Release Notes for MongoDB Enterprise Kubernetes Operator¶
On this page
- MongoDB Enterprise Kubernetes Operator 1.9 Series
- MongoDB Enterprise Kubernetes Operator 1.8 Series
- MongoDB Enterprise Kubernetes Operator 1.7 Series
- MongoDB Enterprise Kubernetes Operator 1.6 Series
- MongoDB Enterprise Kubernetes Operator 1.5 Series
- MongoDB Enterprise Kubernetes Operator 1.4 Series
- MongoDB Enterprise Kubernetes Operator 1.3 Series
- MongoDB Enterprise Kubernetes Operator 1.2 Series
- MongoDB Enterprise Kubernetes Operator 1.1 Series
- MongoDB Enterprise Kubernetes Operator 1.0 Series
- MongoDB Enterprise Kubernetes Operator Beta Series
MongoDB Enterprise Kubernetes Operator 1.9 Series¶
MongoDB Enterprise Kubernetes Operator 1.9.2¶
Released 2020-02-05
MongoDBOpsManager
Resource¶
Known Issues¶
- You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
New Images¶
mongodb-enterprise-operator:1.9.2
You can find all images in the following registries:
- Ubuntu-based images: https://quay.io/repository/mongodb
- RHEL-based images: https://catalog.redhat.com/software/containers/mongodb/enterprise-operator/5b8052d069aea356ff258479
MongoDB Enterprise Kubernetes Operator 1.9.1¶
Released 2020-01-15
Kubernetes Operator¶
Bug Fixes¶
- Fixes an issue where you could not specify the
service-account-name
in the StatefulSetpodSpec
override. - Removes the unnecessary
delete service
permission from Operator role.
MongoDB
Resource¶
Bug Fixes¶
- Fixes an issue where removing the
privileges
array inspec.security.roles
caused the resource to enter a bad state.
MongoDBOpsManager
Resource¶
Breaking Changes
This release introduces:
- A new Application Database image,
mongodb-enterprise-appdb:10.2.15.5958-1_4.2.11-ent
. The image includes MongoDB4.2.11-ent
instead of4.2.2-ent
. You must push the new image to any private repositories that your Kubernetes Operator installation uses, otherwise theMongoDBOpsManager
resource won’t start. - A new required environment variable,
APPDB_AGENT_VERSION
. If you don’t setAPPDB_AGENT_VERSION
, theMongoDBOpsManager
resource can’t fetch the MongoDB Agent version for the Application Database.
Known Issues¶
- You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
Changes¶
- The Ops Manager user now has backup, restore and hostManager roles, allowing for backups and restores on the Application Database.
- If you omit
spec.applicationDatabase.version
, the Kubernetes Operator uses4.2.11-ent
as the default MongoDB version.
New Images¶
mongodb-enterprise-operator:1.9.1
mongodb-enterprise-appdb:10.2.15.5958-1_4.2.11-ent
mongodb-enterprise-init-appdb:1.0.2
mongodb-enterprise-init-database:1.0.6
You can find all images in the following registries:
- Ubuntu-based images: https://quay.io/repository/mongodb
- RHEL-based images: https://catalog.redhat.com/software/containers/mongodb/enterprise-operator/5b8052d069aea356ff258479
MongoDB Enterprise Kubernetes Operator 1.9.0¶
Released 2020-12-08
Kubernetes Operator¶
Bug Fixes¶
- Fixes an issue where the Kubernetes Operator didn’t close connections to Ops Manager, causing too many open file descriptors.
MongoDB
Resource¶
Changes¶
You can now configure continuous backup for a MongoDB database resource in its CustomResourceDefinition.
Note
To enable continuous backup in the MongoDB CustomResourceDefinition, you must
enable backup
in an Ops Manager instance that you deployed using the Kubernetes Operator.
MongoDBOpsManager
Resource¶
Known Issues¶
- You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
Changes¶
When you upgrade the Kubernetes Operator to this version, the Kubernetes Operator deletes and re-creates the Backup Daemon statefulset.
This is a safe operation.
The new Kubernetes service that enables Queryable Backups requires a change to the
matchLabels
Backup Daemon StatefulSet attribute.The Kubernetes Operator changes the way it collects the status of MongoDB Agents in Application Database Pods.
New Images¶
mongodb-enterprise-operator:1.9.0
You can find all images in the following registries:
- Ubuntu-based images: https://quay.io/repository/mongodb
- RHEL-based images: https://catalog.redhat.com/software/containers/mongodb/enterprise-operator/5b8052d069aea356ff258479
MongoDB Enterprise Kubernetes Operator 1.8 Series¶
MongoDB Enterprise Kubernetes Operator 1.8.2¶
Released 2020-11-16
Known Issues¶
- You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
Bug Fix¶
Fixes an issue where the Ops Manager resource would reach a Failing
state when both spec.externalConnectivity
and
spec.backup.enabled
were enabled.
