Custom Resource options

A Custom Resource (CR) is how you configure the Operator to manage Percona Server for MongoDB. It defines a custom resource of type PerconaServerMongoDB.

To customize it, edit the spec section in the deploy/cr.yaml .

This document explains every section of the deploy/cr.yaml Custom Resource manifest and describes available options.

apiVersion

Specifies the API version of the Custom Resource. psmdb.percona.com indicates the group, and v1 is the version of the API.

This tells Kubernetes which version of the custom resource definition (CRD) to use.

kind

Defines the type of resource being created.

metadata

The metadata part of the deploy/cr.yaml contains metadata about the resource, such as its name and other attributes. It includes the following keys:

• name sets the name of your Percona Server for MongoDB Cluster. The name must follow these rules:

  • include only URL-compatible characters ,
  • not exceed 22 characters,
  • start and end with an alphanumeric character

  The default name is my-cluster-name.

• finalizers ensure safe deletion of resources in Kubernetes under certain conditions. This subsection includes the following finalizers:

  • percona.com/delete-psmdb-pods-in-order if present, activates the Finalizer which controls the proper Pods deletion order in case of the cluster deletion event (on by default)
  • percona.com/delete-psmdb-pvc if present, activates the Finalizer which deletes appropriate Persistent Volume Claims after the cluster deletion event (off by default)
  • percona.com/delete-pitr-chunks if present, activates the Finalizer which deletes all point-in-time recovery chunks from the cloud storage on cluster deletion (off by default)

Toplevel spec elements

The spec part of the deploy/cr.yaml file contains the following keys and sections:

platform

Override/set the Kubernetes platform: kubernetes or openshift.

Value type	Example
string	kubernetes

pause

Pause/resume: setting it to true gracefully stops the cluster, and setting it to false after shut down starts the cluster back.

Value type	Example
boolean	false

unmanaged

Setting it to true instructs the Operator to run the cluster in unmanaged state - the Operator does not form replica sets, and does not generate TLS certificates or user credentials. This can be useful for migration scenarios and for cross-site replication.

Value type	Example
boolean	false

enableVolumeExpansion

Enables or disables automatic storage scaling / volume expansion.

Value type	Example
boolean	false

crVersion

Version of the Operator the Custom Resource belongs to.

Value type	Example
string	1.20.0

image

The Docker image of Percona Server for MongoDB to deploy (actual image names can be found in the list of certified images).

Value type	Example
string	percona/percona-server-mongodb:6.0.21-18

imagePullPolicy

The policy used to update images .

Value type	Example
string	Always

imagePullSecrets.name

The Kubernetes ImagePullSecret to access the custom registry.

Value type	Example
string	private-registry-credentials

initImage

An alternative image for the initial Operator installation.

Value type	Example
string	percona/percona-server-mongodb-operator:1.20.0

initContainerSecurityContext

A custom Kubernetes Security Context for a Container for the initImage (image, which can be used instead of the default one while the initial Operator installation).

Value type	Example
subdoc	{}

ClusterServiceDNSSuffix

The (non-standard) cluster domain to be used as a suffix of the Service name.

Value type	Example
string	svc.cluster.local

clusterServiceDNSMode

Can be internal (local fully-qualified domain names will be used in replset configuration even if the replset is exposed - the default value), external (exposed MongoDB instances will use ClusterIP addresses, should be applied with caution) or ServiceMesh (use a special FQDN based on the Pod name). Being set, ServiceMesh value suprecedes multiCluster settings, and therefore these two modes cannot be combined together.

Value type	Example
string	Internal

allowUnsafeConfigurations

Prevents users from configuring a cluster with unsafe parameters: starting it with less than 3 replica set instances, with an even number of replica set instances without additional arbiter, or without TLS/SSL certificates, or running a sharded cluster with less than 3 config server Pods or less than 2 mongos Pods (if false, the Operator will automatically change unsafe parameters to safe defaults). After switching to unsafe configurations permissive mode you will not be able to switch the cluster back by setting spec.allowUnsafeConfigurations key to false, the flag will be ignored. This option is deprecated and will be removed in future releases. Use unsafeFlags subsection instead

Value type	Example
boolean	false

updateStrategy

A strategy the Operator uses for upgrades. Possible values are SmartUpdate, RollingUpdate and OnDelete .

Value type	Example
string	SmartUpdate

ignoreAnnotations

The list of annotations to be ignored by the Operator.

Value type	Example
subdoc	service.beta.kubernetes.io/aws-load-balancer-backend-protocol

ignoreLabels

The list of labels to be ignored by the Operator.

Value type	Example
subdoc	rack

multiCluster.enabled

Multi-cluster Services (MCS): setting it to true enables MCS cluster mode .

Value type	Example
boolean	false

multiCluster.DNSSuffix

The cluster domain to be used as a suffix for multi-cluster Services used by Kubernetes (svc.clusterset.local by default ).

