Atlas Kubernetes Operator Changelog

New Features, Improvements and Fixes

• Adds support for local credentials for custom resources, allowing specific custom resources to be managed using specific Atlas Admin API credentials.

• AtlasDeployment and AtlasDatabaseUser can now be used as independent resources, meaning you can manage Atlas deployments without also managing the project using the Atlas Kubernetes Operator.

• Adds new "basic deployment" and "advanced deployment" Helm templates that allow provisioning of Atlas projects, deployments, and database users.

• Fixes the case when changing the Instance Size was ignored for a shared cluster.

• Resolves Operator panic when changing a deployment to or from serverless instances.

• Adds cleanup of orphan connection strings after a database user was deleted.

• Fixes the case when an AtlasTeam resource that is not managed by the Atlas Kubernetes Operator (not assigned to any AtlasProject resource) was wrongly deleted.

• Removes custom ResourceWatcher in favor of controller-runtime field indexers. The legacy internal custom ResourceWatcher had bugs and its usage was error prone which could lead to lost data and data integrity issues with resources managed by Atlas Kubernetes Operator.

• Supports Kubernetes versions 1.28 through 1.30.

• Supports OpenShift version 4.16.

New Features, Improvements and Fixes

• Fixes a bug where Atlas Kubernetes Operator sometimes skips periodic reconciliation if there were no changes to custom resources.

• Updates deletion protection to delete a team from the Atlas Kubernetes Operator, but keeps it in Atlas when there are no projects associated to it.

• Supports Kubernetes versions 1.28 through 1.30.

• Supports OpenShift version 4.15.

New Features, Improvements and Fixes

• Supports Backup Compliance Policy.

• Supports short names for Atlas Kubernetes Operator custom resources.

• Introduces kubectl command for listing all Atlas Kubernetes Operator resources in your cluster.

• Supports Kubernetes versions 1.28 through 1.30.

• Supports OpenShift version 4.15.

New Features, Improvements and Fixes

• Improves validation of the spec.x509Type field in the AtlasDatabaseUser custom resource. The valid values continue to be NONE, CUSTOMER, MANAGED.

• Prevents redundant updates by improving sorting of regionConfigs in the AtlasDeployment custom resource.

• Supports Kubernetes versions 1.27 through 1.29.

• Supports OpenShift version 4.14.

New Features, Improvements and Fixes

• Adds support for Atlas Stream Processing.

• Adds support for Atlas Search Indexes.

• Adds support for Atlas Search Dedicated Nodes.

• Supports Kubernetes versions 1.27 through 1.29.

• Supports OpenShift version 4.14.

New Features, Improvements and Fixes

• Supports Kubernetes versions 1.27 through 1.29.

• Supports OpenShift version 4.14.

Fixes

• Fixes a concurrency issue that could have resulted in the Atlas Kubernetes Operator missing changes made to custom resource definitions.

New Features, Improvements and Fixes

• All MongoDB images are now signed.

• Removes CPU limits and increases memory limits to 1Gi and memory requests to 256Mi.

• Improves reconciliation of Serverless Private Endpoints. Atlas Kubernetes Operator no longer gets stuck in a reconcile loop that recreates serverless private endpoints when they fail to synchronize with Atlas.

• Ensures Atlas Teams are always cleaned up. This improvement prevents Atlas Team resources from being orphaned and left in a cluster with no associated projects.

• Supports Kubernetes versions 1.27 through 1.29.

• Supports OpenShift version 4.14.

Deprecations and Removals

• This release deprecates the following fields and setting them has no effect in serverless deployments:

  • DiskIOPS

  • DiskTypeName

  • EncryptEBSVolume

  • InstanceSizeName

  • VolumeType

  • AutoScaling

Fixes

• Fixes Federated Authentication role mapping assignment handling.

New

• Adds support for AP1 and US1-Fed Datadog regions. To learn more, see Integrate with Third-Party Services.

• Adds support for yearly backup frequencies for Cloud Backups.

Fixes

• Disables the --subobject-deletion-protection flag due to a bug that prevents users from modifying existing resources when deletion protection is enabled. You can still use the --object-deletion-protection flag to control deletion protection on a per-custom-resource basis.

New

• Adds the terminationProtectionEnabled property to the deploymentSpec fields in the AtlasProject Custom Resource to achieve feature parity with serverless instances deployed with the AtlasDeployment Custom Resource.

• Adds OIDC and AWS IAM authentication fields to the AtlasDatabaseUser Custom Resource. To learn more, see spec.oidcAuthType.

Changes

• Deprecates cloudProviderAccess* fields in favor of cloudProviderIntegration* fields in the AtlasProject Custom Resource.

Breaking Changes

• Custom resources you delete in Kubernetes won't get deleted in Atlas. Instead, Atlas Kubernetes Operator stops managing those resources. For example, if you delete an AtlasProject Custom Resource in Kubernetes, Atlas Kubernetes Operator no longer automatically deletes the corresponding project from Atlas, preventing accidental or unexpected deletions. To learn more, including how to revert this behavior to the default prior to Atlas Kubernetes Operator 2.0.1, see New Default: Deletion Protection in Atlas Kubernetes Operator 2.0.

