Ops Manager Resource Specification

External Connectivity Settings

This section describes optional settings related to external connectivity in Ops Manager. For optional external connectivity settings specific to your multi-cluster Ops Manager deployment, see Multi-Cluster Settings.

spec.externalConnectivity

Type: collection

Configuration object that enables external connectivity to Ops Manager. If provided, the Kubernetes Operator creates a Kubernetes service that allows traffic originating from outside of the Kubernetes cluster to reach the Ops Manager application.

If not provided, the Kubernetes Operator doesn't create a Kubernetes service. You must create one manually or use a third-party solution that enables you to route external traffic to the Ops Manager Application in your Kubernetes cluster.

spec.externalConnectivity.type

Type: string

The Kubernetes service ServiceType that exposes Ops Manager outside of Kubernetes.

Required if spec.externalConnectivity.type is present.

Accepted values are: LoadBalancer and NodePort. LoadBalancer is recommended if your cloud provider supports it. Use NodePort for local deployments.

spec.externalConnectivity.port

Type: integer

Value that indicates which port that a Kubernetes service exposes the Ops Manager Application should use for external traffic.

• If spec.externalConnectivity.type is NodePort:

  • The Kubernetes service exposes the Ops Manager Application to external traffic through this port.

  • If you don't provide a spec.externalConnectivity.port value, the Kubernetes service routes traffic to the Ops Manager Application from an available port selected randomly from the following default range: 30000-32767.

    Note

    You must configure your network's firewall to allow traffic over this port.

• If spec.externalConnectivity.type is LoadBalancer:

  • The load balancer resource that your cloud provider creates exposes the Ops Manager Application through this port.

  • If you don't provide a spec.externalConnectivity.port value, the Kubernetes service exposes the Ops Manager Application to external traffic through the default HTTP (8080) or HTTPS (8443) port.

spec.externalConnectivity.loadBalancerIP

Type: string

The IP address the LoadBalancer Kubernetes service uses when the Kubernetes Operator creates it.

This setting can only be used if your cloud provider supports it and spec.externalConnectivity.type is LoadBalancer. To learn more about the Type LoadBalancer, see the Kubernetes documentation.

spec.externalConnectivity.externalTrafficPolicy

Type: string

Routing policy for external traffic to the Ops Manager Kubernetes service. The service routes external traffic to node-local or cluster-wide endpoints depending the value of this setting.

Accepted values are: Cluster and Local. To learn which of values meet your requirements, see Source IPs in Kubernetes in the Kubernetes documentation.

Note

If you select Cluster, the Source-IP of your clients are lost during the network hops that happen at the Kubernetes network boundary.

spec.externalConnectivity.annotations

Type: collection

Key-value pairs that allow you to provide cloud provider-specific configuration settings.

To learn more about Annotations and TLS support on AWS, see the Kubernetes documentation.

Backup Settings

This section describes optional settings related to backups in Ops Manager. For optional backup settings specific to your multi-cluster Ops Manager deployment, see Multi-Cluster Settings.

spec.backup.assignmentLabels

Type: array of strings

A list of assignment labels for the Backup Daemon Service processes. Use assignment labels to identify that specific backup daemon processes are associated with particular projects. If you set assignment labels using the Kubernetes Operator, the values that you set in the Kubernetes configuration file for assignment labels override the values defined in the Ops Manager UI. Assignment labels that you don't set using the Kubernetes Operator continue to use the values set in the Ops Manager UI.

spec.backup.enabled

Type: boolean

Flag that enables Backup for your Ops Manager resource. When set to false, Backup is disabled.

Default value is true.

spec.backup.encryption

Type: object

Object that contains the backup encryption configuration settings.

spec.backup.encryption.kmip

Type: object

Object that contains the KMIP backup encryption configuration settings. To learn more, see Configure KMIP Backup Encryption for Ops Manager.

Note

If you set this parameter, the API key linked with the value of spec.credentials must have the Global Owner role.

spec.backup.encryption.kmip.server

Type: object

Object that contains the KMIP backup encryption server configuration settings.

spec.backup.encryption.kmip.server.ca

Type: string

Human-readable label that identifies the ConfigMap that contains an entry for the CA certificate (ca.pem) to use for KMIP authentication.

spec.backup.encryption.kmip.server.url

Type: string

URL for the KMIP server that uses the hostname.port format (for example, 192.168.1.3:5696 or my-kmip-server.mycorp.com:5696).

spec.backup.headDB

Type: collection

Configuration settings for the head database. Kubernetes Operator creates a Persistent Volume Claim with the specified configuration.

