MongoDBMultiCluster
mongodb.com / v1
apiVersion: mongodb.com/v1
kind: MongoDBMultiCluster
metadata:
name: example
apiVersion
string
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind
string
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata
object
spec object required
additionalMongodConfig
object
AdditionalMongodConfig is additional configuration that can be passed to
each data-bearing mongod at runtime. Uses the same structure as the mongod
configuration file:
https://docs.mongodb.com/manual/reference/configuration-options/
agent object
backupAgent object
logRotate object
LogRotate configures log rotation for the BackupAgent processes
sizeThresholdMB
integer
Maximum size for an individual log file before rotation.
OM only supports ints
timeThresholdHrs
integer
Number of hours after which this MongoDB Agent rotates the log file.
logLevel
string
logRotate object
DEPRECATED please use mongod.logRotate
includeAuditLogsWithMongoDBLogs
boolean
set to 'true' to have the Automation Agent rotate the audit files along
with mongodb log files
numTotal
integer
maximum number of log files to have total
numUncompressed
integer
maximum number of log files to leave uncompressed
percentOfDiskspace
string
Maximum percentage of the total disk space these log files should take up.
The string needs to be able to be converted to float64
sizeThresholdMB
string required
Maximum size for an individual log file before rotation.
The string needs to be able to be converted to float64.
Fractional values of MB are supported.
timeThresholdHrs
integer required
maximum hours for an individual log file before rotation
maxLogFileDurationHours
integer
mongod object
AgentLoggingMongodConfig contain settings for the mongodb processes configured by the agent
auditlogRotate object
LogRotate configures audit log rotation for the mongodb processes
includeAuditLogsWithMongoDBLogs
boolean
set to 'true' to have the Automation Agent rotate the audit files along
with mongodb log files
numTotal
integer
maximum number of log files to have total
numUncompressed
integer
maximum number of log files to leave uncompressed
percentOfDiskspace
string
Maximum percentage of the total disk space these log files should take up.
The string needs to be able to be converted to float64
sizeThresholdMB
string required
Maximum size for an individual log file before rotation.
The string needs to be able to be converted to float64.
Fractional values of MB are supported.
timeThresholdHrs
integer required
maximum hours for an individual log file before rotation
logRotate object
LogRotate configures log rotation for the mongodb processes
includeAuditLogsWithMongoDBLogs
boolean
set to 'true' to have the Automation Agent rotate the audit files along
with mongodb log files
numTotal
integer
maximum number of log files to have total
numUncompressed
integer
maximum number of log files to leave uncompressed
percentOfDiskspace
string
Maximum percentage of the total disk space these log files should take up.
The string needs to be able to be converted to float64
sizeThresholdMB
string required
Maximum size for an individual log file before rotation.
The string needs to be able to be converted to float64.
Fractional values of MB are supported.
timeThresholdHrs
integer required
maximum hours for an individual log file before rotation
systemLog object
SystemLog configures system log of mongod
destination
string required
logAppend
boolean required
path
string required
monitoringAgent object
logRotate object
LogRotate configures log rotation for the BackupAgent processes
sizeThresholdMB
integer
Maximum size for an individual log file before rotation.
OM only supports ints
timeThresholdHrs
integer
Number of hours after which this MongoDB Agent rotates the log file.
readinessProbe object
environmentVariables
object
startupOptions
object
StartupParameters can be used to configure the startup parameters with which the agent starts. That also contains
log rotation settings as defined here:
systemLog object
DEPRECATED please use mongod.systemLog
destination
string required
logAppend
boolean required
path
string required
backup object
Backup contains configuration options for configuring
backup for this MongoDB resource
assignmentLabels
[]string
Assignment Labels set in the Ops Manager
autoTerminateOnDeletion
boolean
AutoTerminateOnDeletion indicates if the Operator should stop and terminate the Backup before the cleanup,
when the MongoDB CR is deleted
encryption object
Encryption settings
kmip object
Kmip corresponds to the KMIP configuration assigned to the Ops Manager Project's configuration.
client object required
KMIP Client configuration
clientCertificatePrefix
string
A prefix used to construct KMIP client certificate (and corresponding password) Secret names.
