Navigation

Upgrade the Operator

On this page

Upgrading to version 1.3.0 and newer

Starting in MongoDB Enterprise Kubernetes Operator version 1.3.0, you can only have one MongoDB resource per project. To learn how to migrate your project to a single-cluster configuration, see Migrate to One Resource per Project (Required for Version 1.3.0).

Procedure

  1. Change to the directory in which you cloned the Kubernetes Operator repository. The following steps depend on how your environment is configured:
  1. Upgrade the CustomResourceDefinitions for MongoDB deployments using the following kubectl command:

    kubectl apply -f crds.yaml
    
  2. If you use OpenShift as your Kubernetes orchestrator, you need to allow OpenShift to manage the Security Context for the Kubernetes Operator.

    Change the MANAGED_SECURITY_CONTEXT value as described in the next step.

  3. You can edit the Operator YAML file to further customize your Operator before upgrading it.

    1. Open your mongodb-enterprise.yaml in your preferred text editor.

    2. You may need to add one or more of the following options:

      Environment Variable When to Use
      OPERATOR_ENV

      Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

      If OPERATOR_ENV is Log Level is set to Log Format is set to
      dev debug text
      prod info json

      Accepted values are: dev, prod.

      Default value is: prod.

      You can set the following pair of values:

      spec.template.spec.containers.name.env.name: OPERATOR_ENV
      spec.template.spec.containers.name.env.value: prod
      

      Example

      spec:
        template:
          spec:
            serviceAccountName: mongodb-enterprise-operator
            containers:
            - name: mongodb-enterprise-operator
              image: <operatorVersionUrl>
              imagePullPolicy: <policyChoice>
              env:
              - name: OPERATOR_ENV
                value: prod
      
      WATCH_NAMESPACE

      Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

      * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

      Default value is: <metadata.namespace>.

      One Namespace or All Namespaces

      If you need to watch more than one namespace, set the value of WATCH_NAMESPACE to * (all). This environment variable can watch one namespace or all namespaces.

      You can set the following pair of values:

      spec.template.spec.containers.name.env.name: WATCH_NAMESPACE
      spec.template.spec.containers.name.env.value: "<testNamespace>"
      

      Example

      spec:
        template:
          spec:
            serviceAccountName: mongodb-enterprise-operator
            containers:
            - name: mongodb-enterprise-operator
              image: <operatorVersionUrl>
              imagePullPolicy: <policyChoice>
              env:
              - name: WATCH_NAMESPACE
                value: "<testNamespace>"
      
      MANAGED_SECURITY_CONTEXT

      If you use OpenShift as your Kubernetes orchestrator, set this to 'true' to allow OpenShift to manage the Security Context for the Kubernetes Operator.

      Accepted values are: 'true', 'false'.

      Default value is: 'false'.

      You can set the following pair of values:

      spec.template.spec.containers.name.env.name: MANAGED_SECURITY_CONTEXT
      spec.template.spec.containers.name.env.value: 'true'
      

      Example

      spec:
        template:
          spec:
            serviceAccountName: mongodb-enterprise-operator
            containers:
            - name: mongodb-enterprise-operator
              image: <operatorVersionUrl>
              imagePullPolicy: <policyChoice>
              env:
              - name: MANAGED_SECURITY_CONTEXT
                value: 'true'
      
      OPS_MANAGER_IMAGE_REPOSITORY

      URL of the repository from which the image for an Ops Manager resource is downloaded.

      Default value is: quay.io/mongodb/mongodb-enterprise-ops-manager

      spec.template.spec.containers.name.env.name:
      OPS_MANAGER_IMAGE_REPOSITORY
      spec.template.spec.containers.name.env.value:
      quay.io/mongodb/mongodb-enterprise-ops-manager
      

      Example

       1
       2
       3
       4
       5
       6
       7
       8
       9
      10
      11
      12
      13
      spec:
        template:
          spec:
            serviceAccountName: mongodb-enterprise-operator
            containers:
            - name: mongodb-enterprise-operator
              image: <operatorVersionUrl>
              imagePullPolicy: <policyChoice>
              env:
              - name: OPS_MANAGER_IMAGE_REPOSITORY
                value: quay.io/mongodb/mongodb-enterprise-ops-manager
              - name: OPS_MANAGER_IMAGE_PULL_POLICY
                value: Always
      
      OPS_MANAGER_IMAGE_PULL_POLICY

      Pull policy for the image deployed to an Ops Manager resource.

      Accepted values are: Always, IfNotPresent, Never

      Default value is: Always

      spec.template.spec.containers.name.env.name:
      OPS_MANAGER_IMAGE_PULL_POLICY
      spec.template.spec.containers.name.env.value:
      <policy>
      

      Example

       1
       2
       3
       4
       5
       6
       7
       8
       9
      10
      11
      12
      13
      spec:
        template:
          spec:
            serviceAccountName: mongodb-enterprise-operator
            containers:
            - name: mongodb-enterprise-operator
              image: <operatorVersionUrl>
              imagePullPolicy: <policyChoice>
              env:
              - name: OPS_MANAGER_IMAGE_REPOSITORY
                value: quay.io/mongodb/mongodb-enterprise-ops-manager
              - name: OPS_MANAGER_IMAGE_PULL_POLICY
                value: Always
      

      Note

      Any values enclosed in single or double quotes require those quotes. Include the quotes when setting these values.

  4. Upgrade the Kubernetes Operator using the following kubectl command:

    kubectl apply -f mongodb-enterprise.yaml
    

To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.

Important

If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.