Scalar	Data Type	Description
labelSelector	string	Tag used to bind mounted volumes to directories.
storage	string	Minimum size of Persistent Volume that should be mounted. This value is expressed as an integer followed by a unit of storage in JEDEC notation. Default value is 30Gi. To learn more, see Backup Daemon Hardware Requirements. For example, if the head database requires 60 gigabytes of storage space, set this value to 60Gi.
storageClass	string	Type of storage specified in a Persistent Volume Claim. You may create this storage type as a StorageClass object before using it in this object specification. Make sure to set the StorageClass reclaimPolicy to Retain. This ensures that data is retained when a Persistent Volume Claim is removed.

spec.backup.jvmParameters

Type: array of strings

Optional. JVM parameters passed to the Ops Manager backup service in the container.

This Kubernetes Operator parameter defaults to an empty list.

spec:
  backup:
    jvmParameters: ["-XX:+UseStringCache"]

Warning

Change the JVM Memory Heap values at your own risk

Kubernetes Operator calculates the JVM memory heap values of the backup service based on the container's memory. Changing the -Xms and -Xmx values can cause issues with Ops Manager.

spec.backup.members

Type: integer

Optional. Number of backup daemon services to deploy in Kubernetes. If not specified, defaults to 1. To ensure high availability for your backup service, deploy multiple backup daemons in Ops Manager.

spec.backup.opLogStores

Type: collection

Required if you enable backup. Array of oplog stores used for backup. Each item in the array references a MongoDB database resource deployed in the Kubernetes cluster by the Kubernetes Operator.

spec.backup.opLogStores.assignmentLabels

Type: array of strings

A list of assignment labels for the oplog store. Use assignment labels to identify that specific oplog stores are associated with particular projects. If you set assignment labels using the Kubernetes Operator, the values that you set in the Kubernetes configuration file for assignment labels override the values defined in the Ops Manager UI. Assignment labels that you don't set using the Kubernetes Operator continue to use the values set in the Ops Manager UI.

spec.backup.opLogStores.name

Type: string

Required if you enable Backup. Name of the oplog store.

Important

Once specified, don't edit the name of the oplog store.

spec.backup.opLogStores.mongodbResourceRef.name

Type: string

Required if you enable Backup. Name of the MongoDB resource or the MongoDBMultiCluster resource that you create to store oplog slices. You must deploy this resource in the same namespace as the Ops Manager resource.

The Oplog database only supports the SCRAM authentication mechanism. You cannot enable other authentication mechanisms.

If you enable SCRAM authentication on the oplog database, you must:

• Create a MongoDB user resource to connect Ops Manager to the oplog database.

• Specify the name of the user in the Ops Manager resource definition.

If a MongoDB database resource with this name doesn't exist, the backup resource enters a Pending state. The Kubernetes Operator retries every 10 seconds until a MongoDB database resource with this name is created.

Note

The Kubernetes Operator begins to reconcile the Ops Manager resource automatically when you make security changes to the database resources you reference in this setting. The Kubernetes Operator updates the mongoURI and ssl flags in the Ops Manager configuration based on your changes.

spec.backup.opLogStores.mongodbUserRef.name

Type: string

Required if SCRAM authentication is enabled on the oplog store database. Name of the MongoDB user resource used to connect to the oplog store database. Deploy this user resource in the same namespace as the Ops Manager resource and with all of the following roles:

• readWriteAnyDatabase

• dbAdminAnyDatabase

• clusterMonitor

spec.backup.blockStores

Type: collection

Required if you enable Backup using a blockstore. Array of blockstores used for Backup. Each item in the array references a MongoDB database resource deployed in the Kubernetes cluster by the Kubernetes Operator.

spec.backup.blockStores.assignmentLabels

Type: array of strings

A list of assignment labels for the blockstore. Use assignment labels to identify that specific blockstores are associated with particular projects. If you set assignment labels using the Kubernetes Operator, the values that you set in the Kubernetes configuration file for assignment labels override the values defined in the Ops Manager UI. Assignment labels that you don't set using the Kubernetes Operator continue to use the values set in the Ops Manager UI.

spec.backup.blockStores.name

Type: string

Required if you enable backup using a blockstore. Name of the blockstore.

Important

Once specified, don't edit the name of the blockstore.

spec.backup.blockStores.mongodbResourceRef.name

Type: string

Required if you enable backup using a blockstore. Name of the MongoDB database resource that you create for the blockstore. You must deploy this database resource in the same namespace as the Ops Manager resource.

The blockstore database only supports the SCRAM authentication mechanism. You cannot enable other authentication mechanisms.

If you enable SCRAM authentication on the blockstore database, you must:

• Create a MongoDB user resource to connect Ops Manager to the blockstore database.

• Specify the name of the user in the Ops Manager resource definition.

If a MongoDB database resource with this name doesn't exist, the backup resource enters a Pending state. The Kubernetes Operator retries every 10 seconds until a MongoDB database resource with this name is created.