The names are generated using the following pattern:
KMIP Client Certificate (TLS Secret):
<clientCertificatePrefix>-<CR Name>-kmip-client
KMIP Client Certificate Password:
<clientCertificatePrefix>-<CR Name>-kmip-client-password
The expected key inside is called "password".
mode
string
enum:
enabled, disabled, terminatedsnapshotSchedule object
clusterCheckpointIntervalMin
integer
enum:
15, 30, 60
dailySnapshotRetentionDays
integer
Number of days to retain daily snapshots. Setting 0 will disable this rule.
minimum:
0maximum:
365
fullIncrementalDayOfWeek
string
Day of the week when Ops Manager takes a full snapshot. This ensures a recent complete backup. Ops Manager sets the default value to SUNDAY.
enum:
SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY
monthlySnapshotRetentionMonths
integer
Number of months to retain weekly snapshots. Setting 0 will disable this rule.
minimum:
0maximum:
36
pointInTimeWindowHours
integer
Number of hours in the past for which a point-in-time snapshot can be created.
enum:
1, 2, 3, 4, 5, 6, 7, 15, 30, 60, 90, 120, 180, 360
referenceHourOfDay
integer
Hour of the day to schedule snapshots using a 24-hour clock, in UTC.
minimum:
0maximum:
23
referenceMinuteOfHour
integer
Minute of the hour to schedule snapshots, in UTC.
minimum:
0maximum:
59
snapshotIntervalHours
integer
Number of hours between snapshots.
enum:
6, 8, 12, 24
snapshotRetentionDays
integer
Number of days to keep recent snapshots.
minimum:
1maximum:
365
weeklySnapshotRetentionWeeks
integer
Number of weeks to retain weekly snapshots. Setting 0 will disable this rule
minimum:
0maximum:
365cloudManager object
configMapRef object
name
string
clusterDomain
string
format:
hostnameclusterSpecList []object
clusterName
string
ClusterName is name of the cluster where the MongoDB Statefulset will be scheduled, the
name should have a one on one mapping with the service-account created in the central cluster
to talk to the workload clusters.
externalAccess object
ExternalAccessConfiguration provides external access configuration for Multi-Cluster.
externalDomain
string
An external domain that is used for exposing MongoDB to the outside world.
externalService object
Provides a way to override the default (NodePort) Service
annotations
object
A map of annotations that shall be added to the externally available Service.
spec
object
A wrapper for the Service spec object.
memberConfig []object
MemberConfig allows to specify votes, priorities and tags for each of the mongodb process.
priority
string
tags
object
votes
integer
members
integer required
Amount of members for this MongoDB Replica Set
podSpec object
persistence object
Note, that this field is used by MongoDB resources only, let's keep it here for simplicity
multiple object
data object
labelSelector
object
storage
string
storageClass
string
journal object
labelSelector
object
storage
string
storageClass
string
logs object
labelSelector
object
storage
string
storageClass
string
single object
labelSelector
object
storage
string
storageClass
string
podTemplate
object
service
string
this is an optional service, it will get the name "<rsName>-service" in case not provided
statefulSet object
StatefulSetConfiguration holds the optional custom StatefulSet
that should be merged into the operator created one.
metadata object
StatefulSetMetadataWrapper is a wrapper around Labels and Annotations
annotations
object
labels
object
spec
object required
connectivity object
replicaSetHorizons
[]object
ReplicaSetHorizons holds list of maps of horizons to be configured in each of MongoDB processes.
