Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Kubernetes Operator, refer to the upgrade documentation.

Upgrade from Operator Version 1.7.0 or Later

The following procedure outlines how to upgrade from Kubernetes Operator versions 1.7.1 and later. If your Operator runs version 1.6.1 or later, see Upgrade from Operator Version 1.6.1 or Earlier for upgrade instructions.

The following steps depend on how your environment is configured:

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

Invoke the following kubectl command:

kubectl replace -f crds.yaml
3

Optional: Customize the Kubernetes Operator YAML before upgrading it.

  1. Open your mongodb-enterprise.yaml in your preferred text editor.

  2. You may need to add one or more of the following options:

    Environment Variable When to Use
    OPERATOR_ENV

    Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

    If OPERATOR_ENV is Log Level is set to Log Format is set to
    dev debug text
    prod info json

    Accepted values are: dev, prod.

    Default value is: prod.

    You can set the following pair of values:

    spec.template.spec.containers.name.env.name: OPERATOR_ENV
    spec.template.spec.containers.name.env.value: prod
    

    Example

    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: OPERATOR_ENV
              value: prod
    
    WATCH_NAMESPACE

    Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

    * means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

    Default value is: <metadata.namespace>.

    Important

    To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.

    You can set the following pair of values:

    spec.template.spec.containers.name.env.name: WATCH_NAMESPACE
    spec.template.spec.containers.name.env.value: "<testNamespace>"
    

    Example

    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: WATCH_NAMESPACE
              value: "<testNamespace>"
    
    MONGODB_ENTERPRISE_DATABASE_IMAGE

    URL of the MongoDB Enterprise Database image the Kubernetes Operator deploys.

    Default value is quay.io/mongodb/mongodb-enterprise-database.

    spec.template.spec.containers.name.env.name:
    MONGODB_ENTERPRISE_DATABASE_IMAGE
    spec.template.spec.containers.name.env.value:
    quay.io/mongodb/mongodb-enterprise-database
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
              value: quay.io/mongodb/mongodb-enterprise-database
            - name: IMAGE_PULL_POLICY
              value: Always
    
    IMAGE_PULL_POLICY

    Pull policy for the MongoDB Enterprise database image the Kubernetes Operator deploys.

    Accepted values are Always, IfNotPresent, Never.

    Default value is Always.

    spec.template.spec.containers.name.env.name:
    IMAGE_PULL_POLICY
    spec.template.spec.containers.name.env.value:
    <policy>
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
              value: quay.io/mongodb/mongodb-enterprise-database
            - name: IMAGE_PULL_POLICY
              value: Always
    
    OPS_MANAGER_IMAGE_REPOSITORY

    URL of the repository from which the image for an Ops Manager resource is downloaded.

    Default value is quay.io/mongodb/mongodb-enterprise-ops-manager.

    spec.template.spec.containers.name.env.name:
    OPS_MANAGER_IMAGE_REPOSITORY
    spec.template.spec.containers.name.env.value:
    quay.io/mongodb/mongodb-enterprise-ops-manager
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: OPS_MANAGER_IMAGE_REPOSITORY
              value: quay.io/mongodb/mongodb-enterprise-ops-manager
            - name: OPS_MANAGER_IMAGE_PULL_POLICY
              value: Always
    
    OPS_MANAGER_IMAGE_PULL_POLICY

    Pull policy for the Ops Manager images the Kubernetes Operator deploys.

    Accepted values are: Always, IfNotPresent, Never.

    Default value is Always.

    spec.template.spec.containers.name.env.name:
    OPS_MANAGER_IMAGE_PULL_POLICY
    spec.template.spec.containers.name.env.value:
    <policy>
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: OPS_MANAGER_IMAGE_REPOSITORY
              value: quay.io/mongodb/mongodb-enterprise-ops-manager
            - name: OPS_MANAGER_IMAGE_PULL_POLICY
              value: Always
    
    INIT_OPS_MANAGER_IMAGE_REPOSITORY

    URL of the repository from which the initContainer image that contains Ops Manager start-up scripts and the readiness probe is downloaded.

