Percona Operator for MongoDB 1.15.0

• Date

  October 9, 2023

• Installation

  Installing Percona Operator for MongoDB

Release Highlights

Physical Backups now support Point-in-time Recovery (in tech preview)

In the previous 1.14.0 release we added support for Physical Backups and Restores to significantly reduce Recovery Time Objective (RTO .)), especially for big data sets. But the problem with losing data between backups - in other words Recovery Point Objective (RPO) - for physical backups was not solved. With this release users can greatly reduce RPO by leveraging the Point-in-time Recovery feature in the Operators. Under the hood we store logical oplogs along with physical backups into the object storage. Read more about this feature in our documentation.

Encrypted backups with Server Side Encryption (SSE)

Backups stored on S3 compatible storage can now be encrypted with Server Side Encryption (SSE) to pass certain compliance or security requirements. Users can leverage integration with AWS KMS or just encrypt/decrypt backups with AES-256 encryption algorithm. It is important to remember that Operator does not store keys and users can choose which key storage to use.

New Features

• K8SPSMDB-227 The new topologySpreadConstraints Custom Resource option allows to use Pod Topology Spread Constraints to achieve even distribution of Pods across the Kubernetes cluster

• K8SPSMDB-792 and K8SPSMDB-974 The new “sleep infinity” mode available for replset and config server containers allows running the Pod without starting mongod useful to examine a problematic Pod that is constantly restarting

• K8SPSMDB-801 It is now possible to delete a backup with its PITR data on retention period or with delete-backup finalizer (there were no PITR files deletion in previous versions )

• K8SPSMDB-926 Point-in-time recovery is now supported with physical backups to significantly reduce Recovery Point Objective (RPO)

• K8SPSMDB-961 The new sharding.balancer.enabled Custom Resource option allows to disable Load Balancer on a cross-site replication managed cluster

Improvements

• K8SPSMDB-662 Restoring a backup with point-in-time recovery can now be easily done to a latest available position by setting pitr.type PerconaServerMongoDBRestore Custom Resource option to latest

• K8SPSMDB-774 The Transport encryption documentation now includes details on updating TLS certificates

• K8SPSMDB-807 A custom name for a Replica Set config server instead of the default cfg one can be set in the custom configuration, which can be useful for migration purposes

• K8SPSMDB-814 and K8SPSMDB-927 The new terminationGracePeriodSeconds Custom Resource option allows to set termination period for Replica Set containers, useful to cleanly shutdown clusters with big data sets

• K8SPSMDB-850 Server Side Encryption for backups with for S3 and S3-compatible storage is now supported (thanks to Mert Gönül for contribution)

• K8SPSMDB-903 The backup destination URI now includes bucket/container name, allowing the user to specify the full path to the backup as an easy to read string

• K8SPSMDB-924 The token associated with the operator’s ServiceAccount is no longer printed in the log when a scheduled backup is running; this improves security and avoids logging uninformative elements

• K8SPSMDB-938 Configuring Kubernetes host aliases is now possible for replica set, config server, and mongos Pods

• K8SPSMDB-946 The psmdb-backup object now includes the name of the Pod that made the backup, to save users from searching for the correct Pod to examine the Percona Backup for MongoDB logs (previously it was necessary to check replica set Pods one by one until logs were found)

• K8SPSMDB-976 The Operator now does not start backups if storages or credentials are not set, avoiding fruitless attempts to configure Percona Backup for MongoDB and cluster state repeatedly changing between ready and error

• K8SPSMDB-929 Using split-horizon DNS for the external access to MongoDB Replica Set Pods of the exposed cluster is now possible

Bugs Fixed

• K8SPSMDB-913 Fix a bug due to which restoring a backup on a cluster with mongos exposed via LoabBalancer resulted in recreating mongos Service with a new IP address

• K8SPSMDB-956 Fix a bug that certificate rotation was bringing the sharded MongoDB cluster down (thanks to Stiliyan for reporting)

• K8SPSMDB-854 Backup stucks after cluster was exposed

• K8SPSMDB-977 The out of memory problem could cause cluster got stuck in the “initializing” state at reconciliation

• K8SPSMDB-778 Fix a bug due to which the Operator did not delete arbiter instances during replica set deletion

• K8SPSMDB-791 Fix a bug which prevented setting LoadBalancerSourceRanges Custom Resource option when replsets.expose.exposeType is set to Loadbalancer

• K8SPSMDB-813 Fix a bug due to which secure connection was not used for MongoDB Liveness check (thanks to t-yrka for contribution)

• K8SPSMDB-818 Fix a bug where clusterMonitor user had not enough permissions for PMM monitoring with --enable-all-collectors flag turned on

• K8SPSMDB-872 The Operator didn’t prevent attempts to restore a backup with “error” status, which could cause the cluster got stuck in the “initializing” state

• K8SPSMDB-876 Fix a bug due to which delete-psmdb-pods-in-order finalizer, intended to shutdown primary Pod last, affected only shards and did not affect config replica set

• K8SPSMDB-911 Fix a bug where connection string with credentials was included in the backup-agent container logs

• K8SPSMDB-958 Fix insufficient permissions issue that didn’t allow to monitor mongos instances with Percona Monitoring and Management (PMM)

• K8SPSMDB-962 Fix a memory leak due to which the Operator’s Pod continually increased both CPU and memory usage in cluster-wide mode (with an unmanaged cluster)

• K8SPSMDB-968 Fix a bug due to which the endpoints list returned by kubectl get psmdb command contained fully qualified domain names (FQDN) instead of IP addresses when the replset was exposed as a LoadBalancer and the clusterServiceDNSMode was set to Internal

Deprecation and removal

• K8SPSMDB-883 The spec.mongod section deprecated in the Operator version 1.12.0 is finally removed from the Custom Resource configuration. If you have encryption disabled using the deprecated mongod.security.enableEncryption option, you need to set encryption disabled with custom configuration before removing mongod section (and before upgrade):

  spec:
    ...
    replsets:
      - name: rs0
        ...
        configuration: |
          security:
            enableEncryption: false
          ...
  

Supported Platforms

The Operator was developed and tested with Percona Server for MongoDB 4.4.24, 5.0.20, and 6.0.9. Other options may also work but have not been tested. The Operator also uses Percona Backup for MongoDB 2.3.0.

The following platforms were tested and are officially supported by the Operator 1.15.0:

• Google Kubernetes Engine (GKE) 1.24-1.28

• Amazon Elastic Container Service for Kubernetes (EKS) 1.24-1.28

• OpenShift Container Platform 4.11 - 4.13

• Azure Kubernetes Service (AKS) 1.25-1.28

• Minikube 1.31.2 (based on Kubernetes 1.28)

This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.

Get expert help

If you need assistance, visit the community forum for comprehensive and free database knowledge, or contact our Percona Database Experts for professional support and services. Join K8S Squad to benefit from early access to features and “ask me anything” sessions with the Experts.

Community Forum Get a Percona Expert Join K8S Squad

---

Last update: 2024-04-26