Atlas Kubernetes Operator Changelog
On this page
- Atlas Kubernetes Operator 2.5.0
- Atlas Kubernetes Operator 2.4.1
- Atlas Kubernetes Operator 2.4.0
- Atlas Kubernetes Operator 2.3.1
- Atlas Kubernetes Operator 2.3.0
- Atlas Kubernetes Operator 2.2.2
- Atlas Kubernetes Operator 2.2.1
- Atlas Kubernetes Operator 2.2.0
- Atlas Kubernetes Operator 2.1.0
- Atlas Kubernetes Operator 2.0.1
- Atlas Kubernetes Operator 2.0.0
- Atlas Kubernetes Operator 1.9.3
- Atlas Kubernetes Operator 1.9.1
- Atlas Kubernetes Operator 1.9.0
- Atlas Kubernetes Operator 1.8.2
- Atlas Kubernetes Operator 1.8.1
- Atlas Kubernetes Operator 1.8.0
- Atlas Kubernetes Operator 1.7.3
- Atlas Kubernetes Operator 1.7.2
- Atlas Kubernetes Operator 1.7.1
- Atlas Kubernetes Operator 1.7.0
- Atlas Kubernetes Operator 1.6.1
- Atlas Kubernetes Operator 1.6.0
- Atlas Kubernetes Operator 1.5.0
- Atlas Kubernetes Operator 1.4.1
- Atlas Kubernetes Operator 1.4.0
- Atlas Kubernetes Operator 1.3.0
- Atlas Kubernetes Operator 1.2.0
- Atlas Kubernetes Operator 1.1.0
- Atlas Kubernetes Operator 1.0.0
- Atlas Kubernetes Operator 0.8.0
- Atlas Kubernetes Operator 0.5.0
Note
You can find the full list of Atlas Kubernetes Operator releases here.
Atlas Kubernetes Operator 2.5.0
New Features, Improvements and Fixes
Adds support for local credentials for custom resources, allowing specific custom resources to be managed using specific Atlas Admin API credentials.
AtlasDeployment
andAtlasDatabaseUser
can now be used as independent resources, meaning you can manage Atlas deployments without also managing the project using the Atlas Kubernetes Operator.Adds new "basic deployment" and "advanced deployment" Helm templates that allow provisioning of Atlas projects, deployments, and database users.
Fixes the case when changing the Instance Size was ignored for a shared cluster.
Resolves Operator panic when changing a deployment to or from serverless instances.
Adds cleanup of orphan connection strings after a database user was deleted.
Fixes the case when an
AtlasTeam
resource that is not managed by the Atlas Kubernetes Operator (not assigned to anyAtlasProject
resource) was wrongly deleted.Removes custom
ResourceWatcher
in favor of controller-runtime field indexers. The legacy internal customResourceWatcher
had bugs and its usage was error prone which could lead to lost data and data integrity issues with resources managed by Atlas Kubernetes Operator.Supports Kubernetes versions 1.28 through 1.30.
Supports OpenShift version 4.16.
Atlas Kubernetes Operator 2.4.1
New Features, Improvements and Fixes
Fixes a bug where Atlas Kubernetes Operator sometimes skips periodic reconciliation if there were no changes to custom resources.
Updates deletion protection to delete a team from the Atlas Kubernetes Operator, but keeps it in Atlas when there are no projects associated to it.
Supports Kubernetes versions 1.28 through 1.30.
Supports OpenShift version 4.15.
Atlas Kubernetes Operator 2.4.0
New Features, Improvements and Fixes
Supports Backup Compliance Policy.
Supports short names for Atlas Kubernetes Operator custom resources.
Introduces
kubectl
command for listing all Atlas Kubernetes Operator resources in your cluster.Supports Kubernetes versions 1.28 through 1.30.
Supports OpenShift version 4.15.
Atlas Kubernetes Operator 2.3.1
New Features, Improvements and Fixes
Improves validation of the
spec.x509Type
field in the AtlasDatabaseUser custom resource. The valid values continue to beNONE
,CUSTOMER
,MANAGED
.Prevents redundant updates by improving sorting of
regionConfigs
in the AtlasDeployment custom resource.Supports Kubernetes versions 1.27 through 1.29.
Supports OpenShift version 4.14.
Atlas Kubernetes Operator 2.3.0
New Features, Improvements and Fixes
Adds support for Atlas Stream Processing.