Horizons map horizon names to the node addresses for each process in the replicaset, e.g.:
[
{
"internal": "my-rs-0.my-internal-domain.com:31843",
"external": "my-rs-0.my-external-domain.com:21467"
},
{
"internal": "my-rs-1.my-internal-domain.com:31843",
"external": "my-rs-1.my-external-domain.com:21467"
},
...
]
The key of each item in the map is an arbitrary, user-chosen string that
represents the name of the horizon. The value of the item is the host and,
optionally, the port that this mongod node will be connected to from.
credentials
string required
Name of the Secret holding credentials information
duplicateServiceObjects
boolean
In few service mesh options for ex: Istio, by default we would need to duplicate the
service objects created per pod in all the clusters to enable DNS resolution. Users can
however configure their ServiceMesh with DNS proxy(https://istio.io/latest/docs/ops/configuration/traffic-management/dns-proxy/)
enabled in which case the operator doesn't need to create the service objects per cluster. This options tells the operator
whether it should create the service objects in all the clusters or not. By default, if not specified the operator would create the duplicate svc objects.
externalAccess object
ExternalAccessConfiguration provides external access configuration.
externalDomain
string
An external domain that is used for exposing MongoDB to the outside world.
externalService object
Provides a way to override the default (NodePort) Service
annotations
object
A map of annotations that shall be added to the externally available Service.
spec
object
A wrapper for the Service spec object.
featureCompatibilityVersion
string
logLevel
string
enum:
DEBUG, INFO, WARN, ERROR, FATALopsManager object
configMapRef object
name
string
persistent
boolean
prometheus object
Prometheus configurations.
metricsPath
string
Indicates path to the metrics endpoint.
pattern:
^\/[a-z0-9]+$passwordSecretRef object required
Name of a Secret containing a HTTP Basic Auth Password.
key
string
Key is the key in the secret storing this password. Defaults to "password"
name
string required
Name is the name of the secret storing this user's password
port
integer
Port where metrics endpoint will bind to. Defaults to 9216.
tlsSecretKeyRef object
Name of a Secret (type kubernetes.io/tls) holding the certificates to use in the
Prometheus endpoint.
key
string
Key is the key in the secret storing this password. Defaults to "password"
name
string required
Name is the name of the secret storing this user's password
username
string required
HTTP Basic Auth Username for metrics endpoint.
security object
authentication object
Authentication holds various authentication related settings that affect
this MongoDB resource.
agents object
Agents contains authentication configuration properties for the agents
automationLdapGroupDN
string
automationPasswordSecretRef object
SecretKeySelector selects a key of a Secret.
key
string required
The key of the secret to select from. Must be a valid secret key.
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional
boolean
Specify whether the Secret or its key must be defined
automationUserName
string
clientCertificateSecretRef
object
mode
string required
Mode is the desired Authentication mode that the agents will use
enabled
boolean required
ignoreUnknownUsers
boolean
IgnoreUnknownUsers maps to the inverse of auth.authoritativeSet
internalCluster
string
ldap object
LDAP Configuration
authzQueryTemplate
string
bindQueryPasswordSecretRef object
name
string required
bindQueryUser
string
caConfigMapRef object
Allows to point at a ConfigMap/key with a CA file to mount on the Pod
key
string required
The key to select.
name
string
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional
boolean
Specify whether the ConfigMap or its key must be defined
servers
[]string
timeoutMS
integer
transportSecurity
string
enum:
tls, none
userCacheInvalidationInterval
integer
userToDNMapping
string
validateLDAPServerConfig
boolean
modes
[]string
oidcProviderConfigs []object
Configuration for OIDC providers
audience
string required
Entity that your external identity provider intends the token for.
Enter the audience value from the app you registered with external Identity Provider.
authorizationMethod
string required
Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
For programmatic, application access to deployments use Workload Identity Federation.
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
enum:
WorkforceIdentityFederation, WorkloadIdentityFederation
authorizationType
string required
Select GroupMembership to grant authorization based on IdP user group membership, or select UserID to grant
an individual user authorization.
enum:
GroupMembership, UserID
clientId
string
Unique identifier for your registered application. Enter the clientId value from the app you
registered with an external Identity Provider.