    Default value is quay.io/mongodb/mongodb-enterprise-ops-manager-init.

    spec.template.spec.containers.name.env.name:
    INIT_OPS_MANAGER_IMAGE_REPOSITORY
    spec.template.spec.containers.name.env.value:
    quay.io/mongodb/mongodb-enterprise-ops-manager-init
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
              value: quay.io/mongodb/mongodb-enterprise-ops-manager-init
    
    INIT_OPS_MANAGER_VERSION

    Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe.

    Default value is 1.0.1.

    spec.template.spec.containers.name.env.name:
    INIT_OPS_MANAGER_VERSION
    spec.template.spec.containers.name.env.value:
    1.0.1
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: INIT_OPS_MANAGER_VERSION
              value: 1.0.1
    
    APPDB_IMAGE_REPOSITORY

    URL of the repository from which the Application Database image is downloaded.

    Default value is quay.io/mongodb/mongodb-enterprise-appdb.

    spec.template.spec.containers.name.env.name:
    APPDB_IMAGE_REPOSITORY
    spec.template.spec.containers.name.env.value:
    quay.io/mongodb/mongodb-enterprise-appdb
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: APPDB_IMAGE_REPOSITORY
              value: quay.io/mongodb/mongodb-enterprise-appdb
    
    INIT_APPDB_IMAGE_REPOSITORY

    URL of the repository from which the initContainer image that contains Application Database start-up scripts and the readiness probe is downloaded.

    Default value is quay.io/mongodb/mongodb-enterprise-appdb-init.

    spec.template.spec.containers.name.env.name:
    INIT_APPDB_IMAGE_REPOSITORY
    spec.template.spec.containers.name.env.value:
    quay.io/mongodb/mongodb-enterprise-init-appdb
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: INIT_APPDB_IMAGE_REPOSITORY
              value: quay.io/mongodb/mongodb-enterprise-init-appdb
    
    INIT_APPDB_VERSION

    Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe.

    Default value is 1.0.3.

    spec.template.spec.containers.name.env.name:
    INIT_APPDB_VERSION
    spec.template.spec.containers.name.env.value:
    1.0.3
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: INIT_APPDB_VERSION
              value: 1.0.3
    
    MANAGED_SECURITY_CONTEXT

    Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages.

    Set this field to true if you want to run the Kubernetes Operator in OpenShift or in a restrictive environment.

    Default value is false.

    spec.template.spec.containers.name.env.name:
    MANAGED_SECURITY_CONTEXT
    spec.template.spec.containers.name.env.value:
    false
    

    Example

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    spec:
      template:
        spec:
          serviceAccountName: mongodb-enterprise-operator
          containers:
          - name: mongodb-enterprise-operator
            image: <operatorVersionUrl>
            imagePullPolicy: <policyChoice>
            env:
            - name: MANAGED_SECURITY_CONTEXT
              value: true
    
4

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

kubectl patch opsmanagers/<opsmgr-resource-metadata.name> \
--patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
--type merge
5

Upgrade to the new version of the Kubernetes Operator.

Invoke the following kubectl command:

kubectl apply -f mongodb-enterprise.yaml
1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

Invoke the following kubectl command:

kubectl replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

kubectl patch opsmanagers/<opsmgr-resource-metadata.name> \
--patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
--type merge
4

Optional: Customize your Helm Chart before upgrading it.

To modify your Helm Chart, add one or more of the following options to the values.yaml file:

Setting Purpose Default
namespace

To use a different namespace, specify that namespace.

# Name of the Namespace to use
namespace: mongodb
mongodb
managedSecurityContext

Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages.

Set this field to true if your cluster manages the securityContext for your Kubernetes resources.