MongoDB Enterprise Kubernetes Operator 1.8.1¶
Released 2020-11-13
Known Issues¶
- You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
- When both
spec.externalConnectivity
andspec.backup.enabled
are enabled in Ops Manager at the same time, the Ops Manager resource fails to reconcile.
Bug Fixes¶
- Fixes a bug where
spec.security.authentication.ignoreUnknownUsers
could not be modified after creating a MongoDB resource. - Fixes failed queryable backups. The Kubernetes Operator now creates a Kubernetes Service that Ops Manager uses to access backups.
- Fixes an issue that made it impossible to move from non-TLS to a TLS-enabled Application Database.
Improvements¶
- Init containers do not run as root.
- Ops Manager Backup daemon runs in unprivileged mode.
- To manage Database Pod resources, use the
spec.podSpec.podTemplate
MongoDB Custom Resource attribute. For an example resource definition of each supported type, see the samples/mongodb/podspec directory. The following attributes are deprecated:
New Images¶
Init-database 1.0.1 | Ubi | Ubuntu |
---|---|---|
Init-ops-manager 1.0.3 | Ubi | Ubuntu |
Init-appdb 1.0.5 | Ubi | Ubuntu |
New Ops Manager Images¶
Version 4.4.5 | Ubi | Ubuntu |
---|---|---|
Version 4.2.21 | Ubi | Ubuntu |
Version 4.2.20 | Ubi | Ubuntu |
For a list of the packages installed and any security vulnerabilities detected in the build process, see the Quay repository for the MongoDB Enterprise Operator and the MongoDB Enterprise Database.
MongoDB Enterprise Kubernetes Operator 1.8.0¶
Released 2020-09-30
Breaking Changes
The MongoDB Enterprise Database image now requires an init container.
If you are using a private repository, you must set the INIT_DATABASE_IMAGE_REPOSITORY
environment variable in the Operator deployment, and the new
init container must exist inside this repository.
MongoDB Resource Changes¶
- Introduces new configuration fields:
spec.security.authentication.requireClientTLSAuthentication
for using the MongoDB Agent client certificate authentication in conjunction with any other authentication mechanism.spec.security.authentication.agents.clientCertificateSecretRef
for configuring the client TLS certificate used by the MongoDB Agent when enabling ClientTLSAuthentication.
- Changes the default permissions of volumes created from secrets from
0644
to0640
.
Ops Manager Resource Changes¶
- Allows the Application Database to be configured with SCRAM-SHA-256 authentication when using Ops Manager 4.4 or newer version.
- Changes the validation of the Ops Manager
spec.version
field to allow for tags that do not match the semver requirements. Thespec.version
field must start with theMajor.Minor.Patch
string that represents the Ops Manager version. To learn more about this field, see Ops Manager Resource Specification.
Bug Fixes¶
- Fixes an issue that caused the Operator to choose an incorrect project name when creating MongoDB users.
- Fixes an issue that caused the MongoDB Ops Manager CRD to have the CA path in the incorrect location.
- Fixes a bug where the MongoDB Agent could not correctly recognize the
parameters that passed through
spec.agent.startupOptions
. - Fixes an issue that could cause potential deadlock when certain configuration options are modified in parallel.
Known Issues¶
You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
When you enable queryable backup, you must manually create two additional services for:
- Exposing the queryable backup port (default: 25999) for the Ops Manager pod.
- The Backup Daemon pod, to ensure that it is resolvable from the Ops Manager pod.
If you deploy Ops Manager in local mode and upgrade from v4.4.1, you must upgrade the MongoDB tools located in the
automation.versions.directory
, which defaults to/mongodb-ops-manager/mongodb-releases/
.
MongoDB Enterprise Kubernetes Operator 1.7 Series¶
MongoDB Enterprise Kubernetes Operator 1.7.1¶
Released 2020-09-02
MongoDB Resource Changes¶
- Supports setting the Distinguished Name (DN) of the LDAP group to
which the MongoDB Agent user belongs with the
spec.security.authentication.ldap.automationLdapGroupDN
setting. - Requires you to provide
spec.security.authentication.agents.mode
if you specify more than one mode inspec.security.authentication.modes
. - Supports setting MongoDB Agent startup parameters for MongoDB Database
resources with the following settings:
spec.applicationDatabase.agent.startupOptions
spec.agent.startupOptions
spec.configSrv.agent.startupOptions
spec.mongos.agent.startupOptions
spec.shard.agent.startupOptions
Bug Fixes¶
- Ops Manager resources:
- Fixes a bug where you could not enable
SCRAM-SHA
authentication for application database resources using certain MongoDB versions with Ops Manager 4.4. - Fixes a bug where application database monitoring was not correctly configured in Ops Manager when you enabled TLS for the application database.
