- Install and Configure the Kubernetes Operator >
- Upgrade the Kubernetes Operator from Prior Versions >
- Upgrade from Operator Version 1.7.0 or Later
Upgrade from Operator Version 1.7.0 or Later¶
The following procedure outlines how to upgrade from Kubernetes Operator versions 1.7.1 and later. If your Operator runs version 1.6.1 or later, see Upgrade from Operator Version 1.6.1 or Earlier for upgrade instructions.
The following steps depend on how your environment is configured:
- Kubernetes
- OpenShift
- Online using kubectl
- Online using Helm
- Offline using Helm and Docker
Change to the directory in which you cloned the repository.¶
Upgrade the CustomResourceDefinitions for MongoDB deployments.¶
Invoke the following kubectl
command:
Optional: Customize the Kubernetes Operator YAML before upgrading it.¶
Open your
mongodb-enterprise.yaml
in your preferred text editor.You may need to add one or more of the following options:
Environment Variable When to Use OPERATOR_ENV
Label for the Operator’s deployment environment. The
env
value affects default timeouts and the format and level of logging.If OPERATOR_ENV
isLog Level is set to Log Format is set to dev
debug text prod
info json Accepted values are:
dev
,prod
.Default value is:
prod
.You can set the following pair of values:
Example
WATCH_NAMESPACE
Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.
*
means all namespaces and requires the ClusterRole assigned to themongodb-enterprise-operator
ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.Default value is:
<metadata.namespace>
.Important
To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.
You can set the following pair of values:
Example
MONGODB_ENTERPRISE_DATABASE_IMAGE
URL of the MongoDB Enterprise Database image the Kubernetes Operator deploys.
Default value is
quay.io/mongodb/mongodb-enterprise-database
.Example
IMAGE_PULL_POLICY
Pull policy for the MongoDB Enterprise database image the Kubernetes Operator deploys.
Accepted values are
Always
,IfNotPresent
,Never
.Default value is
Always
.Example
OPS_MANAGER_IMAGE_REPOSITORY
URL of the repository from which the image for an Ops Manager resource is downloaded.
Default value is
quay.io/mongodb/mongodb-enterprise-ops-manager
.Example
OPS_MANAGER_IMAGE_PULL_POLICY
Pull policy for the Ops Manager images the Kubernetes Operator deploys.
Accepted values are:
Always
,IfNotPresent
,Never
.Default value is
Always
.Example
INIT_OPS_MANAGER_IMAGE_REPOSITORY
URL of the repository from which the initContainer image that contains Ops Manager start-up scripts and the readiness probe is downloaded.
Default value is
quay.io/mongodb/mongodb-enterprise-ops-manager-init
.Example
INIT_OPS_MANAGER_VERSION
Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe.
Default value is 1.0.1.
Example
APPDB_IMAGE_REPOSITORY
URL of the repository from which the Application Database image is downloaded.
Default value is
quay.io/mongodb/mongodb-enterprise-appdb
.Example
INIT_APPDB_IMAGE_REPOSITORY
URL of the repository from which the initContainer image that contains Application Database start-up scripts and the readiness probe is downloaded.
Default value is
quay.io/mongodb/mongodb-enterprise-appdb-init
.Example
INIT_APPDB_VERSION
Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe.
Default value is 1.0.3.
Example
MANAGED_SECURITY_CONTEXT
Flag that determines if the Kubernetes Operator inherits the
securityContext
settings that your Kubernetes cluster manages.Set this field to
true
if you want to run the Kubernetes Operator in OpenShift or in a restrictive environment.Default value is
false
.Example
If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca
setting:¶
- You secure your Ops Manager deployment using TLS certificates.
- You sign your TLS certificates using a custom CA.
- You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.
Use the following command to add the
spec.security.tls.ca
setting to your Ops Manager resource
definition:
Change to the directory in which you cloned the repository.¶
Upgrade the CustomResourceDefinitions for MongoDB deployments.¶
Invoke the following kubectl
command:
If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca
setting:¶
- You secure your Ops Manager deployment using TLS certificates.
- You sign your TLS certificates using a custom CA.
- You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.
Use the following command to add the
spec.security.tls.ca
setting to your Ops Manager resource
definition:
Optional: Customize your Helm Chart before upgrading it.¶
To modify your Helm Chart, add one or more of the following options to
the values.yaml
file:
Setting | Purpose | Default | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
namespace |
To use a different namespace, specify that |
mongodb |
|||||||||
managedSecurityContext |
Flag that determines if the Kubernetes Operator inherits the
Set this field to Example |
false |
|||||||||
operator .env |
Label for the Operator’s deployment environment. The
Accepted values are: |
prod |
|||||||||
operator .watchNamespace |
Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.
Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. |
<metadata.namespace> |
|||||||||
operator .watchedResources |
Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are:
|
|
|||||||||
registry .appDb |
Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. |
||||||||||
registry .initAppDb |
Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database. Specify this value if you want to pull the Application Database initContainer image from a private repository. Example |
||||||||||
registry .initOpsManager |
Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager. Specify this value if you want to pull the Ops Manager
Example |
||||||||||
registry .operator |
Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example |
||||||||||
registry .opsManager |
Repository from which the Ops Manager image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example |
Tip
Alternatively, you can pass these values as options when you apply the Helm Chart:
Upgrade the Kubernetes Operator.¶
Invoke the following helm
command:
To upgrade the Kubernetes Operator on a host not connected to the Internet:
Change to the directory in which you cloned the repository.¶
Upgrade the CustomResourceDefinitions for MongoDB deployments.¶
Invoke the following kubectl
command:
If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca
setting:¶
- You secure your Ops Manager deployment using TLS certificates.
- You sign your TLS certificates using a custom CA.
- You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.
Use the following command to add the
spec.security.tls.ca
setting to your Ops Manager resource
definition:
Optional: Customize your Helm Chart before upgrading it.¶
To modify your Helm Chart, add one or more of the following options to
the values.yaml
file:
Setting | Purpose | Default | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
namespace |
To use a different namespace, specify that |
mongodb |
|||||||||
managedSecurityContext |
Flag that determines if the Kubernetes Operator inherits the
Set this field to Example |
false |
|||||||||
operator .env |
Label for the Operator’s deployment environment. The
Accepted values are: |
prod |
|||||||||
operator .watchNamespace |
Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.
Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. |
<metadata.namespace> |
|||||||||
operator .watchedResources |
Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are:
|
|
|||||||||
registry .appDb |
Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. |
||||||||||
registry .initAppDb |
Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database. Specify this value if you want to pull the Application Database initContainer image from a private repository. Example |
||||||||||
registry .initOpsManager |
Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager. Specify this value if you want to pull the Ops Manager
Example |
||||||||||
registry .operator |
Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example |
||||||||||
registry .opsManager |
Repository from which the Ops Manager image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example |
Tip
Alternatively, you can pass these values as options when you apply the Helm Chart:
Upgrade to the latest version of the Kubernetes Operator.¶
Invoke the following helm
command to upgrade with modified pull
policy values:
- Online using oc
- Online using Helm
- Offline using Helm and Docker
Change to the directory in which you cloned the repository.¶
Upgrade the CustomResourceDefinitions for MongoDB deployments.¶
OpenShift 3.11 or earlier
If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:
Invoke the following oc
command:
Optional: Customize the Kubernetes Operator YAML before upgrading it.¶
Open your
mongodb-enterprise-openshift.yaml
in your preferred text editor.You must add your
<openshift-pull-secret>
to theServiceAccount
definitions:You may need to add one or more of the following options:
Environment Variable | Purpose | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
OPERATOR_ENV |
Label for the Operator’s deployment environment. The
Accepted values are: Default value is: You can set the following pair of values: Example |
|||||||||
WATCH_NAMESPACE |
Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.
Default value is: Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. You can set the following pair of values: Example |
|||||||||
MONGODB_ENTERPRISE_DATABASE_IMAGE |
URL of the MongoDB Enterprise Database image the Kubernetes Operator deploys. Default value is
Example |
|||||||||
IMAGE_PULL_POLICY |
Pull policy for the MongoDB Enterprise database image the Kubernetes Operator deploys. Accepted values are Default value is Example |
|||||||||
OPS_MANAGER_IMAGE_REPOSITORY |
URL of the repository from which the image for an Ops Manager resource is downloaded. Default value is
Example |
|||||||||
OPS_MANAGER_IMAGE_PULL_POLICY |
Pull policy for the image deployed to an Ops Manager resource. Accepted values are Default value is Example |
|||||||||
INIT_OPS_MANAGER_IMAGE_REPOSITORY |
URL of the repository from which the initContainer image that contains Ops Manager start-up scripts and the readiness probe is downloaded. Default value is
Example |
|||||||||
INIT_OPS_MANAGER_VERSION |
Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe. Default value is 1.0.1. Example |
|||||||||
APPDB_IMAGE_REPOSITORY |
URL of the repository from which the Application Database image is downloaded. Default value is
Example |
|||||||||
INIT_APPDB_IMAGE_REPOSITORY |
URL of the repository from which the Default value is
Example |
|||||||||
INIT_APPDB_VERSION |
Version of the Default value is 1.0.3. Example |
|||||||||
MANAGED_SECURITY_CONTEXT |
Flag that determines if the Kubernetes Operator inherits the
For OpenShift, Default value is Example |
If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca
setting:¶
- You secure your Ops Manager deployment using TLS certificates.