Example

# Set this to true if your cluster is managing SecurityContext for you.
# If running OpenShift (Cloud, Minishift, etc.), set this to true.
managedSecurityContext: false
false
operator
.env

Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

If operator.env is Log Level is set to Log Format is set to
dev debug text
prod info json

Accepted values are: dev, prod.

operator:
  # Execution environment for the operator, dev or prod.
  # Use dev for more verbose logging
  env: prod
prod
operator
.watchNamespace

Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

* means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

operator:
  watchNamespace: *

Important

To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.

<metadata.namespace>
operator
.watchedResources

Custom resources that the Kubernetes Operator watches.

The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify.

Accepted values are:

Value Description
mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources.
mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources.
opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources.
operator:
  watchedResources:
    - mongodbusers
    - mongodb
    - opsmanagers
  • mongodbusers
  • mongodb
  • opsmanagers
registry
.appDb

Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository.

registry:
  appDb: quay.io/mongodb
 
registry
.initAppDb

Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database.

Specify this value if you want to pull the Application Database initContainer image from a private repository.

Example

registry:
  initAppDb: quay.io/mongodb
 
registry
.initOpsManager

Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager.

Specify this value if you want to pull the Ops Manager initContainer image from a private repository.

Example

registry:
  initOpsManager: quay.io/mongodb
 
registry
.operator

Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository.

Example

registry:
  operator: quay.io/mongodb
 
registry
.opsManager

Repository from which the Ops Manager image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository.

Example

registry:
  opsManager: quay.io/mongodb
 

Tip

Alternatively, you can pass these values as options when you apply the Helm Chart:

helm upgrade <chart-name> helm_chart \
     --values helm_chart/values.yaml \
     --set namespace=<testNamespace>
5

Upgrade the Kubernetes Operator.

Invoke the following helm command:

helm upgrade <chart-name> helm_chart \
     --values helm_chart/values.yaml

To upgrade the Kubernetes Operator on a host not connected to the Internet:

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

Invoke the following kubectl command:

kubectl replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

kubectl patch opsmanagers/<opsmgr-resource-metadata.name> \
--patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
--type merge
4

Optional: Customize your Helm Chart before upgrading it.

To modify your Helm Chart, add one or more of the following options to the values.yaml file:

Setting Purpose Default
namespace

To use a different namespace, specify that namespace.

# Name of the Namespace to use
namespace: mongodb
mongodb
managedSecurityContext

Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages.

Set this field to true if your cluster manages the securityContext for your Kubernetes resources.

Example

# Set this to true if your cluster is managing SecurityContext for you.
# If running OpenShift (Cloud, Minishift, etc.), set this to true.
managedSecurityContext: false
false
operator
.env

Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

If operator.env is Log Level is set to Log Format is set to
dev debug text
prod info json

Accepted values are: dev, prod.

operator:
  # Execution environment for the operator, dev or prod.
  # Use dev for more verbose logging
  env: prod
prod
operator
.watchNamespace

Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

* means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

operator:
  watchNamespace: *

Important

To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.

<metadata.namespace>
operator
.watchedResources

Custom resources that the Kubernetes Operator watches.

The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify.

Accepted values are:

Value Description
mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources.
mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources.
opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources.
operator:
  watchedResources:
    - mongodbusers
    - mongodb
    - opsmanagers
  • mongodbusers
  • mongodb
  • opsmanagers
registry
.appDb

Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository.

registry:
  appDb: quay.io/mongodb
 
registry
.initAppDb

Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database.

Specify this value if you want to pull the Application Database initContainer image from a private repository.

Example

registry:
  initAppDb: quay.io/mongodb
 
registry
.initOpsManager

Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager.

Specify this value if you want to pull the Ops Manager initContainer image from a private repository.

Example

registry:
  initOpsManager: quay.io/mongodb
 
registry
.operator

Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository.

