Navigation
This version of the documentation is archived and no longer supported.

Release Notes for MongoDB Enterprise Kubernetes Operator

On this page

MongoDB Enterprise Kubernetes Operator 1.9 Series

MongoDB Enterprise Kubernetes Operator 1.9.2

Released 2020-02-05

Kubernetes Operator

Bug Fixes

Fixes errors in the CSV (This only effects the Red Hat market)

MongoDBOpsManager Resource

Known Issues
  • You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.

New Images

  • mongodb-enterprise-operator:1.9.2

You can find all images in the following registries:

MongoDB Enterprise Kubernetes Operator 1.9.1

Released 2020-01-15

Kubernetes Operator

Bug Fixes
  • Fixes an issue where you could not specify the service-account-name in the StatefulSet podSpec override.
  • Removes the unnecessary delete service permission from Operator role.

MongoDB Resource

Bug Fixes

MongoDBOpsManager Resource

Breaking Changes

This release introduces:

  • A new Application Database image, mongodb-enterprise-appdb:10.2.15.5958-1_4.2.11-ent. The image includes MongoDB 4.2.11-ent instead of 4.2.2-ent. You must push the new image to any private repositories that your Kubernetes Operator installation uses, otherwise the MongoDBOpsManager resource won’t start.
  • A new required environment variable, APPDB_AGENT_VERSION. If you don’t set APPDB_AGENT_VERSION, the MongoDBOpsManager resource can’t fetch the MongoDB Agent version for the Application Database.
Known Issues
  • You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
Changes

New Images

  • mongodb-enterprise-operator:1.9.1
  • mongodb-enterprise-appdb:10.2.15.5958-1_4.2.11-ent
  • mongodb-enterprise-init-appdb:1.0.2
  • mongodb-enterprise-init-database:1.0.6

You can find all images in the following registries:

MongoDB Enterprise Kubernetes Operator 1.9.0

Released 2020-12-08

Kubernetes Operator

Bug Fixes
  • Fixes an issue where the Kubernetes Operator didn’t close connections to Ops Manager, causing too many open file descriptors.

MongoDB Resource

Changes

MongoDBOpsManager Resource

Known Issues
  • You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
Changes

  • When you upgrade the Kubernetes Operator to this version, the Kubernetes Operator deletes and re-creates the Backup Daemon statefulset.

    This is a safe operation.

    The new Kubernetes service that enables Queryable Backups requires a change to the matchLabels Backup Daemon StatefulSet attribute.

  • The Kubernetes Operator changes the way it collects the status of MongoDB Agents in Application Database Pods.

New Images

  • mongodb-enterprise-operator:1.9.0

You can find all images in the following registries:

MongoDB Enterprise Kubernetes Operator 1.8 Series

MongoDB Enterprise Kubernetes Operator 1.8.2

Released 2020-11-16

Known Issues

  • You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.

Bug Fix

Fixes an issue where the Ops Manager resource would reach a Failing state when both spec.externalConnectivity and spec.backup.enabled were enabled.

MongoDB Enterprise Kubernetes Operator 1.8.1

Released 2020-11-13

Known Issues

  • You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.
  • When both spec.externalConnectivity and spec.backup.enabled are enabled in Ops Manager at the same time, the Ops Manager resource fails to reconcile.

Bug Fixes

  • Fixes a bug where spec.security.authentication.ignoreUnknownUsers could not be modified after creating a MongoDB resource.
  • Fixes failed queryable backups. The Kubernetes Operator now creates a Kubernetes Service that Ops Manager uses to access backups.
  • Fixes an issue that made it impossible to move from non-TLS to a TLS-enabled Application Database.

Improvements

New Images

Init-database 1.0.1 Ubi Ubuntu
Init-ops-manager 1.0.3 Ubi Ubuntu
Init-appdb 1.0.5 Ubi Ubuntu

New Ops Manager Images

Version 4.4.5 Ubi Ubuntu
Version 4.2.21 Ubi Ubuntu
Version 4.2.20 Ubi Ubuntu

For a list of the packages installed and any security vulnerabilities detected in the build process, see the Quay repository for the MongoDB Enterprise Operator and the MongoDB Enterprise Database.