- You sign your TLS certificates using a custom CA.
- You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.
Use the following command to add the
spec.security.tls.ca
setting to your Ops Manager resource
definition:
Change to the directory in which you cloned the repository.¶
Upgrade the CustomResourceDefinitions for MongoDB deployments.¶
OpenShift 3.11 or earlier
If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:
Invoke the following oc
command:
If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca
setting:¶
- You secure your Ops Manager deployment using TLS certificates.
- You sign your TLS certificates using a custom CA.
- You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.
Use the following command to add the
spec.security.tls.ca
setting to your Ops Manager resource
definition:
Optional: Customize your Helm Chart before upgrading it.¶
You can customize your Helm Chart before upgrading it. To modify it,
add one or more of the following options to the
values-openshift.yaml
file:
Setting | Purpose | Default | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
namespace |
To use a different namespace, specify that Example |
mongodb |
|||||||||
managedSecurityContext |
Flag that determines if the Kubernetes Operator inherits the
For OpenShift, Example |
true |
|||||||||
operator .env |
Label for the Operator’s deployment environment. The
Accepted values are: Example |
prod |
|||||||||
operator .watchNamespace |
Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.
Example Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. |
<metadata.namespace> |
|||||||||
operator .watchedResources |
Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are:
Example |
|
|||||||||
registry .appDb |
Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example |
||||||||||
registry .imagePullSecrets |
secret that contains the credentials required to pull imagePullSecrets from the repository. Important OpenShift requires this setting. Define it in this file or pass it when you install the Kubernetes Operator using Helm. Example |
||||||||||
registry .operator |
Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example |
||||||||||
registry .opsManager |
Repository from which OpenShift pulls the Ops Manager image. Specify this value if you want to pull the Ops Manager image from a private repository. Example |
||||||||||
registry .initAppDb |
Repository from which the Application Database Specify this value if you want to pull the Application Database
Example |
||||||||||
registry .initOpsManager |
Repository from which the Ops Manager Specify this value if you want to pull the Ops Manager
Example |
Tip
Alternatively, you can pass these values as options when you apply the Helm Chart:
Upgrade the Kubernetes Operator.¶
OpenShift 3.11 or earlier
If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:
Invoke the following helm
command:
To upgrade the Kubernetes Operator on a host not connected to the Internet:
Change to the directory in which you cloned the repository.¶
Upgrade the CustomResourceDefinitions for MongoDB deployments.¶
OpenShift 3.11 or earlier
If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:
Invoke the following oc
command:
If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca
setting:¶
- You secure your Ops Manager deployment using TLS certificates.
- You sign your TLS certificates using a custom CA.
- You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.
Use the following command to add the
spec.security.tls.ca
setting to your Ops Manager resource
definition:
Optional: Customize your Helm Chart before upgrading it.¶
You can customize your Helm Chart before upgrading it. To modify it,
add one or more of the following options to the
values-openshift.yaml
file:
Setting | Purpose | Default | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
namespace |
To use a different namespace, specify that Example |
mongodb |
|||||||||
managedSecurityContext |
Flag that determines if the Kubernetes Operator inherits the
For OpenShift, Example |
true |
|||||||||
operator .env |
Label for the Operator’s deployment environment. The
Accepted values are: Example |
prod |
|||||||||
operator .watchNamespace |
Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.
Example Important To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform. |
<metadata.namespace> |
|||||||||
operator .watchedResources |
Custom resources that the Kubernetes Operator watches. The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify. Accepted values are:
Example |
|
|||||||||
registry .appDb |
Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository. Example |
||||||||||
registry .imagePullSecrets |
secret that contains the credentials required to pull imagePullSecrets from the repository. Important OpenShift requires this setting. Define it in this file or pass it when you install the Kubernetes Operator using Helm. Example |
||||||||||
registry .operator |
Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository. Example |
||||||||||
registry .opsManager |
Repository from which OpenShift pulls the Ops Manager image. Specify this value if you want to pull the Ops Manager image from a private repository. Example |
||||||||||
registry .initAppDb |
Repository from which the Application Database Specify this value if you want to pull the Application Database
Example |
||||||||||
registry .initOpsManager |
Repository from which the Ops Manager Specify this value if you want to pull the Ops Manager
Example |
Tip
Alternatively, you can pass these values as options when you apply the Helm Chart:
Upgrade the latest version of the Kubernetes Operator.¶
OpenShift 3.11 or earlier
If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:
Invoke the following helm
command with
modified pull policy values:
To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.
Important
If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.