Example

registry:
  operator: quay.io/mongodb
 
registry
.opsManager

Repository from which the Ops Manager image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository.

Example

registry:
  opsManager: quay.io/mongodb
 

Tip

Alternatively, you can pass these values as options when you apply the Helm Chart:

helm install <chart-name> helm_chart \
     --values helm_chart/values.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set namespace=<testNamespace>
5

Upgrade to the latest version of the Kubernetes Operator.

Invoke the following helm command to upgrade with modified pull policy values:

helm upgrade <chart-name> helm_chart \
     --values helm_chart/values.yaml \
     --set registry.pullPolicy=IfNotPresent
1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following oc command:

oc replace -f crds.yaml
3

Optional: Customize the Kubernetes Operator YAML before upgrading it.

  1. Open your mongodb-enterprise-openshift.yaml in your preferred text editor.

  2. You must add your <openshift-pull-secret> to the ServiceAccount definitions:

    ---
    # Source: mongodb-enterprise-operator/templates/serviceaccount.yaml
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: enterprise-operator
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-appdb
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: mongodb-enterprise-database-pods
    
      namespace: mongodb
    
    imagePullSecrets:
     - name: <openshift-pull-secret>
    
  3. You may need to add one or more of the following options:

Environment Variable Purpose
OPERATOR_ENV

Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

If OPERATOR_ENV is Log Level is set to Log Format is set to
dev debug text
prod info json

Accepted values are: dev, prod.

Default value is: prod.

You can set the following pair of values:

spec.template.spec.containers.name.env.name: OPERATOR_ENV
spec.template.spec.containers.name.env.value: prod

Example

spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: OPERATOR_ENV
          value: prod
WATCH_NAMESPACE

Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

* means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

Default value is: <metadata.namespace>.

Important

To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.

You can set the following pair of values:

spec.template.spec.containers.name.env.name: WATCH_NAMESPACE
spec.template.spec.containers.name.env.value: "<testNamespace>"

Example

spec:
  template:
    spec:
      serviceAccountName: enterprise-operator
      containers:
      - name: enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: WATCH_NAMESPACE
          value: "<testNamespace>"
MONGODB_ENTERPRISE_DATABASE_IMAGE

URL of the MongoDB Enterprise Database image the Kubernetes Operator deploys.

Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-database.

spec.template.spec.containers.name.env.name:
MONGODB_ENTERPRISE_DATABASE_IMAGE
spec.template.spec.containers.name.env.value:
registry.connect.redhat.com/mongodb/mongodb-enterprise-database

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
          value: registry.connect.redhat.com/mongodb/mongodb-enterprise-database
        - name: IMAGE_PULL_POLICY
          value: Always
IMAGE_PULL_POLICY

Pull policy for the MongoDB Enterprise database image the Kubernetes Operator deploys.

Accepted values are Always, IfNotPresent, Never.

Default value is Always.

spec.template.spec.containers.name.env.name:
IMAGE_PULL_POLICY
spec.template.spec.containers.name.env.value:
<policy>

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
          value: registry.connect.redhat.com/mongodb/mongodb-enterprise-database
        - name: IMAGE_PULL_POLICY
          value: Always
OPS_MANAGER_IMAGE_REPOSITORY

URL of the repository from which the image for an Ops Manager resource is downloaded.

Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager.

spec.template.spec.containers.name.env.name:
OPS_MANAGER_IMAGE_REPOSITORY
spec.template.spec.containers.name.env.value:
registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
spec:
  template:
    spec:
      serviceAccountName: enterprise-operator
      containers:
      - name: enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: OPS_MANAGER_IMAGE_REPOSITORY
          value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager
        - name: OPS_MANAGER_IMAGE_PULL_POLICY
          value: Always
OPS_MANAGER_IMAGE_PULL_POLICY

Pull policy for the image deployed to an Ops Manager resource.

Accepted values are Always, IfNotPresent, Never.