Adds support for
Atlas Search Indexes
.Adds support for
Atlas Search Dedicated Nodes
.Supports Kubernetes versions 1.27 through 1.29.
Supports OpenShift version 4.14.
Atlas Kubernetes Operator 2.2.2
New Features, Improvements and Fixes
Supports Kubernetes versions 1.27 through 1.29.
Supports OpenShift version 4.14.
Fixes
Fixes a concurrency issue that could have resulted in the Atlas Kubernetes Operator missing changes made to custom resource definitions.
Atlas Kubernetes Operator 2.2.1
New Features, Improvements and Fixes
All MongoDB images are now signed.
Removes CPU limits and increases memory limits to 1Gi and memory requests to 256Mi.
Improves reconciliation of Serverless Private Endpoints. Atlas Kubernetes Operator no longer gets stuck in a reconcile loop that recreates serverless private endpoints when they fail to synchronize with Atlas.
Ensures Atlas Teams are always cleaned up. This improvement prevents Atlas Team resources from being orphaned and left in a cluster with no associated projects.
Supports Kubernetes versions 1.27 through 1.29.
Supports OpenShift version 4.14.
Deprecations and Removals
This release deprecates the following fields and setting them has no effect in serverless deployments:
DiskIOPS
DiskTypeName
EncryptEBSVolume
InstanceSizeName
VolumeType
AutoScaling
Atlas Kubernetes Operator 2.2.0
Fixes
Fixes Federated Authentication role mapping assignment handling.
New
Adds support for
AP1
andUS1-Fed
Datadog regions. To learn more, see Integrate with Third-Party Services.Adds support for yearly backup frequencies for Cloud Backups.
Atlas Kubernetes Operator 2.1.0
Fixes
Disables the
--subobject-deletion-protection
flag due to a bug that prevents users from modifying existing resources when deletion protection is enabled. You can still use the --object-deletion-protection flag to control deletion protection on a per-custom-resource basis.
New
Adds the
terminationProtectionEnabled
property to thedeploymentSpec
fields in theAtlasProject
Custom Resource to achieve feature parity with serverless instances deployed with theAtlasDeployment
Custom Resource.Adds OIDC and AWS IAM authentication fields to the
AtlasDatabaseUser
Custom Resource. To learn more, seespec.oidcAuthType
.
Changes
Deprecates
cloudProviderAccess*
fields in favor ofcloudProviderIntegration*
fields in theAtlasProject
Custom Resource.
Atlas Kubernetes Operator 2.0.1
Breaking Changes
Custom resources you delete in Kubernetes won't get deleted in Atlas. Instead, Atlas Kubernetes Operator stops managing those resources. For example, if you delete an
AtlasProject
Custom Resource in Kubernetes, Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas, preventing accidental or unexpected deletions. To learn more, including how to revert this behavior to the default prior to Atlas Kubernetes Operator 2.0.1, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.deploymentSpec
replacesadvancedDeploymentSpec
in theAtlasDeployment
custom resource. You must update yourAtlasDeployment
custom resource as follows:If you use
advancedDeploymentSpec
, rename todeploymentSpec
. You don't need to change any formatting.If you used
deploymentSpec
prior to Atlas Kubernetes Operator 2.0.1, rewrite yourAtlasDeployment
custom resource to match the formatting used in the examples.
Improves snapshot distribution management by removing
replicationSpecId
from theAtlasBackupSchedule
Custom Resource so it can be reused by multiple deployments managed by Atlas Kubernetes Operator. ThereplicationSpecId
is now automatically set for every deployment that references it. As a result of this change, you can no longer configurereplicationSpecId
and should remove it from yourAtlasBackupSchedule
custom resource.Forces the use of
secretRef
fields forencryptionAtRest
andalertConfigurations
features to promote security best practices. You should now store API secrets and credentials as secrets and reference them from theAtlasProject
Custom Resource using the following fields:For
spec.alertConfigurations.notifications
:Use
APITokenRef
instead ofAPIToken
Use
DatadogAPIKeyRef
instead ofDatadogAPIKey
Use
FlowdockTokenAPIRef
instead ofFlowdockTokenAPI
Use
OpsGenieAPIKeyRef
instead ofOpsGenieAPIKey
Use
VictorOpsSecretRef
instead ofVictorOpsAPIKey
andVictorOpsRoutingKey
To learn more, see Third-Party Alert Configuration Example.