Note

The Kubernetes Operator begins to reconcile the Ops Manager resource automatically when you make security changes to the database resources you reference in this setting. The Kubernetes Operator updates the mongoURI and ssl flags in the Ops Manager configuration based on your changes.

spec.backup.blockStores.mongodbUserRef.name

Type: string

Required if SCRAM authentication is enabled on the blockstore database. Name of the MongoDB user resource used to connect to the blockstore database. Deploy this user resource in the same namespace as the Ops Manager resource and with all of the following roles:

• readWriteAnyDatabase

• dbAdminAnyDatabase

• clusterMonitor

spec.backup.queryableBackupSecretRef.name

Type: string

Name of the secret that contains the queryable.pem file from Ops Manager that you will use for accessing and querying backups based on your deployment's TLS requirements.The PEM file contains a public key certificate and its associated private key that are needed to access and run queries on backup snapshots in Ops Manager. To query backups, specify the value for this parameter. If not set, backups are not affected, but you can't query them.

spec.backup.statefulSet.spec

Type: collection

Specification for the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the backup daemon service.

To review which fields you can add to spec.backup.statefulSet.spec, see StatefulSetSpec v1 apps in the Kubernetes documentation.

spec.backup.statefulSet.spec.template

Type: collection

Template for the Kubernetes Pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the backup daemon service.

Note

The Kubernetes Operator doesn't validate the fields you provide in spec.backup.statefulSet.spec.template.

spec.backup.statefulSet.spec.template.metadata

Type: collection

Metadata for the Kubernetes Pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the backup daemon service.

To review which fields you can add to spec.backup.statefulSet.spec.template.metadata, see the Kubernetes documentation.

spec.backup.statefulSet.spec.template.spec

Type: collection

Specifications of the Kubernetes Pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the backup daemon service.

To review the complete list of fields you can add to spec.backup.statefulSet.spec.template.spec, see the Kubernetes documentation.

The following example spec.backup.statefulSet.spec.template.spec defines minimum and maximum CPU and memory capacity for one backup daemon service container the MongoDB Enterprise Kubernetes Operator deploys:

statefulSet:
  spec:
    template:
      spec:
        containers:
        - name: mongodb-backup-daemon
          resources:
            requests:
              cpu: "0.50"
              memory: "4500M"
            limits:
              cpu: "1"
              memory: "6000M"

spec.backup.statefulSet.spec.template.spec.containers

Type: collection

List of containers that belong to the Kubernetes Pods in the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for the backup daemon service.

To modify the specifications of the backup daemon service container, you must provide the exact name of the container using the name field, as shown in the following example:

backup:
 statefulSet:
   spec:
     template:
       spec:
         containers:
         - name: mongodb-backup-daemon

Note

When you add containers to spec.backup.statefulSet.spec.template.spec.containers, the Kubernetes Operator adds them to the Kubernetes pod. These containers are appended to the Backup Daemon Service containers in the pod.

spec.backup.statefulSet.spec.template.spec.containers.resources.requests.cpu

Type: string

Minimum CPU capacity that must be available on a Kubernetes node to host the backup daemon service.

The requested value must be less than or equal to spec.backup.statefulSet.spec.template.spec.containers.resources.limits.cpu.

spec.backup.statefulSet.spec.template.spec.containers.resources.limits.cpu

Type: string

Maximum CPU capacity for the node being created to host the backup daemon service. If omitted, this value is set to spec.backup.statefulSet.spec.template.spec.containers.resources.requests.cpu.

spec.backup.statefulSet.spec.template.spec.containers.resources.requests.memory

Type: string

Minimum memory capacity that must be available on a Kubernetes node to host the backup daemon service on Kubernetes. This value is expressed as an integer followed by a unit of memory in JEDEC notation.

Note

Set this value to at least 4.5Gi. Values of less than 4.5Gi might result in an error.

The requested value must be less than or equal to spec.backup.statefulSet.spec.template.spec.containers.resources.limits.memory.

spec.backup.statefulSet.spec.template.spec.containers.resources.limits.memory

Type: string

Maximum memory capacity for the node being created to host the backup daemon service. If omitted, this value is set to spec.backup.statefulSet.spec.template.spec.containers.resources.requests.memory.

The Kubernetes Operator calculates and sets parameters for Java heap size based on the container's memory.

Warning

Limit this value to less than 32 GB

Setting this value to a value greater than 32 GB (32Gi) can cause issues with the backup service. Excessive heaps can cause unpredictable results in Ops Manager.

S3 Settings

You can configure Ops Manager to use S3 for storing oplogs and backup snapshots, and secure connections to S3 with TLS using keys issued by custom CA.

To configure custom CA keys, use the ConfigMap with which you configured TLS for your Application Database as described on the TLS-Encrypted Connection (HTTPS) tab of Deploy an Ops Manager Resource. Set spec.applicationDatabase.security.tls.ca to this ConfigMap.

You can use TLS for both S3 and your Application Database, or for S3 only.