Default value is Always.

spec.template.spec.containers.name.env.name:
OPS_MANAGER_IMAGE_PULL_POLICY
spec.template.spec.containers.name.env.value:
<policy>

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
spec:
  template:
    spec:
      serviceAccountName: enterprise-operator
      containers:
      - name: enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: OPS_MANAGER_IMAGE_REPOSITORY
          value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager
        - name: OPS_MANAGER_IMAGE_PULL_POLICY
          value: Always
INIT_OPS_MANAGER_IMAGE_REPOSITORY

URL of the repository from which the initContainer image that contains Ops Manager start-up scripts and the readiness probe is downloaded.

Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init.

spec.template.spec.containers.name.env.name:
INIT_OPS_MANAGER_IMAGE_REPOSITORY
spec.template.spec.containers.name.env.value:
registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
          value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager-init
INIT_OPS_MANAGER_VERSION

Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe.

Default value is 1.0.1.

spec.template.spec.containers.name.env.name:
INIT_OPS_MANAGER_VERSION
spec.template.spec.containers.name.env.value:
1.0.1

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: INIT_OPS_MANAGER_VERSION
          value: 1.0.1
APPDB_IMAGE_REPOSITORY

URL of the repository from which the Application Database image is downloaded.

Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb.

spec.template.spec.containers.name.env.name:
APPDB_IMAGE_REPOSITORY
spec.template.spec.containers.name.env.value:
registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: APPDB_IMAGE_REPOSITORY
          value: registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb
INIT_APPDB_IMAGE_REPOSITORY

URL of the repository from which the initContainer image that contains Application Database start-up scripts and the readiness probe is downloaded.

Default value is registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb-init.

spec.template.spec.containers.name.env.name:
INIT_APPDB_IMAGE_REPOSITORY
spec.template.spec.containers.name.env.value:
registry.connect.redhat.com/mongodb/mongodb-enterprise-init-appdb

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: INIT_APPDB_IMAGE_REPOSITORY
          value: registry.connect.redhat.com/mongodb/mongodb-enterprise-init-appdb
INIT_APPDB_VERSION

Version of the initContainer image that contains Ops Manager start-up scripts and the readiness probe.

Default value is 1.0.3.

spec.template.spec.containers.name.env.name:
INIT_APPDB_VERSION
spec.template.spec.containers.name.env.value:
1.0.3

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: INIT_APPDB_VERSION
          value: 1.0.3
MANAGED_SECURITY_CONTEXT

Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages.

For OpenShift, MANAGED_SECURITY_CONTEXT must always be true.

Default value is true.

spec.template.spec.containers.name.env.name:
MANAGED_SECURITY_CONTEXT
spec.template.spec.containers.name.env.value:
true

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
spec:
  template:
    spec:
      serviceAccountName: mongodb-enterprise-operator
      containers:
      - name: mongodb-enterprise-operator
        image: <operatorVersionUrl>
        imagePullPolicy: <policyChoice>
        env:
        - name: MANAGED_SECURITY_CONTEXT
          value: true
4

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

oc patch opsmanagers/<opsmgr-resource-metadata.name> \
--patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
--type merge
5

Upgrade to the new version of the Kubernetes Operator.

Invoke the following oc command:

oc apply -f mongodb-enterprise-openshift.yaml
1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following oc command:

oc replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

oc patch opsmanagers/<opsmgr-resource-metadata.name> \
--patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
--type merge
4

Optional: Customize your Helm Chart before upgrading it.

You can customize your Helm Chart before upgrading it. To modify it, add one or more of the following options to the values-openshift.yaml file:

Setting Purpose Default
namespace

To use a different namespace, specify that namespace.

Example

# Name of the Namespace to use
namespace: mongodb
mongodb
managedSecurityContext

Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages.

For OpenShift, managedSecurityContext must always be true.