Required when selected Workforce Identity Federation authorization method
configurationName
string required
Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
- alphanumeric characters (combination of a to z and 0 to 9)
- hyphens (-)
- underscores (_)
pattern:
^[a-zA-Z0-9-_]+$
groupsClaim
string
The identifier of the claim that includes the principal's IdP user group membership information.
Required when selected GroupMembership as the authorization type, ignored otherwise
issuerURI
string required
Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
For MongoDB 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
For other MongoDB versions, the issuerURI itself must be unique.
requestedScopes
[]string
Tokens that give users permission to request data from the authorization endpoint.
Only used for Workforce Identity Federation authorization method
userClaim
string required
The identifier of the claim that includes the user principal identity.
Accept the default value unless your IdP uses a different claim.
requireClientTLSAuthentication
boolean
Clients should present valid TLS certificates
certsSecretPrefix
string
roleRefs []object
kind
string required
enum:
ClusterMongoDBRole
name
string required
roles []object
authenticationRestrictions []object
clientSource
[]string
serverAddress
[]string
db
string required
privileges []object
actions
[]string required
resource object required
cluster
boolean
collection
string
db
string
role
string required
roles []object
db
string required
role
string required
tls object
additionalCertificateDomains
[]string
ca
string
CA corresponds to a ConfigMap containing an entry for the CA certificate (ca.pem)
used to validate the certificates created already.
enabled
boolean
DEPRECATED please enable TLS by setting `security.certsSecretPrefix` or `security.tls.secretRef.prefix`.
Enables TLS for this resource. This will make the operator try to mount a
Secret with a defined name (<resource-name>-cert).
This is only used when enabling TLS on a MongoDB resource, and not on the
AppDB, where TLS is configured by setting `secretRef.Name`.
statefulSet object
StatefulSetConfiguration provides the statefulset override for each of the cluster's statefulset
if "StatefulSetConfiguration" is specified at cluster level under "clusterSpecList" that takes precedence over
the global one
metadata object
StatefulSetMetadataWrapper is a wrapper around Labels and Annotations
annotations
object
labels
object
spec
object required
topology
string
Topology sets the desired cluster topology of MongoDB resources
It defaults (if empty or not set) to SingleCluster. If MultiCluster specified,
then clusterSpecList field is mandatory and at least one member cluster has to be specified.
enum:
SingleCluster, MultiCluster
type
string required
enum:
Standalone, ReplicaSet, ShardedCluster
version
string required
pattern:
^[0-9]+.[0-9]+.[0-9]+(-.+)?$|^$status object
backup object
statusName
string required
clusterStatusList object
ClusterStatusList holds a list of clusterStatuses corresponding to each cluster
clusterStatuses []object
clusterName
string
ClusterName is name of the cluster where the MongoDB Statefulset will be scheduled, the
name should have a one on one mapping with the service-account created in the central cluster
to talk to the workload clusters.
lastTransition
string
members
integer
message
string
observedGeneration
integer
format:
int64
phase
string required
pvc []object
phase
string required
statefulsetName
string required
resourcesNotReady []object
errors []object
message
string
reason
string
kind
string required
ResourceKind specifies a kind of a Kubernetes resource. Used in status of a Custom Resource
message
string
name
string required
warnings
[]string
featureCompatibilityVersion
string
lastTransition
string
link
string
message
string
observedGeneration
integer
format:
int64
phase
string required
pvc []object
phase
string required
statefulsetName
string required
resourcesNotReady []object
errors []object
message
string
reason
string
kind
string required
ResourceKind specifies a kind of a Kubernetes resource. Used in status of a Custom Resource
message
string
name
string required
version
string required
warnings
[]string
No matches. Try .spec.additionalMongodConfig for an exact path