MongoDB Enterprise Kubernetes Operator 1.8.0

Released 2020-09-30

Breaking Changes

The MongoDB Enterprise Database image now requires an init container. If you are using a private repository, you must set the INIT_DATABASE_IMAGE_REPOSITORY environment variable in the Operator deployment, and the new init container must exist inside this repository.

MongoDB Resource Changes

  • Introduces new configuration fields:
    • spec.security.authentication.requireClientTLSAuthentication for using the MongoDB Agent client certificate authentication in conjunction with any other authentication mechanism.
    • spec.security.authentication.agents.clientCertificateSecretRef for configuring the client TLS certificate used by the MongoDB Agent when enabling ClientTLSAuthentication.
  • Changes the default permissions of volumes created from secrets from 0644 to 0640.

Ops Manager Resource Changes

  • Allows the Application Database to be configured with SCRAM-SHA-256 authentication when using Ops Manager 4.4 or newer version.
  • Changes the validation of the Ops Manager spec.version field to allow for tags that do not match the semver requirements. The spec.version field must start with the Major.Minor.Patch string that represents the Ops Manager version. To learn more about this field, see Ops Manager Resource Specification.

Bug Fixes

  • Fixes an issue that caused the Operator to choose an incorrect project name when creating MongoDB users.
  • Fixes an issue that caused the MongoDB Ops Manager CRD to have the CA path in the incorrect location.
  • Fixes a bug where the MongoDB Agent could not correctly recognize the parameters that passed through spec.agent.startupOptions.
  • Fixes an issue that could cause potential deadlock when certain configuration options are modified in parallel.

Known Issues

  • You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.

  • When you enable queryable backup, you must manually create two additional services for:

    • Exposing the queryable backup port (default: 25999) for the Ops Manager pod.
    • The Backup Daemon pod, to ensure that it is resolvable from the Ops Manager pod.

  • If you deploy Ops Manager in local mode and upgrade from v4.4.1, you must upgrade the MongoDB tools located in the automation.versions.directory, which defaults to /mongodb-ops-manager/mongodb-releases/.

    See also

    Configure an Ops Manager Resource to use Local Mode.

MongoDB Enterprise Kubernetes Operator 1.7 Series

MongoDB Enterprise Kubernetes Operator 1.7.1

Released 2020-09-02

MongoDB Resource Changes

Bug Fixes

  • Ops Manager resources:
    • Fixes a bug where you could not enable SCRAM-SHA authentication for application database resources using certain MongoDB versions with Ops Manager 4.4.
    • Fixes a bug where application database monitoring was not correctly configured in Ops Manager when you enabled TLS for the application database.
    • Fixes a bug to move the Ops Manager CA configuration from spec.applicationDatabase.security.tls.ca to spec.security.tls.ca.
  • MongoDB resources:
    • Fixes a bug that prevented you from increasing or decreasing the number of members in a replica set or a sharded cluster by more than one member at a time for MongoDB 4.4 deployments.
    • Fixes an issue where the Kubernetes Operator could not enable agent authentication if you enabled LDAP authentication for a MongoDB resource.
    • Fixes an issue where you could not create SCRAM users and enable SCRAM authentication in any order for a MongoDB resource.
    • Fixes an issue where the Kubernetes Operator did not remove the backup automation configuration before starting the agent on a MongoDB resource Pod.

Known Issues

  • If you enable TLS on the application database, you must not provide the spec.applicationDatabase.version field in an Ops Manager resource definition.

  • You can’t use MongoDB 4.4 as an application database for an Ops Manager resource.

  • When you upgrade to the Kubernetes Operator 1.7.1, you might have to delete the mongodb-enterprise-operator deployment due to deployment configuration changes.

    This is a safe operation. Deleting the mongodb-enterprise-operator pod does not affect the MongoDB custom resources.

  • If you use TLS certificates signed by a custom CA, you must:

    • Omit the spec.version.applicationDatabase setting from your Ops Manager resource definition, and
    • Deploy Ops Manager in local mode. You must manually copy installation archives for all MongoDB versions you want to use to a Persistent Volume for the Ops Manager StatefulSet.

MongoDB Enterprise Kubernetes Operator 1.7.0

Released 2020-08-14

Final Release with OpenShift 3.11 Support

Kubernetes Operator 1.7.x is the final minor version release series that supports OpenShift 3.11. Do not upgrade to any future major or minor version releases if you want to continue to deploy the Kubernetes Operator using OpenShift 3.11.

