Navigation
  • Reference >
  • MongoDB Database Resource Specification

MongoDB Database Resource Specification

Cloud Manager and Ops Manager 4.0.11 Support MongoDB Resources

You can use the Kubernetes Operator to deploy MongoDB resources with Ops Manager version 4.0.11 or later and Cloud Manager. At any place in this guide that says Ops Manager, you can substitute Cloud Manager.

The MongoDB Enterprise Kubernetes Operator creates Kubernetes StatefulSets from specification files that you wrote.

MongoDB resources are created in Kubernetes as custom resources. After you create or update a MongoDB Kubernetes resource specification, you direct MongoDB Enterprise Kubernetes Operator to apply this specification to your Kubernetes environment. Kubernetes Operator creates the defined StatefulSets, services and other Kubernetes resources. After the Operator finishes creating those objects, it updates the Ops Manager deployment configuration to reflect changes.

Deployment Type StatefulSets Size of StatefulSet
Standalone 1 1 pod
Replica Set 1 1 pod per member
Sharded Cluster <numberOfShards> + 2 1 pod per mongos, shard, or config server member

Each MongoDB Kubernetes resource uses an object specification in YAML to define the characteristics and settings of the MongoDB object: standalone, replica set, and sharded cluster.

Common Resource Settings

Every resource type must use the following settings:

Required

apiVersion

Type: string

Version of the MongoDB Kubernetes resource schema.

kind

Type: string

Kind of MongoDB Kubernetes resource to create. Set this to MongoDB

metadata.name

Type: string

Name of the MongoDB Kubernetes resource you are creating.

Resource names must be 44 characters or less.

spec.credentials

Type: string

Required. Name of the Kubernetes secret you created as Ops Manager API authentication credentials for the Kubernetes Operator to communicate with Cloud Manager or Ops Manager.

Value must use namespace and name of Secret

This value must match the namespace in which you created the secret and the name value you provided for your Ops Manager Kubernetes Secret.

Operator manages changes to the Secret

The Kubernetes Operator tracks any changes to the Secret and reconciles the state of the MongoDB Kubernetes resource.

spec.persistent

Type: boolean

Default: True

Warning

Your containers must have permissions to write to your Persistent Volume. The Kubernetes Operator sets fsGroup = 2000 in securityContext This makes Kubernetes try to fix write permissions for the Persistent Volume. If redeploying the deployment item does not fix issues with your Persistent Volumes, contact MongoDB Support.

Note

If you do not use Persistent Volumes, the Disk Usage and Disk IOPS charts cannot be displayed in either the Processes tab on the Deployment page or in the Metrics page when reviewing the data for this deployment.

spec.type

Type: string

Type of MongoDB Kubernetes resource to create. Accepted values are:

  • Standalone
  • ReplicaSet
  • ShardedCluster
spec.version

Type: number

Version of MongoDB that is installed on this MongoDB Kubernetes resource.

Important

Ensure that you choose a compatible MongoDB Server version.

Compatible versions differ depending on the base image that the MongoDB database resource uses.

Note

If you update this value to a later version, consider setting spec.featureCompatibilityVersion to give yourself the option to downgrade if necessary.

Conditional

Every resource must use one of the following settings:

spec.opsManager.configMapRef.name

Type: string

Name of the ConfigMap with the Cloud Manager or Ops Manager connection configuration. The spec.cloudManager.configMapRef.name setting is an alias for this setting and can be used in its place.

Value must match namespace and name of ConfigMap

This value must match the namespace in which you created the Ops Manager project ConfigMap.

Operator manages changes to the ConfigMap

The Kubernetes Operator tracks any changes to the ConfigMap and reconciles the state of the MongoDB Kubernetes resource.

(Changed in version 1.3):

In prior versions of the MongoDB Enterprise Kubernetes Operator, this setting was spec.project. See the v1.2 documentation for information on the previous setting name.

spec.cloudManager.configMapRef.name

Type: string

Alias for spec.opsManager.configMapRef.name.

Optional

Every resource type may use the following settings:

metadata.namespace

Type: string

Kubernetes namespace where this MongoDB Kubernetes resource and other objects are created.

spec.featureCompatibilityVersion

Type: string

Limits changes to data that occur with an upgrade to a new major version. This allows you to downgrade to the previous major version. To learn more about feature compatibility, see setFeatureCompatibilityVersion in the MongoDB Manual.

spec.clusterDomain

Type: string

Default: cluster.local

Domain name of the Kubernetes cluster where you deploy the Operator. When Kubernetes creates a StatefulSet, the Kubernetes assigns each pod a FQDN. To update Cloud Manager or Ops Manager, the Kubernetes Operator calculates the FQDN for each pod using a provided cluster name. Kubernetes doesn’t provide an API to query these hostnames.

Warning

You must set spec.clusterDomain if your Kubernetes cluster has a default domain other than the default cluster.local. If you neither use the default nor set the spec.clusterDomain option, the Kubernetes Operator might not function as expected.

spec.clusterName

Type: string

Default: cluster.local

spec.clusterName is Deprecated

Use spec.clusterDomain instead.

Domain name of the Kubernetes cluster where you deploy the Operator. When Kubernetes creates a StatefulSet, the Kubernetes assigns each pod a FQDN. To update Cloud Manager or Ops Manager, the Kubernetes Operator calculates the FQDN for each pod using a provided cluster name. Kubernetes doesn’t provide an API to query these hostnames.