• deploymentSpec replaces advancedDeploymentSpec in the AtlasDeployment custom resource. You must update your AtlasDeployment custom resource as follows:

  • If you use advancedDeploymentSpec, rename to deploymentSpec. You don't need to change any formatting.

  • If you used deploymentSpec prior to Atlas Kubernetes Operator 2.0.1, rewrite your AtlasDeployment custom resource to match the formatting used in the examples.

• Improves snapshot distribution management by removing replicationSpecId from the AtlasBackupSchedule Custom Resource so it can be reused by multiple deployments managed by Atlas Kubernetes Operator. The replicationSpecId is now automatically set for every deployment that references it. As a result of this change, you can no longer configure replicationSpecId and should remove it from your AtlasBackupSchedule custom resource.

• Forces the use of secretRef fields for encryptionAtRest and alertConfigurations features to promote security best practices. You should now store API secrets and credentials as secrets and reference them from the AtlasProject Custom Resource using the following fields:

  For spec.alertConfigurations.notifications:

  • Use APITokenRef instead of APIToken

  • Use DatadogAPIKeyRef instead of DatadogAPIKey

  • Use FlowdockTokenAPIRef instead of FlowdockTokenAPI

  • Use OpsGenieAPIKeyRef instead of OpsGenieAPIKey

  • Use VictorOpsSecretRef instead of VictorOpsAPIKey and VictorOpsRoutingKey

  To learn more, see Third-Party Alert Configuration Example.

  For spec.encryptionAtRest:

  • AWS Use secretRef instead of AccessKeyID, SecretAccessKey, CustomerMasterKeyID, and RoleID.

  • Azure Use secretRef instead of SubscriptionID, KeyVaultName, KeyIdentifier, and Secret.

  • GCP Use secretRef instead of ServiceAccountKey or KeyVersionResourceID.

  To learn more, see Encrypt Data Using a Key Management Service.

Fixes

• Fixes missing permissions for the AtlasFederatedAuth Custom Resource.

Attention

• Validation now rejects duplicate alert configurations.

Fixes

• Fixes a bug that duplicated projects listed in a team's status.

• Refactors the IPAccessList reconciliation flow to avoid unneeded recreation.

• Fixes backup schedule repeatedly updating.

New

• Adds the AtlasFederatedAuth Custom Resource to configure federated authentication for Identity Providers that you already registered in Atlas.

• Supports Atlas for Government deployments. You must configure the Gov endpoint accordingly. Atlas Kubernetes Operator supports only AWS as a cloud provider for Atlas for Government.

• Supports database deployment resource tagging. To learn more, see the following settings:

  • spec.deploymentSpec.tags

  • spec.serverlessSpec.tags

• Adds new arguments to serverless for continuous backups and termination protection.

• Improves validation and handling of autoscaling reporting.

• Provides guidance on using third-party secret management tools with Atlas Kubernetes Operator to support external key management systems. To learn how to configure external secret storage for Atlas Kubernetes Operator, see Configure Secret Storage.

• Uses UBI micro base image instead of minimal. The micro base image is a smaller base image with fewer dependencies.

New Features

AtlasProject Custom Resource:

• Adds an optional --operatorVersion parameter. To learn more, see Import Atlas Projects into Atlas Kubernetes Operator.

• Sets finalizers and support labels for AtlasBackupSchedule Custom Resource, AtlasBackupPolicy Custom Resource, and Atlas teams custom resources.

AtlasDeployment Custom Resource:

• Adds support for Global Cluster parameters in spec.advancedDeploymentSpec.* and spec.deploymentSpec.*. To learn more, see AtlasDeployment custom resource parameters. These Global Cluster parameters map zones to geographic regions and allow you to add labels. For a full list of available parameters, see the Atlas Global Clusters API.

• The Atlas Kubernetes Operator image now supports ARM64.

New Features

AtlasProject Custom Resource:

• Adds Atlas Teams support.

AtlasDeployment Custom Resource:

• Adds serverless private endpoint support.

Fixes

• Fixes an issue with connection secret creation.

• Fixes the minimum version of Openshift.

AtlasProject Custom Resource:

• Fixes the InstanceSize must match issue.

• Ensures private endpoints are always added to the status.

AtlasDeployment Custom Resource:

• Converts the OplogMinRetentionHours field properly.

New Features

• Updates the minimum required Openshift version to 4.8.

AtlasProject Custom Resource:

• Adds support for custom database roles via the spec.customRoles field.

New Features

AtlasProject Custom Resource:

• Adds support for audit logs. You can enable auditing with the spec.auditing.enabled field. For more information about Atlas Kubernetes Operator auditing, see Configure Audit Logs.

• Adds support for project settings via the spec.settings field.

• Adds support for alert configurations via the spec.alertConfigurations field.

AtlasDeployment Custom Resource:

• Adds support for autoscaling of the instanceSize and diskSizeGB parameters.