- Fixes a bug to move the Ops Manager CA configuration from
spec.applicationDatabase.security.tls.ca
tospec.security.tls.ca
.
- Fixes a bug where you could not enable
- MongoDB resources:
- Fixes a bug that prevented you from increasing or decreasing the number of members in a replica set or a sharded cluster by more than one member at a time for MongoDB 4.4 deployments.
- Fixes an issue where the Kubernetes Operator could not enable agent
authentication if you enabled
LDAP
authentication for a MongoDB resource. - Fixes an issue where you could not create
SCRAM
users and enableSCRAM
authentication in any order for a MongoDB resource. - Fixes an issue where the Kubernetes Operator did not remove the backup automation configuration before starting the agent on a MongoDB resource Pod.
Known Issues¶
If you enable TLS on the application database, you must not provide the
spec.applicationDatabase.version
field in an Ops Manager resource definition.You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
When you upgrade to the Kubernetes Operator 1.7.1, you might have to delete the
mongodb-enterprise-operator
deployment due to deployment configuration changes.This is a safe operation. Deleting the
mongodb-enterprise-operator
pod does not affect the MongoDB custom resources.If you use TLS certificates signed by a custom CA, you must:
- Omit the
spec.version.applicationDatabase
setting from your Ops Manager resource definition, and - Deploy Ops Manager in local mode. You must manually copy installation archives for all MongoDB versions you want to use to a Persistent Volume for the Ops Manager StatefulSet.
- Omit the
MongoDB Enterprise Kubernetes Operator 1.7.0¶
Released 2020-08-14
Final Release with OpenShift 3.11 Support
Kubernetes Operator 1.7.x is the final minor version release series that supports OpenShift 3.11. Do not upgrade to any future major or minor version releases if you want to continue to deploy the Kubernetes Operator using OpenShift 3.11.
The planned end of life for the Kubernetes Operator 1.7.x release series is July 2021.
Docker Image Changes¶
- All Kubernetes Operator Red Hat Docker images are now based on UBI 8. In the previous release, Kubernetes Operator Red Hat Docker images were based on UBI 7.
MongoDB Resource Changes¶
- Supports LDAP as an authorization mechanism for MongoDB database resources you deploy with the Kubernetes Operator. For more information, see the sample LDAP configurations on GitHub
Bug Fixes¶
- Fixes a bug that prevented scaling down a replica set from three members to one member.
Known Issues¶
- Ops Manager cannot monitor Application Databases secured using TLS.
- For MongoDB 4.4 deployments, you can increase or decrease the number of members in a replica set or a sharded cluster by only one member at a time.
MongoDB Enterprise Kubernetes Operator 1.6 Series¶
MongoDB Enterprise Kubernetes Operator 1.6.1¶
Released 2020-07-30
Ops Manager Resource Changes¶
- Ops Manager image for version 4.4.0 is available.
Docker Image Changes¶
The Red Hat
database
andoperator
Docker images are now based on the latest UBI 7 release. Two high criticality issues have been resolved.The following Docker images have been released:
Image Type Ubuntu 16.04 Red Hat UBI 7 Kubernetes Operator quay.io/mongodb/mongodb-enterprise-operator:1.6.1 quay.io/mongodb/mongodb-enterprise-operator-ubi:1.6.1 MongoDB Database quay.io/mongodb/mongodb-enterprise-database:1.6.1 quay.io/mongodb/mongodb-enterprise-database-ubi:1.6.1 Ops Manager quay.io/mongodb/mongodb-enterprise-ops-manager:4.4.0 quay.io/mongodb/mongodb-enterprise-ops-manager-ubi:4.4.0
Bug Fixes¶
- Fixes a bug where the Kubernetes Operator did not store a configuration of your deployed resources in a secret.
- Fixes a bug where the Kubernetes Operator did not allow passwords of any length or complexity for Application Database, oplog store, and blockstore database resources defined in Ops Manager resources.
- Fixes a bug where the authentication configuration was not removed from Ops Manager or Cloud Manager projects when you remove a MongoDB database resource.
MongoDB Enterprise Kubernetes Operator 1.6.0¶
Released 2020-07-16
MongoDB Resource Changes¶
Supports LDAP as an authentication mechanism for MongoDB database resources you deploy with the Kubernetes Operator. For more information, see the sample LDAP configurations on GitHub.
Note
LDAP authorization is not yet supported.
Kubernetes Operator Changes¶
- Preserves backup history by retaining Ops Manager cluster records when you enable backup.
Bug Fixes¶
- Fixes a bug that prevented the Kubernetes Operator from raising errors when
a
projectName
contained spaces. - Fixes a bug that prevented Ops Manager to monitor for all MongoDB database resources that you deploy with the Kubernetes Operator.
