Navigation

Upgrade the MongoDB Enterprise Kubernetes Operator

The following procedure outlines how to upgrade the Kubernetes Operator to its latest version.

Upgrading to version 1.3.0 and newer

Starting in MongoDB Enterprise Kubernetes Operator version 1.3.0, you can only have one MongoDB resource per project. To learn how to migrate your project to a single-cluster configuration, see Migrate to One Resource per Project (Required for Version 1.3.0).

The following steps depend on how your environment is configured:

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

Invoke the following kubectl command:

kubectl replace -f crds.yaml
3

Optional: Customize the Kubernetes Operator YAML before upgrading it.

  1. You might need to add one or more optional settings.

    To learn about optional Kubernetes Operator installation settings, see Operator kubectl and oc Installation Settings.

4

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

kubectl patch opsmanagers/<opsmgr-resource-metadata.name> \
    --patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
    --type merge
5

Upgrade to the new version of the Kubernetes Operator.

Invoke the following kubectl command:

kubectl apply -f mongodb-enterprise.yaml

Troubleshooting

You might receive the following error when you upgrade the Kubernetes Operator:

Forbidden: updates to statefulset spec for fields other than
'replicas', 'template', and 'updateStrategy' are forbidden

To resolve this error:

  1. Remove the old Kubernetes Operator deployment.

    kubectl delete deployment/mongodb-enterprise-operator --namespace <namespace>
    

    Note

    Removing the Kubernetes Operator deployment doesn’t affect the lifecycle of your MongoDB resources.

  2. Repeat the kubectl apply command to upgrade to the new version of the Kubernetes Operator.

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

Invoke the following kubectl command:

kubectl replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

kubectl patch opsmanagers/<opsmgr-resource-metadata.name> \
    --patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
    --type merge
4

Optional: Customize your Helm Chart before upgrading it.

To learn about optional Kubernetes Operator installation settings, see Operator Helm Installation Settings.

5

Upgrade the Kubernetes Operator.

Invoke the following helm command:

helm upgrade <chart-name> helm_chart \
     --values helm_chart/values.yaml

Troubleshooting

You might receive the following error when you upgrade the Kubernetes Operator:

Error: UPGRADE FAILED: cannot patch "mongodb-enterprise-operator"
with kind Deployment: Deployment.apps "mongodb-enterprise-operator"
is invalid: ... field is immutable

To resolve this error:

  1. Remove the old Kubernetes Operator deployment.

    kubectl delete deployment/mongodb-enterprise-operator --namespace <namespace>
    

    Note

    Removing the Kubernetes Operator deployment doesn’t affect the lifecycle of your MongoDB resources.

  2. Repeat the helm command to upgrade to the new version of the Kubernetes Operator.

To upgrade the Kubernetes Operator on a host not connected to the Internet:

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

Invoke the following kubectl command:

kubectl replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

kubectl patch opsmanagers/<opsmgr-resource-metadata.name> \
    --patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
    --type merge
4

Optional: Customize your Helm Chart before upgrading it.

To learn about optional Kubernetes Operator installation settings, see Operator Helm Installation Settings.

5

Upgrade to the latest version of the Kubernetes Operator.

Invoke the following helm command to upgrade with modified pull policy values:

helm upgrade <chart-name> helm_chart \
     --values helm_chart/values.yaml \
     --set registry.pullPolicy=IfNotPresent

Troubleshooting

You might receive the following error when you upgrade the Kubernetes Operator:

Error: UPGRADE FAILED: cannot patch "mongodb-enterprise-operator"
with kind Deployment: Deployment.apps "mongodb-enterprise-operator"
is invalid: ... field is immutable

To resolve this error:

  1. Remove the old Kubernetes Operator deployment.

    kubectl delete deployment/mongodb-enterprise-operator --namespace <namespace>
    

    Note

    Removing the Kubernetes Operator deployment doesn’t affect the lifecycle of your MongoDB resources.

  2. Repeat the helm command to upgrade to the new version of the Kubernetes Operator.

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following oc command:

oc replace -f crds.yaml
3

Optional: Customize the Kubernetes Operator YAML before upgrading it.

  1. You must add your <openshift-pull-secret> to the ServiceAccount definitions:

    ---
    # Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: enterprise-operator
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-appdb
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-database-pods
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
  2. You might need to add one or more optional settings.

    To learn about optional Kubernetes Operator installation settings, see Operator kubectl and oc Installation Settings.

4

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

oc patch opsmanagers/<opsmgr-resource-metadata.name> \
    --patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
    --type merge
5

Upgrade to the new version of the Kubernetes Operator.

Invoke the following oc command:

oc apply -f mongodb-enterprise-openshift.yaml

Troubleshooting

You might receive the following error when you upgrade the Kubernetes Operator:

Forbidden: updates to statefulset spec for fields other than
'replicas', 'template', and 'updateStrategy' are forbidden

To resolve this error:

  1. Remove the old Kubernetes Operator deployment.

    oc delete deployment/mongodb-enterprise-operator --namespace <namespace>
    

    Note

    Removing the Kubernetes Operator deployment doesn’t affect the lifecycle of your MongoDB resources.

  2. Repeat the oc apply command to upgrade to the new version of the Kubernetes Operator.

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following oc command:

oc replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

oc patch opsmanagers/<opsmgr-resource-metadata.name> \
    --patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
    --type merge
4

Optional: Customize your Helm Chart before upgrading it.

To learn about optional Kubernetes Operator installation settings, see Operator Helm Installation Settings.

5

Upgrade the Kubernetes Operator.

Invoke the following helm command:

helm upgrade <chart-name> helm_chart \
      --values helm_chart/values-openshift.yaml

Troubleshooting

You might receive the following error when you upgrade the Kubernetes Operator:

Error: UPGRADE FAILED: cannot patch "mongodb-enterprise-operator"
with kind Deployment: Deployment.apps "mongodb-enterprise-operator"
is invalid: ... field is immutable

To resolve this error:

  1. Remove the old Kubernetes Operator deployment.

    oc delete deployment/mongodb-enterprise-operator --namespace <namespace>
    

    Note

    Removing the Kubernetes Operator deployment doesn’t affect the lifecycle of your MongoDB resources.

  2. Repeat the helm command to upgrade to the new version of the Kubernetes Operator.

To upgrade the Kubernetes Operator on a host not connected to the Internet:

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following oc command:

oc replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

oc patch opsmanagers/<opsmgr-resource-metadata.name> \
    --patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
    --type merge
4

Optional: Customize your Helm Chart before upgrading it.

To learn about optional Kubernetes Operator installation settings, see Operator Helm Installation Settings.

5

Upgrade to the latest version of the Kubernetes Operator.

Invoke the following helm command with modified pull policy values:

helm upgrade <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set registry.imagePullSecrets=<openshift-pull-secret>

Troubleshooting

You might receive the following error when you upgrade the Kubernetes Operator:

Error: UPGRADE FAILED: cannot patch "mongodb-enterprise-operator"
with kind Deployment: Deployment.apps "mongodb-enterprise-operator"
is invalid: ... field is immutable

To resolve this error:

  1. Remove the old Kubernetes Operator deployment.

    oc delete deployment/mongodb-enterprise-operator --namespace <namespace>
    

    Note

    Removing the Kubernetes Operator deployment doesn’t affect the lifecycle of your MongoDB resources.

  2. Repeat the helm command to upgrade to the new version of the Kubernetes Operator.

To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.

Important

If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.