The planned end of life for the Kubernetes Operator 1.7.x release series is July 2021.

Docker Image Changes

  • All Kubernetes Operator Red Hat Docker images are now based on UBI 8. In the previous release, Kubernetes Operator Red Hat Docker images were based on UBI 7.

MongoDB Resource Changes

  • Supports LDAP as an authorization mechanism for MongoDB database resources you deploy with the Kubernetes Operator. For more information, see the sample LDAP configurations on GitHub

Bug Fixes

  • Fixes a bug that prevented scaling down a replica set from three members to one member.

Known Issues

  • Ops Manager cannot monitor Application Databases secured using TLS.
  • For MongoDB 4.4 deployments, you can increase or decrease the number of members in a replica set or a sharded cluster by only one member at a time.

MongoDB Enterprise Kubernetes Operator 1.6 Series

MongoDB Enterprise Kubernetes Operator 1.6.1

Released 2020-07-30

Ops Manager Resource Changes

  • Ops Manager image for version 4.4.0 is available.

Docker Image Changes

  • The Red Hat database and operator Docker images are now based on the latest UBI 7 release. Two high criticality issues have been resolved.

  • The following Docker images have been released:

    Image Type Ubuntu 16.04 Red Hat UBI 7
    Kubernetes Operator quay.io/mongodb/mongodb-enterprise-operator:1.6.1 quay.io/mongodb/mongodb-enterprise-operator-ubi:1.6.1
    MongoDB Database quay.io/mongodb/mongodb-enterprise-database:1.6.1 quay.io/mongodb/mongodb-enterprise-database-ubi:1.6.1
    Ops Manager quay.io/mongodb/mongodb-enterprise-ops-manager:4.4.0 quay.io/mongodb/mongodb-enterprise-ops-manager-ubi:4.4.0

Bug Fixes

  • Fixes a bug where the Kubernetes Operator did not store a configuration of your deployed resources in a secret.
  • Fixes a bug where the Kubernetes Operator did not allow passwords of any length or complexity for Application Database, oplog store, and blockstore database resources defined in Ops Manager resources.
  • Fixes a bug where the authentication configuration was not removed from Ops Manager or Cloud Manager projects when you remove a MongoDB database resource.

MongoDB Enterprise Kubernetes Operator 1.6.0

Released 2020-07-16

MongoDB Resource Changes

  • Supports LDAP as an authentication mechanism for MongoDB database resources you deploy with the Kubernetes Operator. For more information, see the sample LDAP configurations on GitHub.

    Note

    LDAP authorization is not yet supported.

Kubernetes Operator Changes

  • Preserves backup history by retaining Ops Manager cluster records when you enable backup.

Bug Fixes

  • Fixes a bug that prevented the Kubernetes Operator from raising errors when a projectName contained spaces.
  • Fixes a bug that prevented Ops Manager to monitor for all MongoDB database resources that you deploy with the Kubernetes Operator.

MongoDB Enterprise Kubernetes Operator 1.5 Series

MongoDB Enterprise Kubernetes Operator 1.5.5

Released 2020-07-02

MongoDB Resource Changes

Bug Fixes

  • Fixes a bug introduced in 1.5.4 where MongoDB Enterprise Kubernetes Operator would not tag projects correctly when working on Ops Manager versions older than 4.2.2. In this version, MongoDB Enterprise Kubernetes Operator tags the projects correctly.

MongoDB Enterprise Kubernetes Operator 1.5.4

Released 2020-06-22

MongoDB Resource Changes

  • Allows modification of authentication settings using the Cloud Manager or Ops Manager UI if the spec.security.authentication setting is not provided in the MongoDB resource object definition.

Kubernetes Operator Changes

  • Supports Helm installation with helm install in addition to helm template | kubectl apply. helm install is now the recommended way to install with Helm.
  • Supports configuring the MongoDB Agent authentication mechanism independently from the cluster authentication mechanism.
  • Supports configuring monitoring for the Application Database to send metrics to Ops Manager. To learn more about the monitoring function of the MongoDB Agent, see MongoDB Agent.

Bug Fixes

  • Fixes a bug that affected transitioning authentication mechanisms from X.509 to SCRAM.
  • Fixes a bug that prevented the MongoDB Agent from reaching a goal state if SCRAM configuration was changed in the Ops Manager UI.