MongoDB Enterprise Kubernetes Operator 1.5 Series¶
MongoDB Enterprise Kubernetes Operator 1.5.5¶
Released 2020-07-02
MongoDB Resource Changes¶
- Provides additional options for more granular configuration of
mongod
/mongos
processes. You can find an example of how to apply these options in the/samples/mongodb/mongodb-options
file of the MongoDB Enterprise Kubernetes Operator repository.
Bug Fixes¶
- Fixes a bug introduced in 1.5.4 where MongoDB Enterprise Kubernetes Operator would not tag projects correctly when working on Ops Manager versions older than 4.2.2. In this version, MongoDB Enterprise Kubernetes Operator tags the projects correctly.
MongoDB Enterprise Kubernetes Operator 1.5.4¶
Released 2020-06-22
MongoDB Resource Changes¶
- Allows modification of authentication settings using the Cloud Manager or Ops Manager UI if
the
spec.security.authentication
setting is not provided in the MongoDB resource object definition.
Kubernetes Operator Changes¶
- Supports Helm installation with
helm install
in addition tohelm template | kubectl apply
.helm install
is now the recommended way to install with Helm. - Supports configuring the MongoDB Agent authentication mechanism independently from the cluster authentication mechanism.
- Supports configuring monitoring for the Application Database to send metrics to Ops Manager. To learn more about the monitoring function of the MongoDB Agent, see MongoDB Agent.
Bug Fixes¶
- Fixes a bug that affected transitioning authentication mechanisms from X.509 to SCRAM.
- Fixes a bug that prevented the MongoDB Agent from reaching a goal state if SCRAM configuration was changed in the Ops Manager UI.
MongoDB Enterprise Kubernetes Operator 1.5.3¶
Released 2020-05-29
Kubernetes Operator Changes¶
Passes Ops Manager and MongoDB deployment configuration properties as Secret environment variables.
Bug Fixes¶
- Correctly configures shutdown timeouts for Ops Manager and the Backup Daemon.
- Fixes an issue where Kubernetes Operator-watched Secrets and ConfigMaps triggered unnecessary reconciliations.
- Fixes an issue where the status of custom resources failed to update in OpenShift 3.11.
MongoDB Enterprise Kubernetes Operator 1.5.2¶
Released 2020-05-08
Ops Manager Resource Changes¶
- Runs Ops Manager and Backup Daemon pods under a dedicated service account.
Kubernetes Operator Changes¶
- Can configure the Kubernetes Operator to watch a subset of provided CustomResourceDefinitions. You can find more information in the documentation.
- Can generate CustomResourceDefinitions without using subresources. Some versions of
Openshift 3.11 require this capability. To avoid using subresources,
use
--set subresourceEnabled=false
when installing the Kubernetes Operator with helm.
Bug Fixes¶
- Fixes setting the
spec.statefulSet
andspec.backup.statefulSet
fields on theMongoDBOpsManager
Resource. - Fixes an issue that requires a restart of the Kubernetes Operator during setup of webhook.
- Fixes an issue that could make an Ops Manager resource to reach an unrecoverable state if the provided admin password has insufficient strength.
MongoDB Enterprise Kubernetes Operator 1.5.1¶
Released 2020-04-30
Deprecates the generation of TLS certificates by the Kubernetes Operator. If you use Kubernetes Operator-generated certificates, warning messages now appear in the Kubernetes Operator logs. To configure secure deployments, see Secure a Database Resource.
Bug Fixes¶
Fixes an issue where, when no authentication is configured by the
Kubernetes Operator, the Kubernetes Operator disables authentication in Cloud Manager or Ops Manager.
The Kubernetes Operator no longer disables authentication unless you
explicitly set spec.security.authentication.enabled
to
false
.
Known Issues¶
When you configure the
spec.statefulSet.spec
and
spec.backup.statefulSet.spec
settings of the
MongoDBOpsManager resource, you can only
configure the spec.statefulSet.spec.template
and
spec.backup.statefulSet.spec.template
fields. Any other
spec.statefulSet.spec
or
spec.backup.statefulSet.spec
field has no effect.
MongoDB Enterprise Kubernetes Operator 1.5.0¶
Released 2020-04-24
Kubernetes Operator Changes¶
Adds the ability to start the Kubernetes Operator with some but not all
MongoDB CustomResourceDefinitions installed. Administrators can specify the container
argument watch-resource
to limit the Kubernetes Operator to deploy either
MonogDB instances or Ops Manager, or both.
Breaking Changes
Adds the following new Kubernetes Operator configuration properties:
INIT_OPS_MANAGER_IMAGE_REPOSITORY
INIT_APPDB_IMAGE_REPOSITORY
APPDB_IMAGE_REPOSITORY
When using a private docker registry, these properties must point to the relevant registries after you copy the images from the MongoDB distribution channels.
MongoDB Resource Changes¶
- Increases support for custom TLS certificates with the
spec.security.tls.secretRef
andspec.security.tls.ca
configuration settings. - Deprecates TLS certificate generation by the Kubernetes Operator. Migrating to custom TLS certificates is recommended.