AWS Use
secretRef
instead ofAccessKeyID
,SecretAccessKey
,CustomerMasterKeyID
, andRoleID
.Azure Use
secretRef
instead ofSubscriptionID
,KeyVaultName
,KeyIdentifier
, andSecret
.GCP Use
secretRef
instead ofServiceAccountKey
orKeyVersionResourceID
.
To learn more, see Encrypt Data Using a Key Management Service.
Atlas Kubernetes Operator 2.0.0
Warning
This release contains an issue that prevents Atlas Kubernetes Operator from reconciling the
AtlasBackupSchedule
Custom Resource when deletion protection is enabled.
Don't use this version (2.0.0), and instead use Atlas Kubernetes Operator 2.0.1.
Atlas Kubernetes Operator 1.9.3
Fixes an issue that caused reconciliation to fail when you updated a deployment with autoscaling enabled.
Atlas Kubernetes Operator 1.9.1
Fixes
Fixes missing permissions for the
AtlasFederatedAuth
Custom Resource.
Atlas Kubernetes Operator 1.9.0
Attention
Validation now rejects duplicate alert configurations.
Fixes
Fixes a bug that duplicated projects listed in a team's status.
Refactors the
IPAccessList
reconciliation flow to avoid unneeded recreation.Fixes backup schedule repeatedly updating.
New
Adds the
AtlasFederatedAuth
Custom Resource to configure federated authentication for Identity Providers that you already registered in Atlas.Supports Atlas for Government deployments. You must configure the Gov endpoint accordingly. Atlas Kubernetes Operator supports only AWS as a cloud provider for Atlas for Government.
Supports database deployment resource tagging. To learn more, see the following settings:
Adds new arguments to serverless for continuous backups and termination protection.
Improves validation and handling of autoscaling reporting.
Provides guidance on using third-party secret management tools with Atlas Kubernetes Operator to support external key management systems. To learn how to configure external secret storage for Atlas Kubernetes Operator, see Configure Secret Storage.
Uses UBI micro base image instead of minimal. The micro base image is a smaller base image with fewer dependencies.
Atlas Kubernetes Operator 1.8.2
Fixes an issue that caused continual audit log updates in the project activity feed.
Fixes an issue that caused incorrect reconciliation of custom database roles.
AtlasDeployment
Custom Resource:
Fixes an issue that prevented deleting the
AtlasBackupSchedule
Custom Resource when it was referenced by anAtlasDeployment
Custom Resource.
Atlas Kubernetes Operator 1.8.1
Upgrades the Atlas client to v0.32.0.
Fixes an issue where Atlas Kubernetes Operator could not watch secrets for third-party integrations.
Adds support for storing cloud provider credentials in secrets instead of the
AtlasProject
Custom Resource for the Encryption at Rest feature.Fixes Google Cloud credential validation for the Encryption at Rest feature.
AtlasDatabaseUser
Custom Resource:
Fixes an issue where private endpoint connection strings were missing from sharded clusters.
Atlas Kubernetes Operator 1.8.0
Fixes the
aws.roleID
field for the Encryption at Rest feature.Supports optional secrets for Alerts Configuration.
AtlasDataFederation
Custom Resource:
Supports managing Atlas Data Federation deployments.
Atlas Kubernetes Operator 1.7.3
Moves
leases.coordination.k8s.io
to its own proxy-role rule.
Adds the
spec.settings.IsExtendedStorageSizesEnabled
parameter.Upgrades Go to 1.20.
Atlas Kubernetes Operator 1.7.2
Updates the value of the
spec.export.frequencyType
parameter of theAtlasBackupSchedule
custom resource fromMONTHLY
tomonthly
.Fixes connection secret generation for different namespaces.
Fixes configuration of automated cloud backup export.
Atlas Kubernetes Operator 1.7.1
Fixes CVE-2023-0436: Secret logging may occur in debug mode of Atlas Operator
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version.
Required Configuration:
DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27)
CVSS: 4.5
CWE-319: Cleartext Transmission of Sensitive Information
Atlas Kubernetes Operator 1.7.0
Adds Openshift 4.12 compatibility.
Supports Kubernetes 1.25.