Warning

You must set spec.clusterDomain if your Kubernetes cluster has a default domain other than the default cluster.local. If you neither use the default nor set the spec.clusterDomain option, the Kubernetes Operator might not function as expected.

spec.service

Type: string

Default: <resource_name>+”-svc” and <resource_name>+”-svc-external”

Name of Kubernetes service to be created or used for a StatefulSet. If the service with this name already exists, the MongoDB Enterprise Kubernetes Operator does not delete or recreate it. This setting lets users to create their custom services and lets the Operator reuse them.

spec.logLevel

Type: string

Default: INFO

Configures the level of Automation Agent logging inside the pod. Accepted values include:

  • DEBUG
  • INFO
  • WARN
  • ERROR
  • FATAL
spec.security.authentication.ignoreUnknownUsers

Type: boolean

Default: false

Determines whether you can modify database users that were not configured through the Kubernetes Operator or the Cloud Manager or Ops Manager UI.

To manage database users directly through the mongod or mongos, set to true.

Deployment-Specific Resource Settings

Other settings you can and must use in a MongoDB Kubernetes resource specification depend upon which MongoDB deployment item you want to create:

Standalone Settings

Note

All of the Standalone Settings also apply to replica set resources.

spec.additionalMongodConfig

Type: collection

Additional configuration options with which you want to start MongoDB processes.

The Kubernetes Operator supports all configuration options that the MongoDB version you deploy supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:

To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.

To see which configuration options you can use, see Configuration File Options in the MongoDB Manual for the MongoDB versions you deploy with the Kubernetes Operator.

spec.agent

Type: collection

MongoDB Agent configuration settings for the MongoDB database resource.

spec.agent.startupOptions

Type: collection

MongoDB Agent settings with which you want to start the MongoDB database resource.

You must provide MongoDB Agent settings as key-value pairs. The values must be strings.

For a list of supported MongoDB Agent settings, see:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: my-standalone
spec:
  version: 4.4.0-ent
  service: my-service

  opsManager:
    configMapRef:
      name: my-project
  credentials: my-credentials
  type: Standalone

  persistent: true
  agent:
    startupOptions:
      maxLogFiles: "30"
      dialTimeoutSeconds: "40"
...
spec.exposedExternally

Type: boolean

Default: false

Determines whether the MongoDB deployment is exposed outside of the Kubernetes cluster. This results in Kubernetes creating a NodePort service.

spec.podSpec.cpu

Type: string

Maximum CPU capacity that must be available on a Kubernetes node to host this standalone database MongoDB Kubernetes resource.

This value maps to the limits field for CPU for the created pod.

spec.podSpec.cpuRequests

Type: string

Minimum CPU capacity for the node being created to host this standalone database MongoDB Kubernetes resource. If omitted, this value is set to spec.podSpec.cpu.

This value maps to the requests field for CPU for the created pod.

The requested value must be less than or equal to spec.podSpec.cpu.

Note

For production deployments, MongoDB recommends setting this value to 2. This value is consistent with considerations stated for MongoDB hosts.

spec.podSpec.memory

Type: string

Maximum memory capacity that must be available on a Kubernetes node to host this MongoDB Kubernetes resource on Kubernetes. This value is expressed as an integer followed by a unit of memory in JEDEC notation.

Example

If this MongoDB Kubernetes resource requires 4 gigabytes of memory, set this value to 4Gi.

This value maps to the limits field for memory for the created pod.

Important

If you have not set spec.podSpec.memory or spec.podSpec.memoryRequests:

  • Monitoring tools report incorrect available memory capacity.
  • The WiredTiger cache cannot be calculated correctly. This impacts cluster performance.
spec.podSpec.memoryRequests

Type: string

Minimum memory capacity for the node being created to host this standalone database MongoDB Kubernetes resource. If omitted, this value is set to spec.podSpec.memory.

This value maps to the requests field for memory for the created pod.

The requested value must be less than or equal to spec.podSpec.memory.

Note

For production deployments, MongoDB recommends setting this value to 16Gi. This value is consistent with considerations stated for MongoDB hosts.

spec.podSpec.nodeAffinity

Type: Struct

Kubernetes rule to place standalone database pods on a specific range of nodes.

Example

A user can isolate “dev” and “testing” environments to ensure pods go to nodes with appropriate labels.

spec.podSpec.persistence.single

Type: collection

Has Kubernetes Operator create one Persistent Volume Claim and mount all three directories for data, journal, and logs to the same Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.multiple collections but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 16Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.podSpec.persistence.multiple.data

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for data to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this standalone deployment on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 16Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this standalone deployment. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.podSpec.persistence.multiple.journal

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for journal to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this standalone deployment on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 1Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this standalone deployment. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.podSpec.persistence.multiple.logs

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for logs to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this standalone deployment on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 3Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this standalone deployment. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.podSpec.podAffinity

Type: Struct

Kubernetes rule to determine if multiple MongoDB Kubernetes resource pods must be co-located with other pods.

See also

The Kubernetes documentation for use cases on affinity and anti-affinity

spec.podSpec.podTemplate

Type: collection

Template for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the MongoDB database resources.

Template values take precedence over values specified in spec.podSpec.

Note

The Kubernetes Operator doesn’t validate the fields you provide in spec.podSpec.podTemplate.

spec.podSpec.podTemplate.metadata

Type: collection

Metadata for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the MongoDB database resources.

To review which fields you can add to spec.podSpec.podTemplate.metadata, see the Kubernetes documentation.

spec.podSpec.podTemplate.spec

Type: collection

Specifications of the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the MongoDB database resources.

To review which fields you can add to spec.podSpec.podTemplate.spec, see the Kubernetes documentation.

Note

When you add containers to spec.podSpec.podTemplate.spec.containers, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the MongoDB database resources containers in the pod.

Replica Set Settings

Note

All of the Standalone Settings also apply to replica set resources.