• To use TLS for both, get certificates for both purposes from the same ca-pem referenced in the ConfigMap.

• To use TLS for S3 only, don't define spec.security.applicationDatabase.certsSecretPrefix in your ConfigMap.

spec.backup.s3OpLogStores.assignmentLabels

Type: array of strings

A list of assignment labels for S3 oplog stores. Use assignment labels to identify that specific S3 oplog stores are associated with particular projects. If you set assignment labels using the Kubernetes Operator, the values that you set in the Kubernetes configuration file for assignment labels override the values defined in the Ops Manager UI. Assignment labels that you don't set using the Kubernetes Operator continue to use the values set in the Ops Manager UI.

spec.backup.s3OpLogStores.customCertificate

Type: boolean

Deprecated. Use spec.backup.s3OpLogStores.customCertificateSecretRefs instead.

Flag that indicates whether you use AppDB certificates (appdb-ca) as the custom TLS certificate for your S3 oplog store. The default is False.

spec.backup.s3OpLogStores.customCertificateSecretRefs

Type: array of objects

List of custom certificates for your S3 oplog store using Kubernetes secrets. The base64-encoded x.509 certificate must already be present in a Kubernetes secret with a key and must be parsable by the Java CertifcateFactory. You can't specify multiple certificates in a chain in one secret. If you specify multiple certificates in a chain in one secret, Kubernetes Operator uses only the first certificate in the chain. If you also provide the customCertificate setting, Kubernetes Operator uses the spec.applicationDatabase.security.tls.ca as the custom certificate for backups.

Each entry in the list specifies the name and the key. If you specify multiple secrets, Kubernetes Operator uses all the certificates in the specified secrets.

If you don't provide this setting, Ops Manager uses the JVM Default Trust Store used by Ops Manager.

spec.backup.s3OpLogStores.customCertificateSecretRefs.name

Type: string

Required to use custom certificates for your S3 oplog store. Kubernetes secret that contains the custom certificate.

spec.configuration.mms.mongoDbUsage.defaultUsageType

Type: string

The Kubernetes service's default server type.

spec.backup.s3OpLogStores.customCertificateSecretRefs.key

Type: string

Required to use custom certificates for your S3 oplog store. File that represents the key in the secret that contains the base64-encoded x.509 certificate. If you don't specify this setting, the Kubernetes Operator can't utilize the custom certificate for S3 oplog store backups.

spec.backup.s3OpLogStores.irsaEnabled

Type: boolean

Flag that enables using AWS IAM roles for service accounts in AWS EKS to configure an S3 oplog store. The default is False. If you aren't using AWS EKS, this flag has no effect. When set to False, using AWS IAM roles for service accounts in EKS to configure an S3 oplog store is disabled. To learn more, see IAM roles for service accounts in EKS.

spec.backup.s3OpLogStores.name

Type: string

Required to store the oplog using an S3 store. Name of the S3 oplog store.

spec.backup.s3OpLogStores.mongodbResourceRef.name

Type: string

Name of the MongoDB database resource that you create to store metadata for the S3 oplog store. You must deploy this database resource in the same namespace as the Ops Manager resource.

Note

Omit this setting to use the Application Database to store metadata for the S3 oplog store.

If you omit this setting, you must also omit the spec.backup.s3OpLogStores.mongodbUserRef.name setting. The Kubernetes Operator handles SCRAM user authentication internally.

If you enable SCRAM authentication on this database, you must:

• Create a MongoDB user resource to connect Ops Manager to the database.

• Specify the name of the user in the Ops Manager resource definition.

spec.backup.s3OpLogStores.mongodbUserRef.name

Type: string

Required if you created a MongoDB database resource to store S3 oplog metadata and SCRAM is enabled on this database. Name of the MongoDB user resource used to connect to the metadata database of the S3 oplog store. Deploy this user resource in the same namespace as the Ops Manager resource and with all of the following roles:

• readWriteAnyDatabase

• dbAdminAnyDatabase

• clusterMonitor

Important

Once specified, don't edit the name of the S3 metadata oplog store username.

spec.backup.s3OpLogStores.s3SecretRef.name

Type: string

Required to store the oplog using an S3 store. Name of the secret that contains the accessKey and secretKey fields. The backup daemon service uses the values of these fields as credentials to access your AWS S3 or S3-compatible bucket. To configure the S3 oplog store, you must specify both keys in the secret.

spec.backup.s3OpLogStores.pathStyleAccessEnabled

Type: boolean

Indicates the style of the bucket endpoint URL.

Value	Description	Example
true	Path-style URL	s3.amazonaws.com/<bucket>
false	Virtual-host-style URL	<bucket>.s3.amazonaws.com

To learn more about annotations and TLS support on AWS, see the Kubernetes documentation.

