Percona Operator for MongoDB 1.16.0¶
-
Date
May 24, 2024
-
Installation
Release Highlights¶
General availability of Physical Backups¶
Two releases ago we added experimental support for Physical Backups and Restores to significantly reduce Recovery Time Objective (RTO ), especially for big data sets. With this release Percona announces the general availability of physical backups and restores for Percona Server for MongoDB with the Operator.
Automated volume expansion¶
Kubernetes supports the Persistent Volume expansion as a stable feature since v1.24. Using it with the Operator previously involved manual operations. Now this is automated, and users can resize their PVCs by just changing the value of the resources.requests.storage
option in the PerconaServerMongoDB custom resource. This feature is in a technical preview stage and is not recommended for production environments.
Support for MongoDB 7¶
Starting from this release, MongoDB 7.0 is now supported. Read our take on top-5 changes in MongoDB version 7 in this blog post .
Support for ARM architecture (technical preview)¶
ARM architecture meets the intensive growth of its usage nowadays, both in a segment of highly efficient cloud computing based on systems like AWS Graviton, and the Internet of Things or Edge. Officially certified images for ARM are now available for the Operator, as well as Percona Server for MongoDB and Percona Backup for MongoDB, while database monitoring based on PMM Client is yet to follow.
Fixing the overloaded allowUnsafeConfigurations flag¶
In the previous Operator versions allowUnsafeConfigurations
Custom Resource option was used to allow configuring a cluster with unsafe parameters, such as starting it with less than 3 replica set instances. In fact, setting this option to true
resulted in a wide range of reduced safety features without the user’s explicit intent: disabling TLS, allowing backups in unhealthy clusters, etc.
With this release, a separate unsafeFlags
Custom Resource section is introduced for the fine-grained control of the safety loosening features:
unsafeFlags:
tls: false
replsetSize: false
mongosSize: false
terminationGracePeriod: false
backupIfUnhealthy: false
Also, TLS configuration is now enabled or disabled by a special tls.mode
Custom Resource option, which can be set to disabled
, allowTLS
, preferTLS
, or requireTLS
values.
New Features¶
- K8SPSMDB-1000: Users who store backups on Azure Blob Storage can now use private endpoints
- K8SPSMDB-1055: The
kubectl get psmdb-backup
command now shows latest restorable time to make it easier to pick a point-in-time recovery target - K8SPSMDB-491: It is now possible to specify the existing cert-manager issuer which should be used by the Operator
- K8SPSMDB-733: It is now possible to resize Persistent Volume Claims by patching the PerconaServerMongoDB custom resource: change
persistentVolumeClaim.resources.requests.storage
and let the Operator do the scaling
Improvements¶
- K8SPSMDB-1004: Exposing replica set with split-horizon DNS allows to specify URIs with non-standard port numbers, which are particularly useful with the NodePort service type
- K8SPSMDB-1013: MongoDB 7.0 is now supported.