The following settings only apply to replica set resource types:

spec.members

Type: integer

Required. Number of Members of the Replica Set.

spec.podSpec.podAntiAffinityTopologyKey

Type: string

Default: kubernetes.io/hostname

Sets a rule to spread MongoDB Kubernetes resource pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.

spec.connectivity.replicaSetHorizons

Type: collection

Allows you to provide different DNS settings for client applications and the MongoDB Agents. The Kubernetes Operator uses split horizon DNS for replica set members. This feature allows communication both within the Kubernetes cluster and from outside Kubernetes.

You may add multiple external mappings per host.

Split Horizon Requirements

Example

In this example, the replica set members communicate amongst themselves on the example-localhost horizon. Clients communicate with the replica set using the example-website horizon.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: <my-replica-set>
spec:
  members: 3
  version: 4.2.2-ent
  type: ReplicaSet
  opsManager:
    configMapRef:
      name: <configMap.metadata.name>
  credentials: <mycredentials>
  persistent: true
15
16
17
18
19
20
21
22
23
  security:
    tls:
      enabled: true
  connectivity:
    replicaSetHorizons:
      - "example-website": "web1.example.com:30907"
      - "example-website": "web2.example.com:32350"
      - "example-website": "web3.example.com:31185"
...

Sharded Cluster Settings

The following settings only apply to sharded cluster resource types:

spec.exposedExternally

Type: boolean

Default: false

Determines whether the MongoDB deployment is exposed outside of the Kubernetes cluster. This results in Kubernetes creating a NodePort service.

spec.configServerCount

Type: integer

Required. Number of Members in the Config Server.

spec.configSrv.additionalMongodConfig

Type: collection

Additional configuration options with which you want to start config servers.

The Kubernetes Operator supports all configuration options that the MongoDB version you deploy supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:

To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.

To see which configuration options you can use, see Configuration File Options in the MongoDB Manual for the MongoDB versions you deploy with the Kubernetes Operator.

spec.configSrv.agent

Type: collection

MongoDB Agent configuration settings for the config servers.

spec.configSrv.agent.startupOptions

Type: collection

MongoDB Agent settings with which you want to start the config servers.

You must provide MongoDB Agent settings as key-value pairs. The values must be strings.

For a list of supported MongoDB Agent settings, see:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: my-sharded-cluster-options
spec:
  version: 4.4.0-ent
  type: ShardedCluster
  opsManager:
    configMapRef:
      name: my-project
  credentials: my-credentials
  persistent: true
  shardCount: 2
  mongodsPerShardCount: 3
  mongosCount: 2
  configServerCount: 1

  mongos:
    agent:
      startupOptions:
        maxLogFiles: "30"

  configSrv:
     agent:
       startupOptions:
         dialTimeoutSeconds: "40"
  shard:
     agent:
       startupOptions:
         serverSelectionTimeoutSeconds: "20"
...
spec.configSrvPodSpec.cpu

Type: number

Maximum CPU capacity that must be available on a Kubernetes node to host this sharded cluster config server member MongoDB Kubernetes resource.

This value maps to the limits field for CPU for the created pod.

spec.configSrvPodSpec.cpuRequests

Type: string

Minimum CPU capacity for the node being created to host this sharded cluster config server member MongoDB Kubernetes resource. If omitted, this value is set to spec.configSrvPodSpec.cpu.

This value maps to the requests field for CPU for the created pod.

The requested value must be less than or equal to spec.configSrvPodSpec.cpu.

Note

For production deployments, MongoDB recommends setting this value to 2. This value is consistent with considerations stated for MongoDB hosts.

spec.configSrvPodSpec.memory

Type: string

Maximum memory capacity that must be available on a Kubernetes node to host this MongoDB Kubernetes resource on Kubernetes. This value is expressed as an integer followed by a unit of memory in JEDEC notation.

Example

If this MongoDB Kubernetes resource requires 4 gigabytes of memory, set this value to 4Gi.

This value maps to the limits field for memory for the created pod.

Important

If you have not set spec.configSrvPodSpec.memory or spec.configSrvPodSpec.memoryRequests:

  • Monitoring tools report incorrect available memory capacity.
  • The WiredTiger cache cannot be calculated correctly. This impacts cluster performance.
spec.configSrvPodSpec.memoryRequests

Type: string

Minimum memory capacity for the node being created to host this standalone database MongoDB Kubernetes resource. If omitted, this value is set to spec.podSpec.memory.

This value maps to the requests field for memory for the created pod.

The requested value must be less than or equal to spec.podSpec.memory.

Note

For production deployments, MongoDB recommends setting this value to 16Gi. This value is consistent with considerations stated for MongoDB hosts.

spec.configSrvPodSpec.persistence.single

Type: collection

Has Kubernetes Operator create one Persistent Volume Claim and mount all three directories for data, journal, and logs to the same Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.multiple collections but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 5Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.configSrvPodSpec.persistence.multiple.data

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for data to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this sharded cluster config server member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 16Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this sharded cluster config server member. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.configSrvPodSpec.persistence.multiple.journal

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for journal to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this sharded cluster config server member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 1Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this sharded cluster config server member. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.configSrvPodSpec.persistence.multiple.logs

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for logs to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this sharded cluster config server member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 3Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this sharded cluster config server member. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.configSrvPodSpec.nodeAffinity

Type: collection

Kubernetes rule to place sharded cluster config server member pods on a specific range of nodes.

Example

A user can isolate “dev” and “testing” environments to ensure pods go to nodes with appropriate labels.

spec.configSrvPodSpec.podAffinity

Type: collection

Kubernetes rule to determine if multiple MongoDB Kubernetes resource pods must be co-located with other pods.