Fixes

• Fixes an issue where adding an IP address with CIDR block /32 to Network Access could leave the IP Access List inactive indefinitely.

• Fixes an issue where creating project integrations that require namespace references could result in errors when the user provides a namespace other than the project namespace, or does not provide a namespace.

New Features

AtlasProject Custom Resource:

• Adds support for network peering via the spec.networkPeers field.

• Adds support for cloud provider access via the spec.cloudProviderAccessRoles field.

• Adds support for encryption at rest via the spec.encryptionAtRest field.

AtlasDeployment Custom Resource:

• Adds a test to ensure that deleting a CRD does not affect AtlasDeployment Custom Resources with the mongodb.com/atlas-resource-policy: "keep" annotation.

Fixes

• Fixes a resource reconciliation issue that occured when you delete an AtlasDeployment Custom Resource after the API key has expired.

• Fixes an issue where you could change the instanceSize and diskSizeGB parameters for deployments with autoscaling enabled. To change the instanceSize and diskSizeGB parameters, you must first disable autoscaling.

• Fixes an error message that returns when Atlas Kubernetes Operator can't delete a project's backup policy or backup schedule.

New Features

• Upgrades Go to 1.18.

• Adds support for Private Endpoints backwards sync to the AtlasProject Custom Resource.

Fixes

• Fixes an issue where the AtlasDeployment Custom Resource was not created successfully when the instance size for a deployed resource changed from M10 to M40.

• Fixes an issue where creating an AtlasDeployment Custom Resource with advancedDeploymentSpec failed with autoscaling.diskGBEnabled and adds a new AdvancedAutoScalingSpec struct to AdvancedDeploymentSpecChanges.

• Fixes an issue where you could decrease diskSizeGB for deployments with autoscaling enabled. To change the diskSizeGB parameter, you must first disable autoscaling.

• Fixes a resource reconciliation issue where the Atlas API returns an empty object for scheduled backups.

New Features

• Adds support for maintenance windows.

Fixes

• Fixes an issue where private endpoint connection strings were missing from Kubernetes secrets.

• Fixes an issue where Atlas Kubernetes Operator didn't remove conditions for unused resources.

• Adds missing private endpoint fields to Pod conditions.

Breaking Changes

• Renames the AtlasCluster Custom Resource to the AtlasDeployment Custom Resource.

• Renames spec.clusterSpec to spec.deploymentSpec.

• Renames spec.advancedClusterSpec to spec.advancedDeploymentSpec.

New Features

• Adds log levels and JSON log output for Atlas Kubernetes Operator. To change the log level, you can provide the —log-level=debug | info | warn | error | dpanic | panic | fatal flag. To change the output format, you can provide the —log-encoder=json | console flag.

AtlasProject Custom Resource:

• Supports third-party integrations including Prometheus integrations.

• Supports GCP private endpoints.

AtlasDeployment Custom Resource:

• Supports serverless instances via the spec.serverlessSpec field.

• Supports scheduled backups for database deployments.

• Supports upgrading M0, M2, and M5 clusters to M10+ clusters via the spec.deploymentSpec.replicationSpecs.regionConfigs.electableSpecs.instanceSize parameter.

• Supports advanced options via the spec.processArgs object.

• Supports omitting the spec.deploymentSpec.replicationSpecs.regionConfigs.providerName field for M0, M2, and M5 clusters.

• Supports omitting the spec.serverlessSpec.providerSettings.providerName field for serverless instances.

Fixes

• Fixes a bug where you couldn't delete the AtlasProject Custom Resource if the credentials secret was deleted.

• Resolves missing epoch timestamps in log messages.

• Fixes a bug with the incorrect user-agent version.

• Fixes an improper signature verification with the golang.org/x/crypto/ssh module.

Changes

• Upgrades the Controller Runtime to v0.11.0.

• Upgrades Go to 1.17.

• When you install a cluster using Helm Charts, Helm doesn't exit until the cluster is ready if you set postInstallHook.enabled to true.

• Atlas Kubernetes Operator watches secrets only with the label atlas.mongodb.com/type=credentials to avoid watching unnecessary secrets.

• Supports the mongodb.com/atlas-reconciliation-policy=skip annotation for configuring Atlas Kubernetes Operator to skip reconciliations on specific resources.

• Supports X.509 authentication.

Bug Fixes

• Fixes an issue that logged errors for resource deletion.

AtlasProject Custom Resource

AtlasCluster Custom Resource

Changes

• Introduces Global and per project Atlas authentication modes. To learn more, see Configure Access to Atlas.

• Supports installing Atlas Kubernetes Operator clusterwide (all the namespaces in the Kubernetes cluster) or to its own namespace. To learn more, see Quick Start.

• Introduces the AtlasProject Custom Resource. Use this resource to create Atlas projects and configure their IP access lists.

• Introduces the AtlasCluster custom resource. Use this resource to create clusters in an Atlas project.

• Introduces the AtlasDatabaseUser Custom Resource for creating database users in an Atlas project.

• Allows you to create or update secrets for each database user and cluster. Applications can use these secrets in Kubernetes to connect to Atlas clusters.