Ops Manager Resource Changes¶
- Releases the MongoDBOpsManager resource as Generally Available (GA). MongoDB now supports using the Kubernetes Operator to deploy Ops Manager resources to Kubernetes in production environments.
- Supports Backup Blockstore Snapshot Stores.
- Defaults to the Application Database as a metadata database for Backup S3 Snapshot Stores.
- Supports
spec.jvmParameters
andspec.backup.jvmParameters
to add or override JVM parameters in Ops Manager and Backup Daemon processes. - Automatically configures Ops Manager and Backup Daemon JVM memory parameters based on pod memory availability.
- Supports TLS for Ops Manager and the Application Database.
- Adds more detailed information to the
status
field. - Supports Ops Manager Local Mode for
MongoDBOpsManager
resources with multiple replicas by enabling users to specifyPersistentVolumeClaimTemplates
inspec.statefulSet.spec
. - Implements a new image versioning scheme.
- Known Issue: To enable S3
Snapshot stores in Ops Manager 4.2.10 and 4.2.12, you must set
brs.s3.validation.testing: disabled
in thespec.configuration
property of your Ops Manager resource specification.
Breaking Changes
- Removes the
spec.podSpec
configuration setting. Usespec.statefulSet.spec
instead. - Removes the
spec.backup.podSpec
configuration setting. Usespec.backup.statefulSet.spec
instead.
See the sample YAML files for new feature usage examples.
MongoDB Enterprise Kubernetes Operator 1.4 Series¶
MongoDB Enterprise Kubernetes Operator 1.4.5¶
Fixes CVE-2020-7922: Kubernetes Operator generates potentially insecure certificates.
CVE Description¶
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Kubernetes Operator to generate their X.509 certificates are unaffected.
Common Weakness Enumeration¶
CWE-295: Improper Certificate Validation CVSS score: 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Versions¶
- 1.0, 1.1
- 1.2.0 - 1.2.4
- 1.3.0 - 1.3.1
- 1.4.0 - 1.4.4
Fixed Versions¶
- 1.2.5
- 1.4.5 and above
MongoDB Enterprise Kubernetes Operator 1.4.4¶
MongoDB Resource Changes¶
Supports changes in the Cloud Manager API.
Ops Manager Resource Changes (Beta Release)¶
- Properly terminates resources with a termination hook.
- Implements stricter validations.
Bug Fixes¶
- MongoDB resources:
- Fixes an issue when working with Ops Manager with custom HTTPS certificates.
MongoDB Enterprise Kubernetes Operator 1.4.3¶
Released 2020-02-24
MongoDB Resource Changes¶
- Adds support for sidecars for MongoDB Kubernetes resource pods using the
spec.podSpec.podTemplate
setting. - Allows users to change the
PodSecurityContext
to allow privileged sidecar containers.
Ops Manager Resource Changes (Beta Release)¶
- Adds the
spec.podSpec
configuration settings for Ops Manager, the Backup Daemon, and the Application Database. See Ops Manager Resource Specification. - Ops Manager image for version 4.2.8 is available.
Bug Fixes¶
- MongoDB resources:
- Fixes potential race conditions when deleting MongoDB Kubernetes resources.
- Ops Manager resources:
- Supports the
spec.clusterDomain
setting for Ops Manager and Application Database resources. - No longer starts monitoring and backup processes for the Application Database.
- Supports the
See the sample YAML files for new feature usage examples.
MongoDB Enterprise Kubernetes Operator 1.4.2¶
Released 2020-01-24
MongoDB Resource Changes¶
- Runs MongoDB database Kubernetes pods under a dedicated Kubernetes service
account:
mongodb-enterprise-database-pods
. - Adds the
spec.podSpec.podTemplate
setting, which allows you to apply templates to Kubernetes pods that the Kubernetes Operator generates for each database StatefulSet. - Renames the
spec.clusterName
setting tospec.clusterDomain
.
Ops Manager Resource Changes (Beta Release)¶
- Adds offline mode support for the Application
Database. Bundles MongoDB Enterprise version 4.2.2 with the
Application Database image. Internet access is not required to
install the application database if
spec.applicationDatabase.version
is set to"4.2.2-ent"
or omitted. - Renames the
spec.clusterName
setting tospec.clusterDomain
. - Ops Manager images for versions 4.2.6 and 4.2.7 are available.
Bug Fixes¶
- MongoDB resources:
- Fixes the order of sharded cluster component creation.
- Allows TLS to be enabled on Amazon EKS.
- Ops Manager resources:
- Enables the Kubernetes Operator to use the
spec.clusterDomain
setting.
- Enables the Kubernetes Operator to use the
See the sample YAML files for new feature usage examples.