A project can now refer to a connection secret in a different namespace with the
spec.connectionSecretRef.namespace
parameter.Supports multiple private endpoints per a single provider and region.
Supports storing all private endpoint connection strings.
Fixes an issue with Google Cloud KMS for the Encryption at Rest feature.
AtlasDeployment
Custom Resource:
Deprecates the
autoIndexingEnabled
field.Supports snapshot distribution.
Atlas Kubernetes Operator 1.6.1
Fixes an issue with an IP access list.
AtlasDeployment
Custom Resource:
Fixes reconciliation for the
AtlasBackupSchedule
Custom Resource.
Atlas Kubernetes Operator 1.6.0
New Features
Adds an optional
--operatorVersion
parameter. To learn more, see Import Atlas Projects into Atlas Kubernetes Operator.Sets finalizers and support labels for
AtlasBackupSchedule
Custom Resource,AtlasBackupPolicy
Custom Resource, and Atlas teams custom resources.
AtlasDeployment
Custom Resource:
Adds support for Global Cluster parameters in
spec.advancedDeploymentSpec.*
andspec.deploymentSpec.*
. To learn more, see AtlasDeployment custom resource parameters. These Global Cluster parameters map zones to geographic regions and allow you to add labels. For a full list of available parameters, see the Atlas Global Clusters API.The Atlas Kubernetes Operator image now supports ARM64.
Atlas Kubernetes Operator 1.5.0
New Features
Adds Atlas Teams support.
AtlasDeployment
Custom Resource:
Adds serverless private endpoint support.
Fixes
Fixes an issue with connection secret creation.
Fixes the minimum version of Openshift.
Fixes the
InstanceSize
must match issue.Ensures private endpoints are always added to the status.
AtlasDeployment
Custom Resource:
Converts the
OplogMinRetentionHours
field properly.
Atlas Kubernetes Operator 1.4.1
New Features
Updates the minimum required Openshift version to 4.8.
Adds support for custom database roles via the
spec.customRoles
field.
Atlas Kubernetes Operator 1.4.0
New Features
Adds support for audit logs. You can enable auditing with the
spec.auditing.enabled
field. For more information about Atlas Kubernetes Operator auditing, see Configure Audit Logs.Adds support for project settings via the
spec.settings
field.Adds support for alert configurations via the
spec.alertConfigurations
field.
AtlasDeployment
Custom Resource:
Adds support for autoscaling of the
instanceSize
anddiskSizeGB
parameters.
Fixes
Fixes an issue where adding an IP address with CIDR block
/32
to Network Access could leave the IP Access List inactive indefinitely.Fixes an issue where creating project integrations that require namespace references could result in errors when the user provides a namespace other than the project namespace, or does not provide a namespace.
Atlas Kubernetes Operator 1.3.0
New Features
Adds support for network peering via the
spec.networkPeers
field.Adds support for cloud provider access via the
spec.cloudProviderAccessRoles
field.Adds support for encryption at rest via the
spec.encryptionAtRest
field.
AtlasDeployment
Custom Resource:
Adds a test to ensure that deleting a CRD does not affect
AtlasDeployment
Custom Resources with themongodb.com/atlas-resource-policy: "keep"
annotation.
Fixes
Fixes a resource reconciliation issue that occured when you delete an
AtlasDeployment
Custom Resource after the API key has expired.Fixes an issue where you could change the
instanceSize
anddiskSizeGB
parameters for deployments with autoscaling enabled. To change theinstanceSize
anddiskSizeGB
parameters, you must first disable autoscaling.Fixes an error message that returns when Atlas Kubernetes Operator can't delete a project's backup policy or backup schedule.
Atlas Kubernetes Operator 1.2.0
New Features
Upgrades Go to 1.18.
Adds support for Private Endpoints backwards sync to the AtlasProject Custom Resource.
Fixes
Fixes an issue where the AtlasDeployment Custom Resource was not created successfully when the instance size for a deployed resource changed from M10 to M40.
Fixes an issue where creating an AtlasDeployment Custom Resource with
advancedDeploymentSpec
failed withautoscaling.diskGBEnabled
and adds a newAdvancedAutoScalingSpec
struct toAdvancedDeploymentSpecChanges
.Fixes an issue where you could decrease
diskSizeGB
for deployments with autoscaling enabled. To change thediskSizeGB
parameter, you must first disable autoscaling.Fixes a resource reconciliation issue where the Atlas API returns an empty object for scheduled backups.