See also

The Kubernetes documentation for use cases on affinity and anti-affinity

spec.configSrvPodSpec.podAntiAffinityTopologyKey

Type: string

Default: kubernetes.io/hostname

Sets a rule to spread MongoDB Kubernetes resource pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.

spec.configSrvPodSpec.podTemplate

Type: collection

Template for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the config servers.

Template values take precedence over values specified in spec.configSrvPodSpec.

Note

The Kubernetes Operator doesn’t validate the fields you provide in spec.configSrvPodSpec.podTemplate.

spec.configSrvPodSpec.podTemplate.metadata

Type: collection

Metadata for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the config servers.

To review which fields you can add to spec.configSrvPodSpec.podTemplate.metadata, see the Kubernetes documentation.

spec.configSrvPodSpec.podTemplate.spec

Type: collection

Specifications of the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the config servers.

To review which fields you can add to spec.configSrvPodSpec.podTemplate.spec, see the Kubernetes documentation.

Note

When you add containers to spec.configSrvPodSpec.podTemplate.spec.containers, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the config servers containers in the pod.

spec.mongodsPerShardCount

Type: integer

Required. Number of Members per Shard.

spec.mongosCount

Type: integer

Required. Number of Shard Routers.

spec.mongos.additionalMongodConfig

Type: collection

Additional configuration options with which you want to start mongos instances.

The Kubernetes Operator supports all configuration options that the MongoDB version you deploy supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:

To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.

To see which configuration options you can use, see Configuration File Options in the MongoDB Manual for the MongoDB versions you deploy with the Kubernetes Operator.

spec.mongos.agent

Type: collection

MongoDB Agent configuration settings for the mongos.

spec.mongos.agent.startupOptions

Type: collection

MongoDB Agent settings with which you want to start the mongos.

You must provide MongoDB Agent settings as key-value pairs. The values must be strings.

For a list of supported MongoDB Agent settings, see:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: my-sharded-cluster-options
spec:
  version: 4.4.0-ent
  type: ShardedCluster
  opsManager:
    configMapRef:
      name: my-project
  credentials: my-credentials
  persistent: true
  shardCount: 2
  mongodsPerShardCount: 3
  mongosCount: 2
  configServerCount: 1

  mongos:
    agent:
      startupOptions:
        maxLogFiles: "30"

  configSrv:
     agent:
       startupOptions:
         dialTimeoutSeconds: "40"
  shard:
     agent:
       startupOptions:
         serverSelectionTimeoutSeconds: "20"
...
spec.mongosPodSpec.cpu

Type: number

Maximum CPU capacity that must be available on a Kubernetes node to host this sharded cluster shard member MongoDB Kubernetes resource.

This value maps to the limits field for CPU for the created pod.

spec.mongosPodSpec.cpuRequests

Type: string

Minimum CPU capacity for the node being created to host this standalone database MongoDB Kubernetes resource. If omitted, this value is set to spec.mongosPodSpec.cpu.

This value maps to the requests field for CPU for the created pod.

The requested value must be less than or equal to spec.mongosPodSpec.cpu.

Note

For production deployments, MongoDB recommends setting this value to 2. This value is consistent with considerations stated for MongoDB hosts.

spec.mongosPodSpec.memory

Type: string

Maximum memory capacity that must be available on a Kubernetes node to host this MongoDB Kubernetes resource on Kubernetes. This value is expressed as an integer followed by a unit of memory in JEDEC notation.

Example

If this MongoDB Kubernetes resource requires 4 gigabytes of memory, set this value to 4Gi.

This value maps to the limits field for memory for the created pod.

Important

If you have not set spec.mongosPodSpec.memory or spec.mongosPodSpec.memoryRequests:

  • Monitoring tools report incorrect available memory capacity.
  • The WiredTiger cache cannot be calculated correctly. This impacts cluster performance.
spec.mongosPodSpec.memoryRequests

Type: string

Minimum memory capacity for the node being created to host this sharded cluster shard member MongoDB Kubernetes resource. If omitted, this value is set to spec.podSpec.memory.

This value maps to the requests field for memory for the created pod.

The requested value must be less than or equal to spec.podSpec.memory.

Note

For production deployments, MongoDB recommends setting this value to 16Gi. This value is consistent with considerations stated for MongoDB hosts.

spec.mongosPodSpec.nodeAffinity

Type: collection

Optional. Kubernetes rule to determine if multiple MongoDB Kubernetes resource nodes must be co-located with other nodes.

spec.mongosPodSpec.podAffinity

Type: collection

Optional. Kubernetes rule to determine if multiple MongoDB Kubernetes resource pods must be co-located with other pods.

spec.mongosPodSpec.podAntiAffinityTopologyKey

Type: string

Default: kubernetes.io/hostname

Sets a rule to spread MongoDB Kubernetes resource pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.

spec.mongosPodSpec.podTemplate

Type: collection

Template for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the mongos instances.

Template values take precedence over values specified in spec.mongosPodSpec.

Note

The Kubernetes Operator doesn’t validate the fields you provide in spec.mongosPodSpec.podTemplate.

spec.mongosPodSpec.podTemplate.metadata

Type: collection

Metadata for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the mongos instances.

To review which fields you can add to spec.mongosPodSpec.podTemplate.metadata, see the Kubernetes documentation.

spec.mongosPodSpec.podTemplate.spec

Type: collection

Specifications of the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the mongos instances.

To review which fields you can add to spec.mongosPodSpec.podTemplate.spec, see the Kubernetes documentation.

Note

When you add containers to spec.mongosPodSpec.podTemplate.spec.containers, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the mongos instances containers in the pod.

spec.shardCount

Type: integer

Required. Number of Shards in the Sharded Cluster.

spec.shard.additionalMongodConfig

Type: collection

Additional configuration options with which you want to start MongoDB processes.