Example

# OpenShift manages security context on its own
managedSecurityContext: true
true
operator
.env

Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

If operator.env is Log Level is set to Log Format is set to
dev debug text
prod info json

Accepted values are: dev, prod.

Example

operator:
  # Execution environment for the operator, dev or prod.
  # Use dev for more verbose logging
  env: prod
prod
operator
.watchNamespace

Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

* means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

Example

operator:
  watchNamespace: *

Important

To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.

<metadata.namespace>
operator
.watchedResources

Custom resources that the Kubernetes Operator watches.

The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify.

Accepted values are:

Value Description
mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources.
mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources.
opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources.

Example

operator:
  watchedResources:
    - mongodbusers
    - mongodb
    - opsmanagers
  • mongodbusers
  • mongodb
  • opsmanagers
registry
.appDb

Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository.

Example

registry:
  appDb: registry.connect.redhat.com/mongodb
 
registry
.imagePullSecrets

secret that contains the credentials required to pull imagePullSecrets from the repository.

Important

OpenShift requires this setting. Define it in this file or pass it when you install the Kubernetes Operator using Helm.

Example

registry:
  imagePullSecrets: <openshift-pull-secret>
 
registry
.operator

Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository.

Example

registry:
  operator: registry.connect.redhat.com/mongodb
 
registry
.opsManager

Repository from which OpenShift pulls the Ops Manager image. Specify this value if you want to pull the Ops Manager image from a private repository.

Example

registry:
  opsManager: registry.connect.redhat.com/mongodb
 
registry
.initAppDb

Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database.

Specify this value if you want to pull the Application Database initContainer image from a private repository.

Example

registry:
  initAppDb: registry.connect.redhat.com/mongodb
 
registry
.initOpsManager

Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager.

Specify this value if you want to pull the Ops Manager initContainer image from a private repository.

Example

registry:
  initOpsManager: registry.connect.redhat.com/mongodb
 

Tip

Alternatively, you can pass these values as options when you apply the Helm Chart:

helm install <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set registry.imagePullSecrets=<openshift-pull-secret> \
     --set namespace=<testNamespace>
5

Upgrade the Kubernetes Operator.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following helm command:

helm upgrade <chart-name> helm_chart \
      --values helm_chart/values-openshift.yaml

To upgrade the Kubernetes Operator on a host not connected to the Internet:

1

Change to the directory in which you cloned the repository.

2

Upgrade the CustomResourceDefinitions for MongoDB deployments.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following oc command:

oc replace -f crds.yaml
3

If all of the following are true, provide the name of the ConfigMap for your TLS CA with the spec.security.tls.ca setting:

  • You secure your Ops Manager deployment using TLS certificates.
  • You sign your TLS certificates using a custom CA.
  • You want to upgrade the Kubernetes Operator from a version earlier than 1.7.1 to version 1.7.1 or later.

Use the following command to add the spec.security.tls.ca setting to your Ops Manager resource definition:

oc patch opsmanagers/<opsmgr-resource-metadata.name> \
--patch '{"spec": {"security": {"tls": {"ca": "<ca-configmap>"}}}}' \
--type merge
4

Optional: Customize your Helm Chart before upgrading it.

You can customize your Helm Chart before upgrading it. To modify it, add one or more of the following options to the values-openshift.yaml file:

Setting Purpose Default
namespace

To use a different namespace, specify that namespace.

Example

# Name of the Namespace to use
namespace: mongodb
mongodb
managedSecurityContext

Flag that determines if the Kubernetes Operator inherits the securityContext settings that your Kubernetes cluster manages.

For OpenShift, managedSecurityContext must always be true.

Example

# OpenShift manages security context on its own
managedSecurityContext: true
true
operator
.env

Label for the Operator’s deployment environment. The env value affects default timeouts and the format and level of logging.

If operator.env is Log Level is set to Log Format is set to
dev debug text
prod info json

Accepted values are: dev, prod.