MongoDB Enterprise Kubernetes Operator 1.5.3

Released 2020-05-29

Kubernetes Operator Changes

Passes Ops Manager and MongoDB deployment configuration properties as Secret environment variables.

Bug Fixes

  • Correctly configures shutdown timeouts for Ops Manager and the Backup Daemon.
  • Fixes an issue where Kubernetes Operator-watched Secrets and ConfigMaps triggered unnecessary reconciliations.
  • Fixes an issue where the status of custom resources failed to update in OpenShift 3.11.

MongoDB Enterprise Kubernetes Operator 1.5.2

Released 2020-05-08

Ops Manager Resource Changes

  • Runs Ops Manager and Backup Daemon pods under a dedicated service account.

Kubernetes Operator Changes

  • Can configure the Kubernetes Operator to watch a subset of provided CustomResourceDefinitions. You can find more information in the documentation.
  • Can generate CustomResourceDefinitions without using subresources. Some versions of Openshift 3.11 require this capability. To avoid using subresources, use --set subresourceEnabled=false when installing the Kubernetes Operator with helm.

Bug Fixes

  • Fixes setting the spec.statefulSet and spec.backup.statefulSet fields on the MongoDBOpsManager Resource.
  • Fixes an issue that requires a restart of the Kubernetes Operator during setup of webhook.
  • Fixes an issue that could make an Ops Manager resource to reach an unrecoverable state if the provided admin password has insufficient strength.

MongoDB Enterprise Kubernetes Operator 1.5.1

Released 2020-04-30

Deprecates the generation of TLS certificates by the Kubernetes Operator. If you use Kubernetes Operator-generated certificates, warning messages now appear in the Kubernetes Operator logs. To configure secure deployments, see Secure a Database Resource.

Bug Fixes

Fixes an issue where, when no authentication is configured by the Kubernetes Operator, the Kubernetes Operator disables authentication in Cloud Manager or Ops Manager. The Kubernetes Operator no longer disables authentication unless you explicitly set spec.security.authentication.enabled to false.

Known Issues

When you configure the spec.statefulSet.spec and spec.backup.statefulSet.spec settings of the MongoDBOpsManager resource, you can only configure the spec.statefulSet.spec.template and spec.backup.statefulSet.spec.template fields. Any other spec.statefulSet.spec or spec.backup.statefulSet.spec field has no effect.

MongoDB Enterprise Kubernetes Operator 1.5.0

Released 2020-04-24

Kubernetes Operator Changes

Adds the ability to start the Kubernetes Operator with some but not all MongoDB CustomResourceDefinitions installed. Administrators can specify the container argument watch-resource to limit the Kubernetes Operator to deploy either MonogDB instances or Ops Manager, or both.

Breaking Changes

Adds the following new Kubernetes Operator configuration properties:

  • INIT_OPS_MANAGER_IMAGE_REPOSITORY
  • INIT_APPDB_IMAGE_REPOSITORY
  • APPDB_IMAGE_REPOSITORY

When using a private docker registry, these properties must point to the relevant registries after you copy the images from the MongoDB distribution channels.

MongoDB Resource Changes

  • Increases support for custom TLS certificates with the spec.security.tls.secretRef and spec.security.tls.ca configuration settings.
  • Deprecates TLS certificate generation by the Kubernetes Operator. Migrating to custom TLS certificates is recommended.

Ops Manager Resource Changes

  • Releases the MongoDBOpsManager resource as Generally Available (GA). MongoDB now supports using the Kubernetes Operator to deploy Ops Manager resources to Kubernetes in production environments.
  • Supports Backup Blockstore Snapshot Stores.
  • Defaults to the Application Database as a metadata database for Backup S3 Snapshot Stores.
  • Supports spec.jvmParameters and spec.backup.jvmParameters to add or override JVM parameters in Ops Manager and Backup Daemon processes.
  • Automatically configures Ops Manager and Backup Daemon JVM memory parameters based on pod memory availability.
  • Supports TLS for Ops Manager and the Application Database.
  • Adds more detailed information to the status field.
  • Supports Ops Manager Local Mode for MongoDBOpsManager resources with multiple replicas by enabling users to specify PersistentVolumeClaimTemplates in spec.statefulSet.spec.
  • Implements a new image versioning scheme.
  • Known Issue: To enable S3 Snapshot stores in Ops Manager 4.2.10 and 4.2.12, you must set brs.s3.validation.testing: disabled in the spec.configuration property of your Ops Manager resource specification.