Default value is true.

spec.backup.s3OpLogStores.s3BucketEndpoint

Type: string

Required to store the oplog using an S3 store. URL of the AWS S3 bucket or S3-compatible bucket that hosts the oplog store.

Note

If your endpoint doesn't include a region in its URL, specify the s3RegionOverride field.

spec.backup.s3OpLogStores.s3BucketName

Type: string

Required to store the oplog using an S3 store. Name of the AWS S3 bucket or S3-compatible bucket that hosts the oplog store.

spec.backup.s3OpLogStores.s3RegionOverride

Type: string

Region where your S3-compatible bucket resides. Use this field only if your S3 oplog store's s3BucketEndpoint doesn't support region scoping. Region scoping is when your endpoint doesn't include a region in its URL.

Don't use this field with AWS S3 buckets. For more information, see S3 Blockstore Configuration.

spec.backup.s3Stores.assignmentLabels

Type: array of strings

A list of assignment labels for the S3 or S3-compatible buckets where stores the database backup snapshots. Use assignment labels to identify that specific S3 stores are associated with particular projects. If you set assignment labels using the Kubernetes Operator, the values that you set in the Kubernetes configuration file for assignment labels override the values defined in the Ops Manager UI. Assignment labels that you don't set using the Kubernetes Operator continue to use the values set in the Ops Manager UI.

spec.backup.s3Stores.customCertificate

Type: boolean

Deprecated. Use spec.backup.s3Stores.customCertificateSecretRefs instead.

Flag that indicates whether you use Application Database's certificates (appdb-ca) as the custom TLS certificate for your S3 backups. The default is False.

spec.backup.s3Stores.customCertificateSecretRefs

Type: array of objects

List of custom certificates for your S3 snapshot store using Kubernetes secrets. The base64-encoded x.509 certificate must already be present in a Kubernetes secret with a key and must be parsable by the Java CertifcateFactory. You can't specify multiple certificates in a chain in one secret. If you specify multiple certificates in a chain in one secret, Kubernetes Operator uses only the first certificate in the chain. If you also provide the spec.backup.s3Stores.customCertificate setting, Kubernetes Operator uses the spec.applicationDatabase.security.tls.ca as the custom certificate for backups.

Each entry in the list specifies the name and the key. If you specify multiple secrets, Kubernetes Operator uses all the specified secrets.

If you don't provide this setting, the Kubernetes Operator uses the JVM Default Trust Store used by Ops Manager for backups.

spec.backup.s3Stores.customCertificateSecretRefs.name

Type: string

Required to use custom certificates for your S3 oplog store. Kubernetes secret that contains the custom certificate.

spec.backup.s3Stores.customCertificateSecretRefs.key

Type: string

Required to use custom certificates for your S3 oplog store. File that represents the key in the secret that contains the base64-encoded x.509 certificate. If you don't specify this setting, Kubernetes Operator can't utilize the custom certificate for S3 snapshot store and defaults to the default JVM {Java Virtual Machine) trust store used by Ops Manager.

spec.backup.s3Stores.irsaEnabled

Type: boolean

Flag that enables using AWS IAM roles for service accounts in AWS EKS to configure an S3 snapshot store. The default is False. If you aren't using AWS EKS, this flag has no effect. When set to False, using AWS IAM roles for service accounts in EKS to configure an S3 snapshot store is disabled. To learn more, see IAM roles for service accounts in EKS.

spec.backup.s3Stores.name

Type: string

Required to store the oplog using an S3 store. Name of the S3 snapshot store.

Important

Once specified, don't edit the name of the S3 snapshot store. This change will likely fail if backups use the old name. The consequences of a successful change are unpredictable.

spec.backup.s3Stores.mongodbResourceRef.name

Type: string

Name of the MongoDB resource or MongoDBMultiCluster resource that you create to store metadata for the S3 snapshot store. You must deploy this database resource in the same namespace as the Ops Manager resource.

Note

Omit this setting to use the Application Database to store metadata for the S3 snapshot store.

If you omit this setting, you must also omit the spec.backup.s3Stores.mongodbUserRef.name setting. The Kubernetes Operator handles SCRAM user authentication internally.

If you enable SCRAM authentication on this database, you must:

• Create a MongoDB user resource to connect Ops Manager to the database.

• Specify the name of the user in the Ops Manager resource definition.

Important

Once specified, don't edit the name of the S3 snapshot store. This change will likely fail if backups use the old name. The consequences of a successful change are unpredictable.

If a MongoDB database resource with this name doesn't exist, the backup resource enters a Pending state. The Kubernetes Operator retries every 10 seconds until a MongoDB database resource with this name is created.