MongoDB Enterprise Kubernetes Operator 1.4.1¶
Released 2019-12-13
- Includes CVE fixes and RHSA security fixes.
- Fixes an issue that prevented backup from starting on MongoDB 4.0.
MongoDB Enterprise Kubernetes Operator 1.4.0¶
Released 2019-12-09
MongoDB Resource Changes¶
- Adds split horizon DNS support for MongoDB replica sets, which allows clients to connect to a replica set from outside of the Kubernetes cluster.
- Supports requests for Kubernetes Operator-generated certificates for additional certificate domains, which makes them valid for the specified subdomains.
Ops Manager Resource Changes (Beta Release)¶
- Promotes the
MongoDBOpsManager
resource to Beta. Ops Manager version 4.2.4 is available. - Supports Backup and restore in Kubernetes Operator-deployed Ops Manager
instances. This is a semi-automated process that deploys everything
you need to enable backups in Ops Manager. You can enable Backup by
setting the
spec.backup.enabled
setting in the Ops Manager custom resource. You can configure the Head Database, Oplog Store, and S3 Snapshot Store by using theMongoDBOpsManager
resource specification. - Supports access to Ops Manager from outside the Kubernetes
cluster through the
spec.externalConnectivity
setting. - Enables SCRAM-SHA-1 authentication on Ops Manager’s Application Database by default.
- Adds support for OpenShift (Red Hat UBI Images).
For more information on how to enable new features, see the sample YAML files in the samples directory.
Bug Fixes¶
- Improves overall stability of X.509 user management.
MongoDB Enterprise Kubernetes Operator 1.3 Series¶
MongoDB Enterprise Kubernetes Operator 1.3.1¶
Released 2019-11-08
Important
This release introduces significant changes that may not be compatible with previous deployments or resource configurations. Read Migrate to One Resource per Project (Required for Version 1.3.0) before upgrading the Kubernetes Operator.
MongoDB Resource Changes¶
- Requires one MongoDB resource per Ops Manager project. If you
have more than one MongoDB resource in a project, all resources will
change to a
Pending
status and the Kubernetes Operator won’t perform any changes on them. The existing MongoDB databases will still be accessible. You must migrate to one resource per project. - Supports
SCRAM-SHA
authentication mode. See the MongoDB Enterprise Kubernetes Operator GitHub repository for examples. - Requires that the project (ConfigMap) and credentials (secret) referenced from a MongoDB resource be in the same namespace.
- Adds OpenShift installation files (YAML file and Helm chart configuration).
Ops Manager Resource Changes (Alpha Release)¶
- Supports highly available Ops Manager resources by introducing the
spec.replicas
setting. - Runs Pods as a non-root user.
MongoDB Enterprise Kubernetes Operator 1.3.0¶
Released 2019-10-25
Important
This release introduces significant changes that may not be compatible with previous deployments or resource configurations. Read Migrate to One Resource per Project (Required for Version 1.3.0) before installing or upgrading the Kubernetes Operator.
Specification Schema Changes¶
- Moves to a one cluster per project configuration. This follows the warnings introduced in a previous version of the operator. The operator now requires each cluster to be contained within a new project.
- Authentication settings are now contained within the security section of the MongoDB resource specification rather than the project ConfigMap.
- Replaces the
project
field with thespec.opsManager.configMapRef.name
orspec.cloudManager.configMapRef.name
fields. - User resources now refer to MongoDB resources rather than project ConfigMaps.
- No longer requires
data.projectName
in the project ConfigMap. The name of the project defaults to the name of the MongoDB resource in Kubernetes.
Ops Manager Resource Changes (Alpha Release)¶
This release introduces signficant changes to the Ops Manager resource’s architecture. The Ops Manager application database is now managed by the Kubernetes Operator, not by Ops Manager.
Bug Fixes¶
- Stops unnecessary recreation of NodePorts.
- Fixes logging so it’s always in JSON format.
- Sets
USER
in the Kubernetes Operator Docker image.
MongoDB Enterprise Kubernetes Operator 1.2 Series¶
MongoDB Enterprise Kubernetes Operator 1.2.5¶
Fixes CVE-2020-7922: Kubernetes Operator generates potentially insecure certificates.
CVE Description¶
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Kubernetes Operator to generate their X.509 certificates are unaffected.
Common Weakness Enumeration¶
CWE-295: Improper Certificate Validation CVSS score: 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Versions¶
- 1.0, 1.1
- 1.2.0 - 1.2.4
- 1.3.0 - 1.3.1
- 1.4.0 - 1.4.4
Fixed Versions¶
- 1.2.5
- 1.4.5 and above
MongoDB Enterprise Kubernetes Operator 1.2.4¶
Released 2019-10-02
- Increases stability of Sharded Cluster deployments.
- Improves internal testing infrastructure.