Example

operator:
  # Execution environment for the operator, dev or prod.
  # Use dev for more verbose logging
  env: prod
prod
operator
.watchNamespace

Namespace that the Operator watches for MongoDB Kubernetes resource changes. If this namespace differs from the default, ensure that the Operator’s ServiceAccount can access that different namespace.

* means all namespaces and requires the ClusterRole assigned to the mongodb-enterprise-operator ServiceAccount which is the ServiceAccount used to run the Kubernetes Operator.

Example

operator:
  watchNamespace: *

Important

To watch Ops Manager and MongoDB Kubernetes resources in a different namespace to which you deploy the Kubernetes Operator, see Kubernetes Operator Deployment Scopes for values you must use and additional steps you might have to perform.

<metadata.namespace>
operator
.watchedResources

Custom resources that the Kubernetes Operator watches.

The Kubernetes Operator installs the CustomResourceDefinitions for and watches only the resources you specify.

Accepted values are:

Value Description
mongodb Install the CustomResourceDefinitions for the database resources and also watch those resources.
mongodbusers Install the CustomResourceDefinitions for the MongoDB user resources and also watch those resources.
opsmanagers Install the CustomResourceDefinitions for the Ops Manager resources and also watch those resources.

Example

operator:
  watchedResources:
    - mongodbusers
    - mongodb
    - opsmanagers
  • mongodbusers
  • mongodb
  • opsmanagers
registry
.appDb

Repository from which the Application Database image is pulled. Specify this value if you want to pull the Ops Manager image from a private repository.

Example

registry:
  appDb: registry.connect.redhat.com/mongodb
 
registry
.imagePullSecrets

secret that contains the credentials required to pull imagePullSecrets from the repository.

Important

OpenShift requires this setting. Define it in this file or pass it when you install the Kubernetes Operator using Helm.

Example

registry:
  imagePullSecrets: <openshift-pull-secret>
 
registry
.operator

Repository from which the Kubernetes Operator image is pulled. Specify this value if you want to pull the Kubernetes Operator image from a private repository.

Example

registry:
  operator: registry.connect.redhat.com/mongodb
 
registry
.opsManager

Repository from which OpenShift pulls the Ops Manager image. Specify this value if you want to pull the Ops Manager image from a private repository.

Example

registry:
  opsManager: registry.connect.redhat.com/mongodb
 
registry
.initAppDb

Repository from which the Application Database initContainer image is pulled. This image contains the start-up scripts and readiness probe for the Application Database.

Specify this value if you want to pull the Application Database initContainer image from a private repository.

Example

registry:
  initAppDb: registry.connect.redhat.com/mongodb
 
registry
.initOpsManager

Repository from which the Ops Manager initContainer image is pulled. This image contains the start-up scripts and readiness probe for Ops Manager.

Specify this value if you want to pull the Ops Manager initContainer image from a private repository.

Example

registry:
  initOpsManager: registry.connect.redhat.com/mongodb
 

Tip

Alternatively, you can pass these values as options when you apply the Helm Chart:

helm install <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set registry.imagePullSecrets=<openshift-pull-secret> \
     --set namespace=<testNamespace>
5

Upgrade the latest version of the Kubernetes Operator.

OpenShift 3.11 or earlier

If you run OpenShift 3.11 or earlier, you must first manually edit the CustomResourceDefinitions to remove subresources. In each CustomResourceDefinition, remove the following option:

spec:
  subresources:
    status: {}

Invoke the following helm command with modified pull policy values:

helm upgrade <chart-name> helm_chart \
     --values helm_chart/values-openshift.yaml \
     --set registry.pullPolicy=IfNotPresent \
     --set registry.imagePullSecrets=<openshift-pull-secret>

To troubleshoot your Kubernetes Operator, see Review Logs from the Kubernetes Operator.

Important

If you need to remove the Kubernetes Operator or the namespace, you first must remove MongoDB resources.