Atlas Kubernetes Operator 1.1.0
New Features
Adds support for
maintenance windows
.
Fixes
Fixes an issue where private endpoint connection strings were missing from Kubernetes secrets.
Fixes an issue where Atlas Kubernetes Operator didn't remove conditions for unused resources.
Adds missing private endpoint fields to Pod conditions.
Atlas Kubernetes Operator 1.0.0
Breaking Changes
Renames the
AtlasCluster
Custom Resource to theAtlasDeployment
Custom Resource.Renames
spec.clusterSpec
tospec.deploymentSpec
.Renames
spec.advancedClusterSpec
tospec.advancedDeploymentSpec
.
New Features
Adds log levels and JSON log output for Atlas Kubernetes Operator. To change the log level, you can provide the
—log-level=debug | info | warn | error | dpanic | panic | fatal
flag. To change the output format, you can provide the—log-encoder=json | console
flag.
Supports third-party integrations including Prometheus integrations.
Supports GCP private endpoints.
AtlasDeployment
Custom Resource:
Supports Serverless instances via the
spec.serverlessSpec
field.Supports scheduled backups for database deployments.
Supports upgrading
M0
,M2
, andM5
clusters toM10+
clusters via thespec.deploymentSpec.replicationSpecs.regionConfigs.electableSpecs.instanceSize
parameter.Supports advanced options via the
spec.processArgs
object.Supports omitting the
spec.deploymentSpec.replicationSpecs.regionConfigs.providerName
field forM0
,M2
, andM5
clusters.Supports omitting the
spec.serverlessSpec.providerSettings.providerName
field for Serverless instances.
Fixes
Fixes a bug where you couldn't delete the
AtlasProject
Custom Resource if the credentials secret was deleted.Resolves missing epoch timestamps in log messages.
Fixes a bug with the incorrect user-agent version.
Fixes an improper signature verification with the
golang.org/x/crypto/ssh
module.
Atlas Kubernetes Operator 0.8.0
Changes
Upgrades the Controller Runtime to v0.11.0.
Upgrades Go to 1.17.
When you install a cluster using Helm Charts, Helm doesn't exit until the cluster is ready if you set
postInstallHook.enabled
to true.Atlas Kubernetes Operator watches secrets only with the label
atlas.mongodb.com/type=credentials
to avoid watching unnecessary secrets.Supports the
mongodb.com/atlas-reconciliation-policy=skip
annotation for configuring Atlas Kubernetes Operator to skip reconciliations on specific resources.Supports X.509 authentication.
Bug Fixes
Fixes an issue that logged errors for resource deletion.
AtlasProject
Custom Resource
Changes
Atlas Kubernetes Operator no longer marks the
AtlasProject
Custom Resource as ready until the project IP access is successfully created.
AtlasCluster
Custom Resource
Changes
Adds the
spec.advancedClusterSpec
parameter to the AtlasCluster custom resource. TheAtlasCluster
custom resource now has two main configuration options. You must specify eitherspec.clusterSpec
orspec.advancedClusterSpec
. Thespec.clusterSpec
parameter uses the Atlas Cluster API Resource. Thespec.advancedClusterSpec
parameter uses the Atlas Advanced Cluster API Resource.Note
To migrate an existing resource to use the
spec.clusterSpec
structure, you must move all fields currently underspec.*
tospec.clusterSpec.*
with the exception ofspec.projectRef
.
You can find the images in the following location:
Atlas Kubernetes Operator 0.5.0
This Atlas Kubernetes Operator trial release lets you manage Atlas projects, clusters, and database users with Kubernetes specifications.
Changes
Introduces
Global
andper project
Atlas authentication modes. To learn more, see Configure Access to Atlas.Supports installing Atlas Kubernetes Operator clusterwide (all the namespaces in the Kubernetes cluster) or to its own namespace. To learn more, see Quick Start.
Introduces the
AtlasProject
Custom Resource. Use this resource to create Atlas projects and configure their IP access lists.Introduces the AtlasCluster custom resource. Use this resource to create clusters in an Atlas project.
Introduces the
AtlasDatabaseUser
Custom Resource for creating database users in an Atlas project.Allows you to create or update secrets for each database user and cluster. Applications can use these secrets in Kubernetes to connect to Atlas clusters.