ops Manager 配置为通过HTTPS 运行。
在部署 Ops Manager 资源之前启用 HTTPS ,以避免 Kubernetes Operator 将资源状态报告为 Failed 。
启用 TLS
Kubernetes Operator 支持TLS加密。 在 MongoDB 部署中使用TLS ,通过网络加密数据。
以下示例中的配置为副本集启用TLS 。 启用TLS后,副本集成员与客户端之间的所有流量都使用TLS证书进行加密。
要了解有关使用TLS保护 MongoDB 部署的更多信息,请参阅部署副本集。
默认TLS模式为requireTLS 。 您可以使用spec.additionalMongodConfig.net.ssl.mode配置参数进行自定义,如以下简短示例所示。
1 apiVersion: mongodb.com/v1 2 kind: MongoDB 3 metadata: 4 name: my-tls-enabled-rs 5 spec: 6 type: ReplicaSet 7 members: 3 8 version: 6.0.0-ent 9 10 opsManager: 11 configMapRef: 12 name: my-project 13 credentials: my-credentials 14 15 security: 16 tls: 17 enabled: true 18 ca: <custom-ca> 19 20 ... 21 additionalMongodConfig: 22 net: 23 ssl: 24 mode: "preferSSL"
请参阅 TLS 示例目录中的 replica-set.yaml 中的完整 TLS 配置示例。此目录还包含适用于分片的集群和独立运行运行部署的 TLS 配置示例。