- K8SPSMDB-1015: Information about backup and restore operations is now included in the Operator’s logs
- K8SPSMDB-951, K8SPSMDB-979 and K8SPSMDB-1021: The Operator now allows setting custom configuration for Percona Backup for MongoDB through the set of new Custom Resource options under
backup.configuration.backupOptions
,backup.configuration.restoreOptions
, andbackup.storages.s3.retryer
subsections - K8SPSMDB-1029: Mongod is now run in quiet mode by default to reduce the amount of log messages
- K8SPSMDB-1032: It is now possible to define TCP port for mongos Service when it is exposed through a NodePort (thanks to Mike Devresse for contribution)
- K8SPSMDB-1062: The Operator now sets appProtocol to
mongo
for Service objects, which is useful for service mesh implementations (thanks to Søren Mathiasen for contribution) - K8SPSMDB-732: Integration of the Operator with OpenLDAP can now be secured by using TLS connections
- K8SPSMDB-755: New
allowInvalidCertificates
option allows to enable or disable bypassing MongoDB Shell checks for the certificates presented by the mongod/mongos instance, useful for self-signed certificates - K8SPSMDB-948: Officially certified images for ARM architecture are now available for the Operator, as well as Percona Server for MongoDB and Percona Backup for MongoDB
- K8SPSMDB-993: To avoid backup fail on clusters where Percona Backup for MongoDB resync process takes too long, the Operator now checks, if there is still a resync operation working, with exponentially increasing interval and total wait time until failure equal to 8715 seconds
- K8SPSMDB-995: The Operator now allows storing key for backups server-side AWS KMS encryption in a Secret configurable with the
secrets.sse
Custom Resource option - K8SPSMDB-780: Removing
allowUnsafeConfigurations
Custom Resource option in favor of fine-grained safety control in theunsafeFlags
subsection - K8SPSMDB-1042: Helm chart for Percona Server for MongoDB now accepts replica set options as the map argument instead of the array one used in previous releases; this simplifies how arguments are specified in the command line and allows to specify only part of the replica set parameters, relying on the default values for the other part. Take this change into account if you are installing database via helm and want to use set of custom options from previous releases
Bugs Fixed¶
- K8SPSMDB-1011: Fix a bug where custom logins for system users stopped working after deleting and recreating back the users Secret (thanks for Patrick Wolleb for report)
- K8SPSMDB-1014: Fix a bug that certificate rotation was bringing the sharded MongoDB cluster down for clusters originally created with the Operator version prior to 1.15.0 (thanks to Stiliyan Stefanov for reporting)
- K8SPSMDB-1018: Fix a bug where MongoDB container startup would fail if the MongoDB image being used contained the numactl package
- K8SPSMDB-1024: Fix a bug where environment variable wasn’t properly updated in the Percona Backup for MongoDB container entry script (thanks to Rockawear for contribution)
- K8SPSMDB-1035: Fixed a bug where the empty
secretName
field was not allowed for backup jobs that might not need it when accessing AWS S3 buckets based on IAM roles (thanks to Sergey Zelenov for contribution) - K8SPSMDB-1036: Fix a bug due to which restoring backup to a new cluster was broken by incompatibility with Percona Backup for MongoDB 2.3.0
- K8SPSMDB-1038: Fix a bug where mongos Services were deleted if the cluster was set to paused state
- K8SPSMDB-1039: Fix a bug which prevented deleting PMM agent from the PMM Server inventory on Pod termination
- K8SPSMDB-1058: A minor missing privileges issue caused flooding MongoDB logs with “Checking authorization failed” errors
- K8SPSMDB-1070: Fix a bug where panic was happening in
delete-psmdb-pods-in-order
finalizer if the cluster was deleted prior to creating Pods - K8SPSMDB-940: Fix a bug due to which the Operator didn’t allow to set serviceAccount for mongos Pods
- K8SPSMDB-985: Fix a bug where
pbmPod
key in backup object was only showing one replica/pod
Deprecation and removal¶
-
Starting from now,
allowUnsafeConfigurations
Custom Resource option is deprecated in favor of a number of options under theunsafeFlags
subsection. SettingallowUnsafeConfigurations
won’t have any effect; upgrading existing clusters withallowUnsafeConfigurations=true
will cause everything under unsafeFlags set to true and TLS funuctionality disabled -
MongoDB 4.4 support in the Operator has reached its end-of-life. Starting from now Percona will not provide officially certified images for it. Make sure that you have a supported MongoDB version before upgrading the Operator to 1.16.0. You can use major version upgrade functionality.
Supported Platforms¶
The Operator was developed and tested with Percona Server for MongoDB 5.0.26-22, 6.0.15-12, and 7.0.8-5. Other options may also work but have not been tested. The Operator also uses Percona Backup for MongoDB 2.4.1.
The following platforms were tested and are officially supported by the Operator 1.16.0:
- Google Kubernetes Engine (GKE) 1.26-1.29
- Amazon Elastic Container Service for Kubernetes (EKS) 1.26-1.29
- OpenShift Container Platform 4.12.56 - 4.15.11
- Azure Kubernetes Service (AKS) 1.27-1.29
- Minikube 1.33.0
This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.