Note

The Kubernetes Operator begins to reconcile the Ops Manager resource automatically when you make security changes to the database resources you reference in this setting. The Kubernetes Operator updates the mongoURI and ssl flags in the Ops Manager configuration based on your changes.

spec.backup.s3Stores.mongodbUserRef.name

Type: string

Required if you created a MongoDB database resource to store |s3| snapshot metadata and SCRAM is enabled on this database. Name of the MongoDB user resource used to connect to the metadata database of the S3 snapshot store. Deploy this user resource in the same namespace as the Ops Manager resource and with all of the following roles:

• readWriteAnyDatabase

• dbAdminAnyDatabase

• clusterMonitor

Important

Once specified, don't edit the name of the S3 metadata snapshot store username.

spec.backup.s3Stores.s3SecretRef.name

Type: string

Required if you enable Backup using an S3 store. Name of the secret that contains the accessKey and secretKey fields. The backup daemon service uses the values of these fields as credentials to access your AWS S3 or S3-compatible bucket. The S3 snapshot store can't be configured if the secret is missing either key.

spec.backup.s3Stores.pathStyleAccessEnabled

Type: boolean

Indicates the style of the bucket endpoint URL.

Value	Description	Example
true	Path-style URL	s3.amazonaws.com/<bucket>
false	Virtual-host-style URL	<bucket>.s3.amazonaws.com

Default value is true.

spec.backup.s3Stores.s3BucketEndpoint

Type: string

Required if you enable Backup using an S3 store. URL of the AWS S3 bucket or S3-compatible bucket that hosts the snapshot store.

Note

If your endpoint doesn't include a region in its URL, specify the s3RegionOverride field.

spec.backup.s3Stores.s3BucketName

Type: string

Required if you enable Backup using an S3 store. Name of the AWS S3 bucket or S3-compatible bucket that hosts the snapshot store.

spec.backup.s3Stores.s3RegionOverride

Type: string

Region where your S3-compatible bucket resides. Use this field only if your S3 store's s3BucketEndpoint doesn't support region scoping. Region scoping is when your endpoint doesn't include a region in its URL.

Don't use this field with AWS S3 buckets. For more information, see S3 Blockstore Configuration.

Prometheus Settings

The following settings apply when you use Prometheus with your Application Database:

spec.applicationDatabase.prometheus

Type: array

Optional. List that contains the parameters for exposing metrics to Prometheus.

spec.applicationDatabase.prometheus.metricsPath

Type: string

Default: "/metrics"

Optional. Human-readable string that indicates the path to the metrics endpoint. If you don't specify this setting, the default applies.

spec.applicationDatabase.prometheus.passwordSecretRef

Type: object

Conditional Object that contains the details of the secret for basic HTTP authentication. If you want to use Prometheus with your Application Database, you must specify this setting.

spec.applicationDatabase.prometheus.passwordSecretRef.key

Type: string

Default: "password"

Optional. Human-readable string that identifies the key in the secret that stores the password for basic HTTP authentication. If you don't specify this setting, the default applies.

spec.applicationDatabase.prometheus.passwordSecretRef.name

Type: string

Conditional

Human-readable label that identifies the secret that contains the password for basic HTTP authentication. If you want to use Prometheus with your Application Database, you must specify this setting.

spec.applicationDatabase.prometheus.port

Type: integer

Default: 9216

Optional. Number that identifies the port that the metrics endpoint will bind to. If you don't specify this setting, the default applies.

spec.applicationDatabase.prometheus.tlseSecretKeyRef

Type: object

Optional. Object that contains the details of the secret for TLS authentication.

spec.applicationDatabase.prometheus.tlseSecretKeyRef.key

Type: string

Default: "password"

Optional. Human-readable string that identifies the key in the secret that stores the password for TLS authentication. If you don't specify this setting, the default applies.

spec.applicationDatabase.prometheus.tlseSecretKeyRef.name

Type: string

Conditional. Human-readable label that identifies the secret that contains the password for TLS authentication. If you want to use Prometheus with your Application Database and you want to use TLS authentication, you must specify this setting.

spec.applicationDatabase.prometheus.username

Type: string

Conditional. Human-readable label that identifies the user for basic HTTP authentication. If you want to use Prometheus with your application database, you must specify this setting.

Ops Manager Required Settings

This section describes settings that you must use for your multi-cluster Ops Manager deployment in addition to the required Ops Manager settings.

spec.clusterSpecList.members

Type: integer

Conditional. The number of Ops Manager members in the Ops Manager cluster in a multi-Kubernetes cluster MongoDB deployment. When you set spec.topology to MultiCluster, you must specify the value for this parameter. Omit this parameter for single-cluster deployments. If you set this parameter to zero, this removes this Ops Manager member cluster from the list of member clusters in the multi-Kubernetes cluster of Ops Manager instances.

spec.topology

Type: string

The type of the Kubernetes deployment for the Ops Manager Resource.

• The values are SingleCluster or MultiCluster. If omitted, the default value is SingleCluster.