  1. Upgrade the latest version of the Kubernetes Operator using the following helm command:

    helm template helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    

    You can customize your Chart before installing it by using the --set option. For this Chart, you may need to add one or more of the following options:

    --set option When to Use
    namespace

    To use a different namespace, you need to specify that namespace.

    Default value is: mongodb.

    Example

    helm template \
      --set namespace=<testNamespace> \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.env

    Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

    If operator.env is Log Level is set to Log Format is set to
    dev debug text
    prod info json

    Accepted values are: dev, prod.

    Default value is: prod.

    Example

    helm template \
      --set operator.env=dev \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.watchNamespace

    Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

    * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

    Default value is: <metadata.namespace>.

    Example

    helm template \
      --set operator.watchNamespace=<testNamespace> \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    managedSecurityContext

    If you use OpenShift as your Kubernetes orchestrator, set this to true to allow OpenShift to manage the Security Context for the Kubernetes Operator.

    Accepted values are: true, false.

    Default value is: false.

    Example

    helm template \
      --set managedSecurityContext=false \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.podWaitSeconds

    Time in seconds that the Operator waits for StatefulSets to start when MongoDB Kubernetes resources are being created or updated before retrying.

    Default values depend upon operator.env:

    If operator.env is operator.podWaitSeconds is set to
    dev 3
    prod 5

    Example

    helm template \
      --set operator.env=dev \
      --set operator.podWaitSeconds=10 \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.podSetWaitRetries

    Maximum number of retries that the Operator attempts when waiting for StatefulSets to start after MongoDB Kubernetes resources are created or updated.

    Default values depend upon operator.env:

    If operator.env is operator.podSetWaitRetries is set to
    dev 60
    prod 180

    Example

    helm template
      --set operator.env=dev \
      --set operator.podWaitSeconds=10 \
      --set operator.podSetWaitRetries=20 \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    

To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.

Important

If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.

To upgrade the Kubernetes Operator on a host not connected to the Internet, you have two options, you can download the Kubernetes Operator files from either:

  1. Upgrade the latest version of the Kubernetes Operator with modified pull policy values using the following helm command:

    helm template --set registry.pullPolicy=IfNotPresent \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    

    You can further customize your Chart before installing it by using the --set option. For this Chart, you may need to add one or more of the following options:

    --set option When to Use
    namespace

    To use a different namespace, you need to specify that namespace.

    Default value is: mongodb.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set namespace=<testNamespace> \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.env

    Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

    If operator.env is Log Level is set to Log Format is set to
    dev debug text
    prod info json

    Accepted values are: dev, prod.

    Default value is: prod.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.env=dev \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.watchNamespace

    Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

    * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

    Default value is: <metadata.namespace>.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.watchNamespace=<testNamespace> \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    managedSecurityContext

    If you use OpenShift as your Kubernetes orchestrator, set this to true to allow OpenShift to manage the Security Context for the Kubernetes Operator.

    Accepted values are: true, false.

    Default value is: false.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set managedSecurityContext=false \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.podWaitSeconds

    Time in seconds that the Operator waits for StatefulSets to start when MongoDB Kubernetes resources are being created or updated before retrying.

    Default values depend upon operator.env:

    If operator.env is operator.podWaitSeconds is set to
    dev 3
    prod 5

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.env=dev \
      --set operator.podWaitSeconds=10 \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.podSetWaitRetries

    Maximum number of retries that the Operator attempts when waiting for StatefulSets to start after MongoDB Kubernetes resources are created or updated.

    Default values depend upon operator.env:

    If operator.env is operator.podSetWaitRetries is set to
    dev 60
    prod 180

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.env=dev \
      --set operator.podWaitSeconds=10 \
      --set operator.podSetWaitRetries=20 \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    

To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.

Important

If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.

  1. Upgrade the latest version of the Kubernetes Operator with modified pull policy values using the following helm command:

    helm template --set registry.pullPolicy=IfNotPresent \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    

    You can further customize your Chart before installing it by using the --set option. For this Chart, you may need to add one or more of the following options:

    --set option When to Use
    namespace

    To use a different namespace, you need to specify that namespace.

    Default value is: mongodb.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set namespace=<testNamespace> \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.env

    Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

    If operator.env is Log Level is set to Log Format is set to
    dev debug text
    prod info json

    Accepted values are: dev, prod.

    Default value is: prod.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.env=dev \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.watchNamespace

    Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

    * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

    Default value is: <metadata.namespace>.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.watchNamespace=<testNamespace> \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    managedSecurityContext

    If you use OpenShift as your Kubernetes orchestrator, set this to true to allow OpenShift to manage the Security Context for the Kubernetes Operator.

    Accepted values are: true, false.

    Default value is: false.

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set managedSecurityContext=false \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.podWaitSeconds

    Time in seconds that the Operator waits for StatefulSets to start when MongoDB Kubernetes resources are being created or updated before retrying.

    Default values depend upon operator.env:

    If operator.env is operator.podWaitSeconds is set to
    dev 3
    prod 5

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.env=dev \
      --set operator.podWaitSeconds=10 \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml
    
    operator.podSetWaitRetries

    Maximum number of retries that the Operator attempts when waiting for StatefulSets to start after MongoDB Kubernetes resources are created or updated.

    Default values depend upon operator.env:

    If operator.env is operator.podSetWaitRetries is set to
    dev 60
    prod 180

    Example

    helm template \
      --set registry.pullPolicy=IfNotPresent \
      --set operator.env=dev \
      --set operator.podWaitSeconds=10 \
      --set operator.podSetWaitRetries=20 \
      helm_chart > operator.yaml
    kubectl apply -f operator.yaml