MongoDB Enterprise Kubernetes Operator 1.4.1

CVE fixes

• CVE-2019-11729
   

Bug fixes

• Fixed a bug in Ops Manager Custom Resource which prevented running MongoDB backup for 3.6 and 4.0 versions
   

MongoDB Enterprise Kubernetes Operator 1.4.0

New Features

MongoDB Resource Changes

• Split horizon DNS support for MongoDB replica sets has been added, allowing clients to connect to replica set from outside of the Kubernetes cluster.
• Operator generated certificates can be requested with additional certificate domains, making them valid for the specified subdomains.

Ops Manager Resource Changes

• MongoDBOpsManager has been promoted to beta! Ops Manager version 4.2.4 is available.
• Backup and restore can be enabled in Operator-deployed Ops Manager instances. This is a semi-automated process that will deploy everything you need to enable backups in Ops Manager. Backup should be enabled by setting the spec.backup.enabled attribute on the Ops Manager custom resource. The Head DB, Oplog Store and S3 Snapshot Store can be configured using MongoDBOpsManager specification.
• Ops Manager can be accessed from outside the Kubernetes cluster by setting the spec.externalConnectivity property.
• Ops Manager's AppDB (the MongoDB database that Ops Manager runs on) has SCRAM-SHA1 authentication enabled by default.
• Support for Openshift (Red Hat UBI Images) has been added.

Please see the sample YAML files in the samples directory for more information on how to enable new features.

Bug fixes

• Overall stability of X509 user management has been improved.

MongoDB Enterprise Kubernetes Operator 1.3.1

MongoDB Resource Changes

• Important! Requires one MongoDB resource per Ops Manager project. If you have more than one MongoDB resource in a project, all resources will change to a Pending status and the Kubernetes Operator won’t perform any changes on them. The existing MongoDB databases will still be accessible. You must migrate to one resource per project.
• Supports SCRAM-SHA authentication mode. See the MongoDB Enterprise Kubernetes Operator GitHub repository for examples.
• Requires that the project (ConfigMap) and credentials (secret) referenced from a MongoDB resource be in the same namespace.
• Adds OpenShift installation files (YAML file and Helm chart configuration).

Ops Manager Resource Changes (Alpha Release)

• Supports highly available Ops Manager resources by introducing the spec.replicas setting.
• Runs pods as a non-root user.

MongoDB Enterprise Kubernetes Operator 1.3.0

Important: This release introduces significant changes that may not be compatible with previous deployments or resource configurations. Read https://docs.mongodb.com/kubernetes-operator/stable/tutorial/migrate-to-single-resource/ before installing or upgrading the Kubernetes Operator.

Specification Schema Changes

• Moves to a one cluster per project configuration. This follows the warnings introduced in a previous version of the operator. The operator now requires each cluster to be contained within a new project.
• Authentication settings are now contained within the security section of the MongoDB resource specification rather than the project ConfigMap.
• Replaces the project field with the spec.opsManager.configMapRef.name or spec.cloudManager.configMapRef.name fields.
• User resources now refer to MongoDB resources rather than project ConfigMaps.
• No longer requires data.projectName in the project ConfigMap. The name of the project defaults to the name of the MongoDB resource in Kubernetes.

Ops Manager Resource Changes

This release introduces signficant changes to the Ops Manager resource’s architecture. The Ops Manager application database is now managed by the Kubernetes Operator, not by Ops Manager.

Bug Fixes

• Stops unnecessary recreation of NodePorts.
• Fixes logging so it’s always in JSON format.
• Sets USER in the Kubernetes Operator Docker image.

MongoDB Enterprise Kubernetes Operator 1.2.4

• Increased stability of X509 enabled Sharded Cluster deployments.
• Internal testing infrastructure improvements.

MongoDB Enterprise Kubernetes Operator 1.2.3

• Update: The MongoDB Enterprise Kubernetes Operator will remove support for multiple clusters per project in a future release. If a project contains more than one cluster, a warning will be added to the status of the MongoDB Resources. Additionally, any new cluster being added to a non-empty project will result in a Failed state, and won’t be processed.
• Fix: The overall stability of the operator has been improved. The operator is now more conservative in resource updates both on Kubernetes and Cloud Manager or Ops Manager.

MongoDB Enterprise Kubernetes Operator 1.2.2

• Security Fix: Clusters configured by Operator versions 1.0-1.2.1 used an insufficiently-strong keyfile for internal cluster authentication between mongoDs. This only affects clusters which are using x509 for user-authentication, but are not using x509 for internal cluster authentication. Users are advised to upgrade to 1.2.2, which will replace all managed keyfiles.

• Security Fix: Clusters configured by with Operator versions 1.0-1.2.1 used an insufficiently-strong password to authenticate the MongoDB Agent. This only affects clusters which have been manually configured to enable SCRAM-SHA1, which is not a supported configuration. Users are advised to upgrade to 1.2.2, which will reset these passwords.

MongoDB Enterprise Kubernetes Operator 1.2.1

• Fixed bug which caused the Operator to incorrectly generate CSRs for agent x509 certificates when approved CSRs have been deleted

• If the OPERATOR_ENV environment variable is set to something unrecognized by the Operator, it will no longer result in a "CrashLoopBackOff" of the pod. A default value of "prod" is used.

• The Operator now supports more than 100 agents in a given project

MongoDB Enterprise Kubernetes Operator 1.2

• A new Resource, MongoDBOpsManager has been added to allow Ops Manager 4.2 to be deployed into your Kubernetes cluster. This feature is in alpha stage.
• A Readiness Probe has been added to the MongoDB Pods to make rolling upgrades more reliable.

MongoDB Enterprise Kubernetes Operator 1.1

• Fixed sample yaml files, in particular, the attribute related to featureCompatibilityVersion
• Fixed a bug that will not allow for TLS to be disabled in a deployment
• Added script (under the "support" directory) that can be used to gather information of your MongoDB resources in Kubernetes
• In a TLS environment, the operator can now use a custom Certificate Authority. All the certificates need to be passed in the form of Secret Kubernetes objects