• If you specify MultiCluster:

  • Add the MongoDBMultiCluster resource to the watched resources list. This indicates to the Kubernetes Operator that it should work in multi-Kubernetes cluster mode and perform configuration actions required for handling multi-Kubernetes resources.

  • Specify at least one member cluster on which you want to deploy Ops Manager, using spec.clusterSpecList and its nested spec.clusterSpecList.clusterName and spec.clusterSpecList.members parameters.

  • If you specify MultiCluster, the Kubernetes Operator ignores any values that you set for spec.members. See the example of the resource specification.

Ops Manager Optional Settings

Ops Manager resources can also use the following settings specific to multi-cluster Ops Manager deployments:

spec.clusterSpecList

Type: collection

Conditional. Details of selected Kubernetes member clusters in a multi-Kubernetes cluster where you intend to deploy Ops Manager or Backup Daemon instances. See also the example of the resource specification.

• When you set spec.topology to MultiCluster, you must specify the value for spec.clusterSpecList.members. All other parameters under spec.clusterSpecList are optional.

• When you set spec.topology to SingleCluster, the Kubernetes Operator ignores all parameters under spec.clusterSpecList.

spec.clusterSpecList.clusterName

Type: string

Optional. Name of the member Kubernetes cluster in a multi-Kubernetes cluster MongoDB deployment where the MongoDB Enterprise Kubernetes Operator schedules the StatefulSet for Ops Manager or the Backup Daemon.

spec.clusterSpecList.clusterDomain

Type: string

Optional. An override for spec.clusterDomain for the specific Ops Manager member cluster. If you omit this value, defaults to the value set in spec.clusterDomain. Kubernetes assigns each Pod a FQDN. The Kubernetes Operator calculates the FQDN for each Pod using a provided clusterDomain value. Kubernetes doesn't provide an API to query these hostnames.

spec.clusterSpecList.configuration

Type: collection

Optional. Ops Manager configuration properties that override properties you set in spec.configuration for the specific cluster. See Ops Manager Configuration Settings for property names and descriptions. Each property takes a value of type string. For example, setting these properties allows you to change environment variables that you must pass to Ops Manager and the Backup Daemon in that particular member cluster.

If you omit specifying values, defaults to the values set in spec.configuration.

spec.clusterSpecList.jvmParameters

Type: array of strings

Optional. JVM parameters passed to the Ops Manager and Backup Daemon instances for this member cluster.

• If you specify this parameter, its values override the values specified in spec.jvmParameters. For example values, see the example of the resource specification.

• If you omit this parameter, values from the spec.jvmParameters are used for the Ops Manager and Backup Daemon instances in this member cluster.

spec.clusterSpecList.externalConnectivity

Type: collection

Optional. Configuration object that enables external connectivity to Ops Manager for the specific cluster. This is an override for spec.externalConnectivity for the specific cluster.

Specify values for this parameter to change how the Ops Manager application is exposed externally in different clusters. For example, if you deploy Ops Manager on Kubernetes nodes across different cloud providers, you might be required to specify cloud proviver-specific values for this parameter.

If you set this parameter:

• The Kubernetes Operator doesn't use spec.externalConnectivity values for this member Ops Manager cluster.

• The Kubernetes Operator creates a Kubernetes service, named <om-name>-svc-ext, that allows traffic originating from outside of the Kubernetes cluster to reach the Ops Manager application on this member cluster.

If you omit this parameter, the Kubernetes Operator uses values from spec.externalConnectivity for this member cluster.

spec.clusterSpecList.statefulSet.spec

Type: collection

Optional. Specification for the StatefulSet that the MongoDB Enterprise Kubernetes Operator creates for a specific member cluster in the multi-Kubernetes cluster Ops Manager deployment. This parameter is an override for spec.statefulSet.spec. If you omit it, the Kubernetes Operator uses the values from spec.statefulSet.spec. For example, you can use this parameter to specify different storage values for each of your Ops Manager clusters in the multi-Kubernetes cluster MongoDB deployment.

To review which fields you can add to spec.clusterSpecList.statefulSet.spec, see StatefulSetSpec v1 apps in the Kubernetes documentation.

spec.clusterSpecList[*].backup

Optional. Backup settings that override values specified under spec.backup for that particular member cluster.

• You can set these values only if spec.backup.enabled is set to true.

• If you omit setting any values for this parameter, they default to values specified in settings under spec.backup.