Breaking Changes

See the sample YAML files for new feature usage examples.

MongoDB Enterprise Kubernetes Operator 1.4 Series

MongoDB Enterprise Kubernetes Operator 1.4.5

Fixes CVE-2020-7922: Kubernetes Operator generates potentially insecure certificates.

CVE Description

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Kubernetes Operator to generate their X.509 certificates are unaffected.

Common Weakness Enumeration

CWE-295: Improper Certificate Validation CVSS score: 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Versions

  • 1.0, 1.1
  • 1.2.0 - 1.2.4
  • 1.3.0 - 1.3.1
  • 1.4.0 - 1.4.4

Fixed Versions

  • 1.2.5
  • 1.4.5 and above

MongoDB Enterprise Kubernetes Operator 1.4.4

MongoDB Resource Changes

Supports changes in the Cloud Manager API.

Ops Manager Resource Changes (Beta Release)

  • Properly terminates resources with a termination hook.
  • Implements stricter validations.

Bug Fixes

  • MongoDB resources:
    • Fixes an issue when working with Ops Manager with custom HTTPS certificates.

MongoDB Enterprise Kubernetes Operator 1.4.3

Released 2020-02-24

Kubernetes Operator Changes

Adds a webhook to validate a Kubernetes Operator configuration.

MongoDB Resource Changes

  • Adds support for sidecars for MongoDB Kubernetes resource pods using the spec.podSpec.podTemplate setting.
  • Allows users to change the PodSecurityContext to allow privileged sidecar containers.

Ops Manager Resource Changes (Beta Release)

  • Adds the spec.podSpec configuration settings for Ops Manager, the Backup Daemon, and the Application Database. See Ops Manager Resource Specification.
  • Ops Manager image for version 4.2.8 is available.

Bug Fixes

  • MongoDB resources:
    • Fixes potential race conditions when deleting MongoDB Kubernetes resources.
  • Ops Manager resources:
    • Supports the spec.clusterDomain setting for Ops Manager and Application Database resources.
    • No longer starts monitoring and backup processes for the Application Database.

See the sample YAML files for new feature usage examples.

MongoDB Enterprise Kubernetes Operator 1.4.2

Released 2020-01-24

MongoDB Resource Changes

  • Runs MongoDB database Kubernetes pods under a dedicated Kubernetes service account: mongodb-enterprise-database-pods.
  • Adds the spec.podSpec.podTemplate setting, which allows you to apply templates to Kubernetes pods that the Kubernetes Operator generates for each database StatefulSet.
  • Renames the spec.clusterName setting to spec.clusterDomain.

Ops Manager Resource Changes (Beta Release)

  • Adds offline mode support for the Application Database. Bundles MongoDB Enterprise version 4.2.2 with the Application Database image. Internet access is not required to install the application database if spec.applicationDatabase.version is set to "4.2.2-ent" or omitted.
  • Renames the spec.clusterName setting to spec.clusterDomain.
  • Ops Manager images for versions 4.2.6 and 4.2.7 are available.

Bug Fixes

  • MongoDB resources:
    • Fixes the order of sharded cluster component creation.
    • Allows TLS to be enabled on Amazon EKS.
  • Ops Manager resources:
    • Enables the Kubernetes Operator to use the spec.clusterDomain setting.

See the sample YAML files for new feature usage examples.

MongoDB Enterprise Kubernetes Operator 1.4.1

Released 2019-12-13

MongoDB Enterprise Kubernetes Operator 1.4.0

Released 2019-12-09

MongoDB Resource Changes

  • Adds split horizon DNS support for MongoDB replica sets, which allows clients to connect to a replica set from outside of the Kubernetes cluster.
  • Supports requests for Kubernetes Operator-generated certificates for additional certificate domains, which makes them valid for the specified subdomains.