The Kubernetes Operator supports all configuration options that the MongoDB version you deploy supports, except that the Kubernetes Operator overrides values that you provide for any of the following options:

To learn more about the configuration options that the Kubernetes Operator owns, see MongoDB Kubernetes Operator Exclusive Settings.

To see which configuration options you can use, see Configuration File Options in the MongoDB Manual for the MongoDB versions you deploy with the Kubernetes Operator.

spec.shard.agent

Type: collection

MongoDB Agent configuration settings for the shards.

spec.shard.agent.startupOptions

Type: collection

MongoDB Agent settings with which you want to start the shards.

You must provide MongoDB Agent settings as key-value pairs. The values must be strings.

For a list of supported MongoDB Agent settings, see:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: my-sharded-cluster-options
spec:
  version: 4.4.0-ent
  type: ShardedCluster
  opsManager:
    configMapRef:
      name: my-project
  credentials: my-credentials
  persistent: true
  shardCount: 2
  mongodsPerShardCount: 3
  mongosCount: 2
  configServerCount: 1

  mongos:
    agent:
      startupOptions:
        maxLogFiles: "30"

  configSrv:
     agent:
       startupOptions:
         dialTimeoutSeconds: "40"
  shard:
     agent:
       startupOptions:
         serverSelectionTimeoutSeconds: "20"
...
spec.shardPodSpec.cpu

Type: number

Maximum CPU capacity that must be available on a Kubernetes node to host this sharded cluster shard member MongoDB Kubernetes resource.

This value maps to the limits field for CPU for the created pod.

spec.shardPodSpec.cpuRequests

Type: string

Minimum CPU capacity for the node being created to host this sharded cluster shard member MongoDB Kubernetes resource. If omitted, this value is set to spec.shardPodSpec.cpu.

This value maps to the requests field for CPU for the created pod.

The requested value must be less than or equal to spec.shardPodSpec.cpu.

Note

For production deployments, MongoDB recommends setting this value to 2. This value is consistent with considerations stated for MongoDB hosts.

spec.shardPodSpec.memory

Type: string

Maximum memory capacity that must be available on a Kubernetes node to host this MongoDB Kubernetes resource on Kubernetes. This value is expressed as an integer followed by a unit of memory in JEDEC notation.

Example

If this MongoDB Kubernetes resource requires 4 gigabytes of memory, set this value to 4Gi.

This value maps to the limits field for memory for the created pod.

Important

If you have not set spec.shardPodSpec.memory or spec.shardPodSpec.memoryRequests:

  • Monitoring tools report incorrect available memory capacity.
  • The WiredTiger cache cannot be calculated correctly. This impacts cluster performance.
spec.shardPodSpec.memoryRequests

Type: string

Minimum memory capacity for the node being created to host this sharded cluster shard member MongoDB Kubernetes resource. If omitted, this value is set to spec.podSpec.memory.

This value maps to the requests field for memory for the created pod.

The requested value must be less than or equal to spec.podSpec.memory.

Note

For production deployments, MongoDB recommends setting this value to 16Gi. This value is consistent with considerations stated for MongoDB hosts.

spec.shardPodSpec.nodeAffinity

Type: string

Kubernetes rule to place shard pods on a specific range of nodes.

Example

A user can isolate “dev” and “testing” environments to ensure pods go to nodes with appropriate labels.

spec.shardPodSpec.persistence.single

Type: collection

Has Kubernetes Operator create one Persistent Volume Claim and mount all three directories for data, journal, and logs to the same Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.multiple collections but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 16Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.shardPodSpec.persistence.multiple.data

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for data to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this sharded cluster shard member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 16Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this sharded cluster shard member. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.shardPodSpec.persistence.multiple.journal

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for journal to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this sharded cluster shard member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 1Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this sharded cluster shard member. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.shardPodSpec.persistence.multiple.logs

Type: collection

Has Kubernetes Operator create a Persistent Volume Claim and mount a directory for logs to its own Persistent Volume.

Note

  • You must set the values in this collection if spec.persistent : true.
  • You may set this collection or the persistence.single collection but not both.
Scalar Data Type Description
labelSelector string Tag used to bind mounted volumes to directories.
storage string

Minimum storage capacity that must be available on a Kubernetes node to host this sharded cluster shard member on Kubernetes. This value is expressed as an integer followed by a unit of storage in JEDEC notation.

Default value is 3Gi.

Example

If this MongoDB Kubernetes resource requires 60 gigabytes of storage space, set this value to 60Gi.

storageClass string

Type of storage needed for this sharded cluster shard member. You may create this storage type as a StorageClass object before using it in this object specification.

Note

Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.shardPodSpec.podAffinity

Type: string

Kubernetes rule to determine if multiple MongoDB Kubernetes resource pods must be co-located with other pods.

See also

The Kubernetes documentation for use cases on affinity and anti-affinity

spec.shardPodSpec.podAntiAffinityTopologyKey

Type: string

Default: kubernetes.io/hostname

Sets a rule to spread MongoDB Kubernetes resource pods to different locations. A location can be a single node, rack, or region. This key defines which node label is used to determine equal location for nodes. By default, Kubernetes Operator tries to spread pods across different hosts.

spec.shardPodSpec.podTemplate

Type: collection

Template for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the MongoDB database resources.

Template values take precedence over values specified in spec.shardPodSpec.

Note

The Kubernetes Operator doesn’t validate the fields you provide in spec.shardPodSpec.podTemplate.

spec.shardPodSpec.podTemplate.metadata

Type: collection

Metadata for the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the MongoDB database resources.