MongoDB Enterprise Kubernetes Operator 1.2.3¶
Released 2019-09-13
- Update: The MongoDB Enterprise Kubernetes Operator will remove support for multiple clusters per project in a future release. If a project contains more than one cluster, a warning will be added to the status of the MongoDB Resources. Additionally, any new cluster being added to a non-empty project will result in a Failed state, and won’t be processed.
- Fix: The overall stability of the operator has been improved. The operator is now more conservative in resource updates both on Kubernetes and Cloud Manager or Ops Manager.
MongoDB Enterprise Kubernetes Operator 1.2.2¶
Released 2019-08-30
- Security Fix: Clusters configured by Kubernetes Operator versions
1.0 through 1.2.1 used an insufficiently strong keyfile for internal
cluster authentication between
mongod
processes. This only affects clusters which are using X.509 for user authentication, but are not using X.509 for internal cluster authentication. Users are advised to upgrade to version 1.2.2, which will replace all managed keyfiles. - Security Fix: Clusters configured by Kubernetes Operator versions 1.0
through 1.2.1 used an insufficiently strong password to authenticate
the MongoDB Agent. This only affects clusters which have been manually
configured to enable
SCRAM-SHA-1
, which is not a supported configuration. Users are advised to upgrade to version 1.2.2, which will reset these passwords.
MongoDB Enterprise Kubernetes Operator 1.2.1¶
Released 2019-08-23
- Fix: The Kubernetes Operator no longer recreates CSRs when X.509 authentication is enabled and the approved CSRs have been deleted.
- Fix: If the
OPERATOR_ENV
environment variable is set to something unrecognized by the Kubernetes Operator, it will no longer result in aCrashLoopBackOff
of the pod. A default value ofprod
is used. - The Kubernetes Operator now supports more than 100 agents in a given project.
MongoDB Enterprise Kubernetes Operator 1.2.0¶
Released 2019-08-13
GA Release¶
- Adds a readinessprobe to the MongoDB Pods to improve the reliability of rolling upgrades.
Alpha Release¶
This feature is an alpha release. It is not ready for production use.
- Can use the Kubernetes Operator to manage Ops Manager 4.2. To
deploy an |onprem| instance,
you use a new resource:
MongoDBOpsManager
.
MongoDB Enterprise Kubernetes Operator 1.1 Series¶
MongoDB Enterprise Kubernetes Operator 1.1¶
Released 2019-07-19
- Fix: Adds sample yaml files, in particular, the attribute related to featureCompatibilityVersion.
- Fix: TLS can be disabled in a deployment.
- Improvement: Adds script in the support directory that can gather information of your MongoDB resources in Kubernetes.
- Improvement: In a TLS environment, the Kubernetes Operator can use a custom CA. All the certificates must be passed as secret objects.
MongoDB Enterprise Kubernetes Operator 1.0 Series¶
MongoDB Enterprise Kubernetes Operator 1.0¶
Released 2019-06-18
- Supports Kubernetes v1.11 or later.
- Provisions any kind of MongoDB deployment in the Kubernetes Cluster of your Organization:
- Configures TLS on the MongoDB deployments and encrypt all traffic. Hosts and clients can verify each other’s identities.
- Manages MongoDB users.
- Supports X.509 authentication to your MongoDB databases.
See also
To learn how to install and configure the Operator, see Install and Configure the Kubernetes Operator.
Questions about the Kubernetes Operator GA release
If you have any questions regarding this release, use the #enterprise-kubernetes Slack channel.
MongoDB Enterprise Kubernetes Operator Beta Series¶
MongoDB Enterprise Kubernetes Operator 0.12¶
Released 2019-06-07
- Rolling upgrades of MongoDB resources ensure that
rs.stepDown()
is called for the primary member. Requires MongoDB patch version 4.0.8 and later or MongoDB patch version 4.1.10 and later. - During a MongoDB major version upgrade, the
featureCompatibilityVersion
field can be set. - Fixed a bug where replica sets with more than seven members could not be created.
- X.509 Authentication can be enabled at the Project level. Requires Cloud Manager, Ops Manager patch version 4.0.11 and later, or Ops Manager patch version 4.1.7 and later.
- Internal cluster authentication based on X.509 can be enabled at the deployment level.
- MongoDB users with X.509 authentication can be created, using the
new
MongoDBUser
custom resource.
MongoDB Enterprise Kubernetes Operator 0.11¶
Released 2019-04-29
NodePort
service creation can be disabled.- TLS can be enabled for internal authentication between MongoDB in
replica sets and sharded clusters. The TLS certificates are created
automatically by the Kubernetes Operator. Refer to the sample
.yaml
files in the GitHub repository for examples. - Wide or asterisk roles have been replaced with strict listing of
verbs in
roles.yaml
. - Printing
mdb
objects withkubectl
will provide more information about the MongoDB object: type, state, and MongoDB server version.