Ops Manager Resource Changes (Beta Release)

  • Promotes the MongoDBOpsManager resource to Beta. Ops Manager version 4.2.4 is available.
  • Supports Backup and restore in Kubernetes Operator-deployed Ops Manager instances. This is a semi-automated process that deploys everything you need to enable backups in Ops Manager. You can enable Backup by setting the spec.backup.enabled setting in the Ops Manager custom resource. You can configure the Head Database, Oplog Store, and S3 Snapshot Store by using the MongoDBOpsManager resource specification.
  • Supports access to Ops Manager from outside the Kubernetes cluster through the spec.externalConnectivity setting.
  • Enables SCRAM-SHA-1 authentication on Ops Manager’s Application Database by default.
  • Adds support for OpenShift (Red Hat UBI Images).

For more information on how to enable new features, see the sample YAML files in the samples directory.

Bug Fixes

  • Improves overall stability of X.509 user management.

MongoDB Enterprise Kubernetes Operator 1.3 Series

MongoDB Enterprise Kubernetes Operator 1.3.1

Released 2019-11-08

Important

This release introduces significant changes that may not be compatible with previous deployments or resource configurations. Read Migrate to One Resource per Project (Required for Version 1.3.0) before upgrading the Kubernetes Operator.

MongoDB Resource Changes

  • Requires one MongoDB resource per Ops Manager project. If you have more than one MongoDB resource in a project, all resources will change to a Pending status and the Kubernetes Operator won’t perform any changes on them. The existing MongoDB databases will still be accessible. You must migrate to one resource per project.
  • Supports SCRAM-SHA authentication mode. See the MongoDB Enterprise Kubernetes Operator GitHub repository for examples.
  • Requires that the project (ConfigMap) and credentials (secret) referenced from a MongoDB resource be in the same namespace.
  • Adds OpenShift installation files (YAML file and Helm chart configuration).

Ops Manager Resource Changes (Alpha Release)

MongoDB Enterprise Kubernetes Operator 1.3.0

Released 2019-10-25

Important

This release introduces significant changes that may not be compatible with previous deployments or resource configurations. Read Migrate to One Resource per Project (Required for Version 1.3.0) before installing or upgrading the Kubernetes Operator.

Specification Schema Changes

Ops Manager Resource Changes (Alpha Release)

This release introduces signficant changes to the Ops Manager resource’s architecture. The Ops Manager application database is now managed by the Kubernetes Operator, not by Ops Manager.

Bug Fixes

  • Stops unnecessary recreation of NodePorts.
  • Fixes logging so it’s always in JSON format.
  • Sets USER in the Kubernetes Operator Docker image.

MongoDB Enterprise Kubernetes Operator 1.2 Series

MongoDB Enterprise Kubernetes Operator 1.2.5

Fixes CVE-2020-7922: Kubernetes Operator generates potentially insecure certificates.

CVE Description

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Kubernetes Operator to generate their X.509 certificates are unaffected.

Common Weakness Enumeration

CWE-295: Improper Certificate Validation CVSS score: 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Versions

  • 1.0, 1.1
  • 1.2.0 - 1.2.4
  • 1.3.0 - 1.3.1
  • 1.4.0 - 1.4.4

Fixed Versions

  • 1.2.5
  • 1.4.5 and above

MongoDB Enterprise Kubernetes Operator 1.2.4

Released 2019-10-02

  • Increases stability of Sharded Cluster deployments.
  • Improves internal testing infrastructure.

MongoDB Enterprise Kubernetes Operator 1.2.3

Released 2019-09-13

  • Update: The MongoDB Enterprise Kubernetes Operator will remove support for multiple clusters per project in a future release. If a project contains more than one cluster, a warning will be added to the status of the MongoDB Resources. Additionally, any new cluster being added to a non-empty project will result in a Failed state, and won’t be processed.
  • Fix: The overall stability of the operator has been improved. The operator is now more conservative in resource updates both on Kubernetes and Cloud Manager or Ops Manager.

MongoDB Enterprise Kubernetes Operator 1.2.2

Released 2019-08-30

  • Security Fix: Clusters configured by Kubernetes Operator versions 1.0 through 1.2.1 used an insufficiently strong keyfile for internal cluster authentication between mongod processes. This only affects clusters which are using X.509 for user authentication, but are not using X.509 for internal cluster authentication. Users are advised to upgrade to version 1.2.2, which will replace all managed keyfiles.
  • Security Fix: Clusters configured by Kubernetes Operator versions 1.0 through 1.2.1 used an insufficiently strong password to authenticate the MongoDB Agent. This only affects clusters which have been manually configured to enable SCRAM-SHA-1, which is not a supported configuration. Users are advised to upgrade to version 1.2.2, which will reset these passwords.