To review which fields you can add to spec.shardPodSpec.podTemplate.metadata, see the Kubernetes documentation.

spec.shardPodSpec.podTemplate.spec

Type: collection

Specifications of the Kubernetes pods that the MongoDB Enterprise Kubernetes Operator creates for the MongoDB database resources.

To review which fields you can add to spec.shardPodSpec.podTemplate.spec, see the Kubernetes documentation.

Note

When you add containers to spec.shardPodSpec.podTemplate.spec.containers, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the MongoDB database resources containers in the pod.

Security Settings

The following security settings only apply to replica set and sharded cluster resource types:

spec.security.tls.enabled

Type: boolean

Default: false

Encrypts communications using TLS certificates between:

  • MongoDB hosts in a replica set or sharded cluster configuration
  • Clients (mongo shell, drivers, MongoDB Compass, and others) and the MongoDB deployment

By default, net.ssl.mode is set to requireSSL. To change the TLS mode used for client and database connections, see spec.additionalMongodConfig.net.ssl.mode.

spec.security.tls.ca

Type: string

Provide the name of the secret that stores the CA.

spec.security.tls.additionalCertificateDomains

Type: boolean

List of every domain that should be added to TLS certificates to each pod in this deployment. When you set this parameter, every CSR that the Kubernetes Operator transforms into a TLS certificate includes a SAN in the form <pod name>.<additional cert domain>.

Replica set resources don’t need this parameter. Use spec.connectivity.replicaSetHorizons instead.

Note

If you add this parameter to a TLS-enabled resource, Kubernetes displays an error when the resource reaches the Pending state. This error displays: Please manually remove the |csr| in order to proceed. To remedy this issue:

  1. Remove any existing CSRs so that Kubernetes can generate new CSRs. To learn how to delete a resource, see the deleting resources in the Kubernetes documentation.
  2. Approve the CSRs after Kubernetes generates them.
spec.additionalMongodConfig.net.ssl.mode

Type: string

Default: requireSSL

Specifies which sslMode is used for network connections. The following are valid options:

Value Description
allowSSL Connections between servers do not use TLS. For incoming connections, the server accepts both TLS and non-TLS.
preferSSL Connections between servers use TLS. For incoming connections, the server accepts both TLS and non-TLS.
requireSSL The server uses and accepts only TLS encrypted connections.
spec.security.authentication

Type: collection

Authentication specifications for your MongoDB deployment.

spec.security.authentication.enabled

Type: boolean

Default: false

Specifies whether authentication is enabled on the Cloud Manager or Ops Manager project. If true, you must set an authentication mechanism in spec.security.authentication.modes.

Important

The Kubernetes Operator manages authentication for this MongoDB resource if you include this setting, even if it is set to false. You can’t configure authentication for this resource using the Cloud Manager or Ops Manager UI or APIs while this setting exists in the resource specification.

Omit this setting if you want to manage authentication using the Cloud Manager or Ops Manager UI or APIs.

spec.security.authentication.modes

Type: array

Specifies the authentication mechanism that your MongoDB deployment uses. Valid values are SCRAM, X509, and LDAP.

X.509 Internal Cluster Authentication

To enable X.509 internal cluster authentication for the Cloud Manager or Ops Manager project, set this value to ["X509"] and specify the following settings:

If you provide more than one value for spec.security.authentication.modes, you must also specify a value for spec.security.authentication.agent.mode.

spec.security.authentication.internalCluster

Type: string

Specifies whether X.509 internal cluster authentication is enabled.

To enable X.509 internal cluster authentication, set to "X509". Requires that the following settings be specified:

Important

Once internal cluster authentication is enabled, it can not be disabled.

(Changed in version 1.3):

In prior versions of the MongoDB Enterprise Kubernetes Operator, this setting was spec.security.clusterAuthenticationMode. See the v1.2 documentation for information on the previous setting name.

spec.security.authentication.requireClientTLSAuthentication

Type: boolean

Default: false

Specifies whether the MongoDB host requires clients to connect using a TLS certificate. If true, you must:

spec.security.authentication.ldap

Type: collection

Required for LDAP authentication.

Configures LDAP authentication for the Cloud Manager or Ops Manager project. To enable LDAP authentication, set spec.security.authentication.modes to ["LDAP"].

spec.security.authentication.ldap.servers

Type: array of strings

Required for LDAP authentication.

List of hostnames and ports of the LDAP servers. Specify hostnames with their respective ports in the following format:

spec:
  security:
    authentication:
      ldap:
        servers:
          - "<hostname1>:<port1>"
          - "<hostname2>:<port2>"
spec.security.authentication.ldap.transportSecurity

Type: string

Required for LDAP authentication.

Specifies whether the LDAP server accepts TLS.

If the LDAP server accepts TLS, set to tls. If the LDAP server doesn’t accept TLS, leave this value blank.

spec.security.authentication.ldap.caConfigMapRef

Type: collection

Required for LDAP authentication with TLS.

ConfigMap that contains a CA which validates the LDAP server’s TLS certificate.

spec.security.authentication.ldap.caConfigMapRef.name

Type: string

Required for LDAP authentication with TLS.

Name of the ConfigMap that contains a CA which validates the LDAP server’s TLS certificate.

spec.security.authentication.ldap.caConfigMapRef.key

Type: string

Required for LDAP authentication with TLS.

Field name that stores the CA which validates the LDAP server’s TLS certificate.

spec.security.authentication.ldap.bindQueryUser

Type: string

Required for LDAP authentication.

LDAP Distinguished Name to which MongoDB binds when connecting to the LDAP server.

spec.security.authentication.ldap.bindQueryPasswordSecretRef

Type: collection

Required for LDAP authentication.

Specifies the secret that contains the password with which MongoDB binds when connecting to the LDAP server.

spec.security.authentication.ldap.bindQueryPasswordSecretRef.name

Type: string

Required for LDAP authentication.

