Skip to content

MongoDB Enterprise Kubernetes Operator 1.25.0
Compare
Choose a tag to compare
@mms-build-account mms-build-account released this 01 May 11:22
· 7 commits to master since this release
1.25.0
67b067c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Known Issues

  • mongodb-enterprise-openshift.yaml file released in this version is incomplete. There is missing operator's ServiceAccount resource. Please use the newer version of the operator or add the service account manually from this commit.

New Features

  • MongoDBOpsManager: Added support for deploying Ops Manager Application on multiple Kubernetes clusters. See documentation for more information.
  • (Public Preview) MongoDB, OpsManager: Introduced opt-in Static Architecture (for all types of deployments) that avoids pulling any binaries at runtime.
    * This feature is recommended only for testing purposes, but will become the default in a later release.
    * You can activate this mode by setting the MDB_DEFAULT_ARCHITECTURE environment variable at the Operator level to static. Alternatively, you can annotate a specific MongoDB or OpsManager Custom Resource with mongodb.com/v1.architecture: "static".
  • MongoDB: Recover Resource Due to Broken Automation Configuration has been extended to all types of MongoDB resources, now including Sharded Clusters. For more information see https://www.mongodb.com/docs/kubernetes-operator/master/reference/troubleshooting/#recover-resource-due-to-broken-automation-configuration
  • MongoDB, MongoDBMultiCluster: Placeholders in external services.
    • You can now define annotations for external services managed by the operator that contain placeholders which will be automatically replaced to the proper values.
    • Previously, the operator was configuring the same annotations for all external services created for each pod. Now, with placeholders the operator is able to customize
      annotations in each service with values that are relevant and different for the particular pod.
    • To learn more please see the relevant documentation:
  • kubectl mongodb:
  • Added printing build info when using the plugin.
  • setup command:
    • Added --image-pull-secrets parameter. If specified, created service accounts will reference the specified secret on ImagePullSecrets field.
    • Improved handling of configurations when the operator is installed in a separate namespace than the resources it's watching and when the operator is watching more than one namespace.
    • Optimized roles and permissions setup in member clusters, using a single service account per cluster with correctly configured Role and RoleBinding (no ClusterRoles necessary) for each watched namespace.
  • OpsManager: Added the spec.internalConnectivity field to allow overrides for the service used by the operator to ensure internal connectivity to the OpsManager pods.
  • Extended the existing event based reconciliation by a time-based one, that is triggered every 24 hours. This ensures all Agents are always upgraded on timely manner.
  • OpenShift / OLM Operator: Removed the requirement for cluster-wide permissions. Previously, the operator needed these permissions to configure admission webhooks. Now, webhooks are automatically configured by OLM.
  • Added optional MDB_WEBHOOK_REGISTER_CONFIGURATION environment variable for the operator. It controls whether the operator should perform automatic admission webhook configuration. Default: true. It's set to false for OLM and OpenShift deployments.

Breaking Change

  • MongoDBOpsManager Stopped testing against Ops Manager 5.0. While it may continue to work, we no longer officially support Ops Manager 5 and customers should move to a later version.

Helm Chart

  • New operator.webhook.registerConfiguration parameter. It controls whether the operator should perform automatic admission webhook configuration (by setting MDB_WEBHOOK_REGISTER_CONFIGURATION environment variable for the operator). Default: true. It's set to false for OLM and OpenShift deployments.
  • Changing the default agent.version to 107.0.0.8502-1, that will change the default agent used in helm deployments.
  • Added operator.additionalArguments (default: []) allowing to pass additional arguments for the operator binary.
  • Added operator.createResourcesServiceAccountsAndRoles (default: true) to control whether to install roles and service accounts for MongoDB and Ops Manager resources. When mongodb kubectl plugin is used to configure the operator for multi-cluster deployment, it installs all necessary roles and service accounts. Therefore, in some cases it is required to not install those roles using the operator's helm chart to avoid clashes.

Bug Fixes

  • MongoDBMultiCluster: Fields spec.externalAccess.externalDomain and spec.clusterSpecList[*].externalAccess.externalDomains were reported as required even though they weren't
    used. Validation was triggered prematurely when structure spec.externalAccess was defined. Now, uniqueness of external domains will only be checked when the external domains are
    actually defined in spec.externalAccess.externalDomain or spec.clusterSpecList[*].externalAccess.externalDomains.
  • MongoDB: Fixed a bug where upon deleting a MongoDB resource the controlledFeature policies are not unset on the related OpsManager/CloudManager instance, making cleanup in the UI impossible in the case of losing the kubernetes operator.
  • OpsManager: The admin-key Secret is no longer deleted when removing the OpsManager Custom Resource. This enables easier Ops Manager re-installation.
  • MongoDB ReadinessProbe Fixed the misleading error message of the readinessProbe: "... kubelet Readiness probe failed:...". This affects all mongodb deployments.
  • Operator: Fixed cases where sometimes while communicating with Opsmanager the operator skipped TLS verification, even if it was activated.

Improvements

Kubectl plugin: The released plugin binaries are now signed, the signatures are published with the release assets. Our public key is available at this address. They are also notarized for MacOS.
Released Images signed: All container images published for the enterprise operator are cryptographically signed. This is visible on our Quay registry, and can be verified using our public key. It is available at this address.

Assets 7
Loading