MongoDB Enterprise Kubernetes Operator 0.10¶
Released 2019-04-02
The Kubernetes Operator and database images are now based on ubuntu:16.04.
The Kubernetes Operator now uses a single CustomResourceDefinition named
MongoDB
instead of theMongoDbReplicaSet
,MongoDbShardedCluster
, andMongoDbStandalone
CRDs.Important
Follow the upgrade procedure to transfer existing
MongoDbReplicaSet
,MongoDbShardedCluster
, andMongoDbStandalone
resources to the new format.For a list of the packages installed and any security vulnerabilities detected in our build process, see:
MongoDB Enterprise Kubernetes Operator 0.9¶
Released 2019-03-19
- The Operator and Database images are now based on
debian:stretch-slim
which is the latest and up-to-date Docker image for Debian 9.
MongoDB Enterprise Kubernetes Operator 0.8¶
Released 2019-02-26
- Perform Ops Manager clean-up on deletion of MongoDB resource without the use of finalisers.
- Bug fix: Race conditions when communicating with Ops Manager.
- Bug fix:
ImagePullSecrets
being incorrectly initialized in OpenShift. - Bug fix: Unintended fetching of closed projects.
- Bug fix: Creation of duplicate organizations.
- Bug fix: Reconciliation could fail for the MongoDB resource if some other resources in Ops Manager were in error state.
MongoDB Enterprise Kubernetes Operator 0.7¶
Released 2019-02-01
- Improved detailed status field for MongoDB resources.
- The Kubernetes Operator watches changes to configuration parameters in a project configMap and the credentials secret then performs a rolling upgrade for relevant Kubernetes resources.
- Added JSON structured logging for Automation Agent pods.
- Support DNS SRV records for MongoDB access.
- Bug fix: Avoiding unnecessary reconciliation.
- Bug fix: Improved Ops Manager/Cloud Manager state management for deleted resources.
MongoDB Enterprise Kubernetes Operator 0.6¶
Released 2018-12-17
- Refactored code to use the controller-runtime library to fix issues where Operator could leave resources in inconsistent state. This also introduced a proper reconciliation process.
- Added new
status
field for all MongoDB Kubernetes resources. - Can configure Operator to watch any single namespace or all namespaces in a cluster (requires cluster role).
- Improved database logging by adding a new configuration property
logLevel
. This property is set toINFO
by default. Automation Agent and MongoDB logs are merged in to a single log stream. - Added new configuration Operator timeout. It defines waiting time for database pods start while updating MongoDB Kubernetes resources.
- Fix: Fixed failure detection for
mongos
.
MongoDB Enterprise Kubernetes Operator 0.5¶
Released 2018-11-14
- Image for database no longer includes the binary for the Automation Agent. The container downloads the Automation Agent binary from Ops Manager when it starts.
- Fix: Communication with Ops Manager failed if the project with the same name existed in different organization.
MongoDB Enterprise Kubernetes Operator 0.4¶
Released 2018-10-04
If a backup was enabled in Ops Manager for a Replica Set or Sharded Cluster that the Kubernetes Operator created, then the Kubernetes Operator disables the backup before removing a resource.
Improved persistence support:
The data, journal and log directories are mounted to three mountpoints in one or three volumes depending upon the
podSpec.persistence
setting.Setting Mount Directories to podSpec.persistence.single
One volume podSpec.persistence.multiple
Three volumes Prior to this release, only the data directory was mounted to persistent storage.
A new parameter,
labelSelector
, allows you to specify the selector for volumes that Kubernetes Operator should consider mounting.If StorageClass is not specified in the
persistence
configuration, then the defaultStorageClass
for the cluster is used. In most of public cloud providers, this results in dynamic volume provisioning.
MongoDB Enterprise Kubernetes Operator 0.3¶
Released 2018-08-07
The Operator no longer creates the CustomResourceDefinition objects. The user needs to create them manually. Download and apply this new yaml file (
crd.yaml
) to create/configure these objects.ClusterRoles are no longer required. How the Operator watches resources has changed. Until the last release, the Operator would watch for any resource on any namespace. With 0.3, the Operator watches for resources in the same namespace in which it was created. To support multiple namespaces, multiple Operators can be installed. This allows isolation of MongoDB deployments.
Permissions changes were made to how PersistentVolumes are mounted.
Added configuration to Operator to not create SecurityContexts for Pods. This solves an issue with OpenShift which does not allow this setting when
SecurityContextContraints
are used.If you are using Helm, set
managedSecurityContext
totrue
. This tells the Operator to not createSecurityContext
for Pods, satisfying the OpenShift requirement.The combination of
projectName
andorgId
replacesprojectId
alone to configure the connection to Ops Manager. The project is created if it doesn’t exist.
MongoDB Enterprise Kubernetes Operator 0.1¶
Released 2018-06-27
Initial Release
- Can deploy standalone instances, replica sets, sharded clusters using Kubernetes configuration files.