Name of the secret that contains the password with which MongoDB binds when connecting to the LDAP server.

The secret must contain only one password field which stores the password.

spec.security.authentication.ldap.authzQueryTemplate

Type: string

Required for LDAP authorization.

An RFC4515 and RFC4516 LDAP-formatted query URL template executed by MongoDB to obtain the LDAP groups that the user belongs to. The query is relative to the host or hosts specified in spec.security.authentication.ldap.servers. You can use the following tokens in the template:

  • {USER}
    Substitutes the authenticated username, or the transformed username, into the LDAP query.
  • {PROVIDED_USER}
    Substitutes the supplied username, before either authentication or LDAP transformation, into the LDAP query. (Available starting in MongoDB version 4.2)

See also

LDAP Query Templates in the MongoDB Manual

spec.security.authentication.ldap.automationLdapGroupDN

Type: string

The Distinguished Name (DN) of the LDAP group to which the MongoDB Agent user belongs.

This setting is required if:

spec.security.authentication.ldap.userToDNMapping

Type: string

Maps the username provided to mongod or mongos for authentication to a LDAP Distinguished Name (DN).

See also

security.ldap.userToDNMapping in the MongoDB Manual

spec.security.authentication.agents

Type: collection

MongoDB Agent authentication configuration for the Cloud Manager or Ops Manager project.

spec.security.authentication.agents.mode

Type: string

The authentication mechanism that the MongoDB Agents for your MongoDB deployment use. Valid values are SCRAM, X509, and LDAP. The value you specify must also be present in spec.security.authentication.modes.

This setting is required if you specified more than one value for spec.security.authentication.modes.

spec.security.authentication.agents.automationUserName

Type: string

Name of the user the that MongoDB Agents use to interact with your MongoDB deployment. The username is mapped to an LDAP Distinguished Name (DN) according to spec.security.authentication.ldap.userToDNMapping. The resulting DN must already exist in your LDAP deployment.

This setting is required if spec.security.authentication.agents.mode is LDAP.

spec.security.authentication.agents.automationPasswordSecretRef

Type: collection

Details of the secret that contains the password for the spec.security.authentication.agents.automationUserName user.

This setting is required if spec.security.authentication.agents.mode is LDAP.

spec.security.authentication.agents.automationPasswordSecretRef.name

Type: string

Name of the secret that contains the password for the spec.security.authentication.agents.automationUserName user. You must create this secret in the same namespace to which you deploy the Kubernetes Operator:

kubectl create secret generic ldap-agent-user \
--from-literal="password=<password>" -n <namespace>

This secret must contain one key, the value of which matches the password of the spec.security.authentication.agents.automationUserName user in your LDAP deployment.

This setting is required if spec.security.authentication.agents.mode is LDAP.

spec.security.authentication.agents.automationPasswordSecretRef.key

Type: string

Key in the spec.security.authentication.agents.automationPasswordSecretRef.name secret that contains the password for the user in spec.security.authentication.agents.automationUserName.

This setting is required if spec.security.authentication.agents.mode is LDAP.

spec.security.authentication.agents.clientCertificateSecretRef.name

Type: string

Specifies the secret that contains the MongoDB Agent’s TLS certificate.

You must create this secret in the same namespace to which you deploy the Kubernetes Operator:

kubectl create secret generic agent-cert \
--from-file=mms-automation-agent-pem=agent-cert.pem -n <namespace>

This secret must contain a mms-automation-agent-pem key, the value of which is a TLS certificate that can be validated by the server.

This setting is required if spec.security.authentication.requireClientTLSAuthentication is true.

spec.security.roles

Type: array

Array that defines User-defined roles that give you fine-grained access control over your MongoDB deployment.

To enable user-defined roles, the spec.security.authentication.enabled must be true.

Example

In this example, a user-defined role named customRole allows users assigned this role to:

  • Insert documents into the cats collection in the pets database, and
  • Find and insert documents into the dogs collection in the pets database.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: <my-replica-set>
spec:
  members: 3
  version: 4.2.2-ent
  type: ReplicaSet
  opsManager:
    configMapRef:
      name: <configMap.metadata.name>
  credentials: <mycredentials>
  persistent: true
  security:
    authentication:
      enabled: true
      modes:
        - "SCRAM"
    roles:
      - role: "customRole"
        db: admin    
        privileges:
        - actions:
          - insert
          resource:
            collection: cats
            db: pets
        - actions:
          - insert
          - find
          resource:
            collection: dogs
            db: pets
...
spec.security.roles.role

Type: string

Name of the user-defined role.

spec.security.roles.db

Type: string

The database in which you want to store the user-defined role.

Example

admin

spec.security.roles.authenticationRestrictions

Type: array

Array that defines the IP address from which and to which users assigned this spec.security.roles.role can connect.

spec.security.roles.authenticationRestrictions.clientSource

Type: array

Array of IP addresses or CIDR blocks from which users assigned this spec.security.roles.role can connect.

MongoDB servers reject connection requests from users with this role if the requests come from a client that is not present in this array.

spec.security.roles.authenticationRestrictions.serverAddress

Type: array

Array of IP addresses or CIDR blocks to which users assigned this spec.security.roles.role can connect.

Users can not connect to this MongoDB deployment if they possess this role and they sent the connection request to a server that is not present in this array.

MongoDB servers reject connection requests from users with this role if the client requests to connect to a server that is not present in this array.

spec.security.roles.privileges

Type: array

Array that describes the privileges that users granted this role possess.

spec.security.roles.privileges.actions

Type: array

List of actions that users granted this role can perform. For a list of accepted values, see Privilege Actions in the MongoDB Manual for the MongoDB versions you deploy with the Kubernetes Operator.

spec.security.roles.privileges.resource

Type: collection

Resources for which the privilege actions apply.