MongoDB Enterprise Kubernetes Operator 1.2.1

Released 2019-08-23

  • Fix: The Kubernetes Operator no longer recreates CSRs when X.509 authentication is enabled and the approved CSRs have been deleted.
  • Fix: If the OPERATOR_ENV environment variable is set to something unrecognized by the Kubernetes Operator, it will no longer result in a CrashLoopBackOff of the pod. A default value of prod is used.
  • The Kubernetes Operator now supports more than 100 agents in a given project.

MongoDB Enterprise Kubernetes Operator 1.2.0

Released 2019-08-13

GA Release

  • Adds a readinessprobe to the MongoDB Pods to improve the reliability of rolling upgrades.

Alpha Release

This feature is an alpha release. It is not ready for production use.

MongoDB Enterprise Kubernetes Operator 1.1 Series

MongoDB Enterprise Kubernetes Operator 1.1

Released 2019-07-19

  • Fix: Adds sample yaml files, in particular, the attribute related to featureCompatibilityVersion.
  • Fix: TLS can be disabled in a deployment.
  • Improvement: Adds script in the support directory that can gather information of your MongoDB resources in Kubernetes.
  • Improvement: In a TLS environment, the Kubernetes Operator can use a custom CA. All the certificates must be passed as secret objects.

MongoDB Enterprise Kubernetes Operator 1.0 Series

MongoDB Enterprise Kubernetes Operator 1.0

Released 2019-06-18

  • Supports Kubernetes v1.11 or later.
  • Provisions any kind of MongoDB deployment in the Kubernetes Cluster of your Organization:
  • Configures TLS on the MongoDB deployments and encrypt all traffic. Hosts and clients can verify each other’s identities.
  • Manages MongoDB users.
  • Supports X.509 authentication to your MongoDB databases.

See also

To learn how to install and configure the Operator, see Install and Configure the Kubernetes Operator.

Questions about the Kubernetes Operator GA release

If you have any questions regarding this release, use the #enterprise-kubernetes Slack channel.

MongoDB Enterprise Kubernetes Operator Beta Series

MongoDB Enterprise Kubernetes Operator 0.12

Released 2019-06-07

  • Rolling upgrades of MongoDB resources ensure that rs.stepDown() is called for the primary member. Requires MongoDB patch version 4.0.8 and later or MongoDB patch version 4.1.10 and later.
  • During a MongoDB major version upgrade, the featureCompatibilityVersion field can be set.
  • Fixed a bug where replica sets with more than seven members could not be created.
  • X.509 Authentication can be enabled at the Project level. Requires Cloud Manager, Ops Manager patch version 4.0.11 and later, or Ops Manager patch version 4.1.7 and later.
  • Internal cluster authentication based on X.509 can be enabled at the deployment level.
  • MongoDB users with X.509 authentication can be created, using the new MongoDBUser custom resource.

MongoDB Enterprise Kubernetes Operator 0.11

Released 2019-04-29

  • NodePort service creation can be disabled.
  • TLS can be enabled for internal authentication between MongoDB in replica sets and sharded clusters. The TLS certificates are created automatically by the Kubernetes Operator. Refer to the sample .yaml files in the GitHub repository for examples.
  • Wide or asterisk roles have been replaced with strict listing of verbs in roles.yaml.
  • Printing mdb objects with kubectl will provide more information about the MongoDB object: type, state, and MongoDB server version.

MongoDB Enterprise Kubernetes Operator 0.10

Released 2019-04-02

  • The Kubernetes Operator and database images are now based on ubuntu:16.04.

  • The Kubernetes Operator now uses a single CustomResourceDefinition named MongoDB instead of the MongoDbReplicaSet, MongoDbShardedCluster, and MongoDbStandalone CRDs.

    Important

    Follow the upgrade procedure to transfer existing MongoDbReplicaSet, MongoDbShardedCluster, and MongoDbStandalone resources to the new format.

  • For a list of the packages installed and any security vulnerabilities detected in our build process, see:

MongoDB Enterprise Kubernetes Operator 0.9

Released 2019-03-19

  • The Operator and Database images are now based on debian:stretch-slim which is the latest and up-to-date Docker image for Debian 9.