• Not all backup settings are supported in this override. You can't override the following backup settings because they apply globally to all member clusters, if specified under spec.backup:

  • externalServiceEnabled

  • headDB

  • opLogStores

  • blockStores

  • s3Stores

  • fileSystemStores

  • queryableBackupSecretRef

  • encryption

spec.clusterSpecList[*].backup.members

Type: integer

Optional. Override for spec.backup.members. The number of Backup Daemon instances to deploy in this cluster. if you omit this value or provide a value of 0, the Kubernetes Operator won't deploy Backup Daemon instances in a particular member cluster.

spec.clusterSpecList[*].backup.assignmentLabels

Type: array of strings

Optional. Override for spec.backup.assignmentLabels. If specified, the Kubernetes Operator uses the values you specify in this override for all Backup Daemon instances in a particular member cluster. If you omit values for this parameter, the values default to those specified in spec.backup.assignmentLabels for all Backup Daemon instances in a member cluster.

spec.clusterSpecList[*].backup.jvmParameters

Type: array of strings

Optional. Override for spec.backup.jvmParameters. Allows you to customize the JVM value for Backup Daemon instances in a particular member cluster.

spec.clusterSpecList[*].backup.statefulSet

Type: string

Optional. Override for spec.backup.statefulSet.spec. Allows you to customize the values for a Backup Daemon in a particular member cluster. To review which fields you can add to spec.clusterSpecList[*].backup.statefulSet, see StatefulSetSpec v1 apps in the Kubernetes documentation.

Application Database Required Settings

This section describes settings specific to your multi-cluster Ops Manager deployment that you must use for your Application Database.

spec.applicationDatabase.clusterSpecList

Type: collection

Details of selected Kubernetes member clusters in a multi-Kubernetes cluster MongoDB deployment that serve as nodes that host the Application Database.

spec.applicationDatabase.clusterSpecList.clusterName

Type: string

Name of the member Kubernetes cluster in a multi-Kubernetes cluster MongoDB deployment where the MongoDB Enterprise Kubernetes Operator schedules the StatefulSet for the Application Database.

Important

You can't convert a single cluster Ops Manager instance to a multi-Kubernetes cluster MongoDB deployment instance by modifying the topology and the clusterSpecList settings in the CRD.

spec.applicationDatabase.clusterSpecList.members

Type: number

Number of statefulSet nodes in the given member cluster. The member cluster is one of the member clusters that hosts the Application Database in a multi-Kubernetes cluster MongoDB deployment.

spec.applicationDatabase.topology

Type: string

The type of the Kubernetes deployment for the Application Database.

• The values are SingleCluster or MultiCluster. If omitted, the default value is SingleCluster.

• If you specify MultiCluster, you must specify at least one member

• cluster on which you want to deploy the Application Database using the clusterSpecList, clusterName, members parameters.

• If you specify MultiCluster, the Kubernetes Operator ignores values that you set for the spec.applicationDatabase.members field.

To learn more, see the example of the multi-cluster resource specification.

Application Database Optional Settings

This section describes settings specific to your multi-cluster Ops Manager deployment that you can use for your Application Database.

spec.applicationDatabase.clusterSpecList.memberConfig

Type: array of strings

Specification for each Application Database replica set member in your multi-cluster Ops Manager deployment.

Important

If you set spec.topology to SingleCluster, use spec.applicationDatabase.memberConfig instead of spec.applicationDatabase.clusterSpecList.memberConfig.

The number of elements in the memberConfig list must equal spec.applicationDatabase.clusterSpecList.members.

The order of the elements in the memberConfig list must reflect the order of members in the replica set. For example, the first element of the array affects the Pod at index 0, the second element affects index 1, and so on.

Example

Consider the following example specification for a three-member replica set for the Application Database:

spec:
  replicas: 3
  version: 4.4.1
  backup:
    enabled: true
  storage:
    resources:
      requests:
        storage: 10Gi
      storageClassName: standard
  applicationDatabase:
    clusterSpecList:
      - name: appdb
        members: 3
        memberConfig:
          - votes: 1
            priority: "0.5"
            tags:
              tag1: "value1"
              environment: "prod"
          - votes: 1
            priority: "1.5"
            tags:
              tag2: "value2"
              environment: "prod"
          - votes: 0
            priority: "0"
            tags:
              tag2: "value2"
              environment: "prod"

spec.applicationDatabase.clusterSpecList.memberConfig.priority

Type: string

Number that indicates the relative likelihood of an Application Database replica set member to become the primary.

• To increase the relative likelihood that a replica set member becomes the primary, specify a higher priority value.

• To decrease the relative likelihood that a replica set member becomes the primary, specify a lower priority value.

For example, a member with a memberConfig.priority of 1.5 is more likely than a member with a memberConfig.priority of 0.5 to become the primary.

A member with a memberConfig.priority of 0 is ineligible to become the primary. To learn more, see Member Priority.

spec.applicationDatabase.clusterSpecList.memberConfig.tags

Type: map

Map of replica set tags for directing read and write operations to specific members of your Application Database replica set.

spec.applicationDatabase.clusterSpecList.memberConfig.votes

Type: number

Determines whether an Application Database replica set member can vote in an election. Set to 1 to allow the member to vote. Set to 0 to exclude the member from an election.