This collection must include either:

spec.security.roles.privileges.resource.database

Type: string

Database for which the privilege actions apply.

If you provide a value for this setting, you must also provide a value for spec.security.roles.privileges.resource.collection.

spec.security.roles.privileges.resource.collection

Type: string

Collection in the database for which the privilege actions apply.

If you provide a value for this setting, you must also provide a value for spec.security.roles.privileges.resource.database.

spec.security.roles.privileges.resource.cluster

Type: boolean

Default: False

Flag that indicates that the privilege actions apply to all databases and collections in the MongoDB deployment. If omitted, defaults to false.

If set to true, do not provide values for spec.security.roles.privileges.resource.database and spec.security.roles.privileges.resource.collection.

Examples

The following example shows a resource specification for a standalone deployment with every setting provided:

apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: my-standalone
spec:
  version: 4.2.2-ent
  service: my-service
  opsManager: # Alias of cloudManager
    configMapRef:
      name: my-project
  credentials: my-credentials
  persistent: true
  type: Standalone
  additionalMongodConfig:
    systemLog:
      logAppend: true
      verbosity: 4
    operationProfiling:
      mode: slowOp
  podSpec:
    cpu: '0.25'
    memory: 512M
    persistence:
      single:
        storage: 12Gi
        storageClass: standard
        labelSelector:
          matchExpressions:
          - {key: environment, operator: In, values: [dev]}
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: security
            operator: In
            values:
            - S1
        topologyKey: failure-domain.beta.kubernetes.io/zone
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/e2e-az-name
            operator: In
            values:
            - e2e-az1
            - e2e-az2
    podTemplate:
      metadata:
        labels:
          label1: mycustomlabel
      spec:
        affinity:
          podAntiAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  topologyKey: "mykey"
                weight: 50
...

The following example shows a resource specification for a replica set with every setting provided:

---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: my-replica-set
spec:
  members: 3
  version: 4.2.2-ent
  service: my-service
  opsManager: # Alias of cloudManager
    configMapRef:
      name: my-project
  credentials: my-credentials
  persistent: true
  type: ReplicaSet
  podSpec:
    cpu: '0.25'
    memory: 512M
    persistence:
      multiple:
        data:
          storage: 10Gi
        journal:
          storage: 1Gi
          labelSelector:
            matchLabels:
              app: "my-app"
        logs:
          storage: 500M
          storageClass: standard
    podAntiAffinityTopologyKey: nodeId
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: security
            operator: In
            values:
            - S1
        topologyKey: failure-domain.beta.kubernetes.io/zone
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/e2e-az-name
            operator: In
            values:
            - e2e-az1
            - e2e-az2
    podTemplate:
      metadata:
        labels:
          label1: mycustomlabel
      spec:
        affinity:
          podAntiAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  topologyKey: "mykey"
                weight: 50
  security:
    tls:
      enabled: true
    authentication:
      enabled: true
      modes: ["X509"]
      internalCluster: "X509"
  additionalMongodConfig:
    net:
      ssl:
        mode: preferSSL
...

The following example shows a resource specification for a sharded cluster with every setting provided:

---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: my-sharded-cluster
spec:
  shardCount: 2
  mongodsPerShardCount: 3
  mongosCount: 2
  configServerCount: 3
  version: 4.2.2-ent
  service: my-service
  type: ShardedCluster

  ## Please Note: The default Kubernetes cluster name is
  ## `cluster.local`.
  ## If your cluster has been configured with another name, you can
  ## specify it with the `clusterDomain` attribute.

  opsManager: # Alias of cloudManager
    configMapRef:
      name: my-project
  credentials: my-credentials

  persistent: true
  configSrvPodSpec:
    cpu: '0.5'
    memory: 512M

    # if "persistence" element is omitted then Operator uses the
    # default size (5Gi) for mounting single Persistent Volume

    podAntiAffinityTopologyKey: kubernetes.io/hostname
    podAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: security
            operator: In
            values:
            - S1
        topologyKey: failure-domain.beta.kubernetes.io/zone
    podTemplate:
      metadata:
        labels:
          label1: mycustomlabel
      spec:
        affinity:
          podAntiAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  topologyKey: "mykey"
                weight: 50
  mongosPodSpec:
    cpu: '0.8'
    memory: 1Gi
    podAntiAffinityTopologyKey: rackId
    nodeAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 1
        preference:
          matchExpressions:
          - key: another-node-label-key
            operator: In
            values:
            - another-node-label-value
    podTemplate:
      metadata:
        labels:
          label1: mycustomlabel
      spec:
        affinity:
          podAntiAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
              - podAffinityTerm:
                  topologyKey: "mykey"
                weight: 50
  shardPodSpec:
    cpu: '0.6'
    memory: 3Gi
    persistence:
      multiple:
        # if the child of "multiple" is omitted then the default size will be used.
        # 16GB for "data", 1GB for "journal", 3GB for "logs"
        data:
          storage: 20Gi
        logs:
          storage: 4Gi
          storageClass: standard
    podAntiAffinityTopologyKey: kubernetes.io/hostname
  mongos:
    additionalMongodConfig:
      systemLog:
        logAppend: true
        verbosity: 4
  configSrv:
    additionalMongodConfig:
      operationProfiling:
        mode: slowOp
  shard:
    additionalMongodConfig:
      storage:
        journal:
          commitIntervalMs: 50
  security:
    tls:
      enabled: true
    authentication:
      enabled: true
      modes: ["X509"]
      internalCluster: "X509"
...