MongoDB Enterprise Kubernetes Operator 0.8

Released 2019-02-26

  • Perform Ops Manager clean-up on deletion of MongoDB resource without the use of finalisers.
  • Bug fix: Race conditions when communicating with Ops Manager.
  • Bug fix: ImagePullSecrets being incorrectly initialized in OpenShift.
  • Bug fix: Unintended fetching of closed projects.
  • Bug fix: Creation of duplicate organizations.
  • Bug fix: Reconciliation could fail for the MongoDB resource if some other resources in Ops Manager were in error state.

MongoDB Enterprise Kubernetes Operator 0.7

Released 2019-02-01

  • Improved detailed status field for MongoDB resources.
  • The Kubernetes Operator watches changes to configuration parameters in a project configMap and the credentials secret then performs a rolling upgrade for relevant Kubernetes resources.
  • Added JSON structured logging for Automation Agent pods.
  • Support DNS SRV records for MongoDB access.
  • Bug fix: Avoiding unnecessary reconciliation.
  • Bug fix: Improved Ops Manager/Cloud Manager state management for deleted resources.

MongoDB Enterprise Kubernetes Operator 0.6

Released 2018-12-17

  • Refactored code to use the controller-runtime library to fix issues where Operator could leave resources in inconsistent state. This also introduced a proper reconciliation process.
  • Added new status field for all MongoDB Kubernetes resources.
  • Can configure Operator to watch any single namespace or all namespaces in a cluster (requires cluster role).
  • Improved database logging by adding a new configuration property logLevel. This property is set to INFO by default. Automation Agent and MongoDB logs are merged in to a single log stream.
  • Added new configuration Operator timeout. It defines waiting time for database pods start while updating MongoDB Kubernetes resources.
  • Fix: Fixed failure detection for mongos.

MongoDB Enterprise Kubernetes Operator 0.5

Released 2018-11-14

  • Image for database no longer includes the binary for the Automation Agent. The container downloads the Automation Agent binary from Ops Manager when it starts.
  • Fix: Communication with Ops Manager failed if the project with the same name existed in different organization.

MongoDB Enterprise Kubernetes Operator 0.4

Released 2018-10-04

  • If a backup was enabled in Ops Manager for a Replica Set or Sharded Cluster that the Kubernetes Operator created, then the Kubernetes Operator disables the backup before removing a resource.

  • Improved persistence support:

    • The data, journal and log directories are mounted to three mountpoints in one or three volumes depending upon the podSpec.persistence setting.

      Setting Mount Directories to
      podSpec.persistence.single One volume
      podSpec.persistence.multiple Three volumes

      Prior to this release, only the data directory was mounted to persistent storage.

    • A new parameter, labelSelector, allows you to specify the selector for volumes that Kubernetes Operator should consider mounting.

    • If StorageClass is not specified in the persistence configuration, then the default StorageClass for the cluster is used. In most of public cloud providers, this results in dynamic volume provisioning.

MongoDB Enterprise Kubernetes Operator 0.3

Released 2018-08-07

  • The Operator no longer creates the CustomResourceDefinition objects. The user needs to create them manually. Download and apply this new yaml file (crd.yaml) to create/configure these objects.

  • ClusterRoles are no longer required. How the Operator watches resources has changed. Until the last release, the Operator would watch for any resource on any namespace. With 0.3, the Operator watches for resources in the same namespace in which it was created. To support multiple namespaces, multiple Operators can be installed. This allows isolation of MongoDB deployments.

  • Permissions changes were made to how PersistentVolumes are mounted.

  • Added configuration to Operator to not create SecurityContexts for Pods. This solves an issue with OpenShift which does not allow this setting when SecurityContextContraints are used.

    If you are using Helm, set managedSecurityContext to true. This tells the Operator to not create SecurityContext for Pods, satisfying the OpenShift requirement.

  • The combination of projectName and orgId replaces projectId alone to configure the connection to Ops Manager. The project is created if it doesn’t exist.

MongoDB Enterprise Kubernetes Operator 0.2

Released 2018-08-03

  • Calculates WiredTiger memory cache.

MongoDB Enterprise Kubernetes Operator 0.1

Released 2018-06-27

Initial Release

  • Can deploy standalone instances, replica sets, sharded clusters using Kubernetes configuration files.

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.