Value type	Example
string	svc.clusterset.local

Unsafe flags section

The unsafeFlags section in the deploy/cr.yaml file contains various configuration options to prevent users from configuring a cluster with unsafe parameters.

Once you enable permissive mode with unsafe settings, you cannot disable it by simply turning the same settings back (e.g. by setting a configuration option to false). These settings will be ignored if you try to revert them. Reverting the cluster to a secure state may require additional steps or reinitialization.

unsafeFlags.tls

Prevents users from configuring a cluster without TLS/SSL certificates (if false, the Operator will automatically change unsafe parameters to safe defaults).

Value type	Example
boolean	false

unsafeFlags.replsetSize

Prevents users from configuring a cluster with unsafe parameters: starting it with less than 3 replica set instances or with an even number of replica set instances without additional arbiter (if false, the Operator will automatically change unsafe parameters to safe defaults).

Value type	Example
boolean	false

unsafeFlags.mongosSize

Prevents users from configuring a sharded cluster with less than 3 config server Pods or less than 2 mongos Pods (if false, the Operator will automatically change unsafe parameters to safe defaults).

Value type	Example
boolean	false

unsafeFlags.terminationGracePeriod

Prevents users from configuring a sharded cluster without termination grace period for replica set, config servers and mongos Pods.

Value type	Example
boolean	false

unsafeFlags.backupIfUnhealthy

Prevents running backup on a cluster with failed health checks .

Value type	Example
boolean	false

TLS (extended cert-manager configuration section)

The tls section in the deploy/cr.yaml file contains various configuration options for additional customization of the Transport Layer Security.

tls.mode

Controls if the TLS encryption should be used and/or enforced. Can be disabled, allowTLS, preferTLS, or requireTLS. If set to disabled, it also requires setting unsafeFlags.tls option totrue`.

Value type	Example
string	preferTLS

tls.certValidityDuration

The validity duration of the external certificate for cert manager (90 days by default). This value is used only at cluster creation time and can’t be changed for existing clusters.

Value type	Example
string	2160h

tls.allowInvalidCertificates

If true, the mongo shell will not attempt to validate the server certificates. Should be true (default variant) to use self-signed certificates generated by the Operator when there is no cert-manager.

Value type	Example
boolean	true

‘tls.issuerConf.name’

A cert-manager issuer name .

Value type	Example
string	special-selfsigned-issuer

‘tls.issuerConf.kind’

A cert-manager issuer type .

‘tls.issuerConf.group’

A cert-manager issuer group . Should be cert-manager.io for built-in cert-manager certificate issuers.

Value type	Example
string	cert-manager.io

Upgrade Options Section

The upgradeOptions section in the deploy/cr.yaml file contains various configuration options to control Percona Server for MongoDB upgrades.

upgradeOptions.versionServiceEndpoint

The Version Service URL used to check versions compatibility for upgrade.

Value type	Example
string	https://check.percona.com

upgradeOptions.apply

Specifies how updates are processed by the Operator. Never or Disabled will completely disable automatic upgrades, otherwise it can be set to Latest or Recommended or to a specific version stringof Percona Server for MongoDB (e.g. 6.0.21-18) that is wished to be version-locked (so that the user can control the version running, but use automatic upgrades to move between them).

Value type	Example
string	disabled

upgradeOptions.schedule

Scheduled time to check for updates, specified in the crontab format .

Value type	Example
string	0 2 \* \* \*

upgradeOptions.setFCV

If enabled, FeatureCompatibilityVersion (FCV) will be set to match the version during major version upgrade.

Value type	Example
boolean	false

Secrets section

Each spec in its turn may contain some key-value pairs. The secrets one has only two of them:

secrets.keyFile

The secret name for the MongoDB Internal Auth Key file . This secret is auto-created by the operator if it doesn’t exist.

Value type	Example
string	my-cluster-name-mongodb-keyfile

secrets.users

The name of the Secrets object for the MongoDB users required to run the operator.

Value type	Example
string	my-cluster-name-secrets

secrets.sse

The name of the Secrets object for server side encryption credentials

Value type	Example
string	my-cluster-name-sse

secrets.ssl

A secret with TLS certificate generated for external communications, see Transport Layer Security (TLS) for details.

Value type	Example
string	my-custom-ssl

secrets.sslInternal

A secret with TLS certificate generated for internal communications, see Transport Layer Security (TLS) for details.

Value type	Example
string	my-custom-ssl-internal

secrets.encryptionKey

Specifies a secret object with the encryption key .

Value type	Example
string	my-cluster-name-mongodb-encryption-key

secrets.vault

Specifies a secret object to provide integration with HashiCorp Vault.

Value type	Example
string	my-cluster-name-vault

secrets.ldapSecret

Specifies a secret object for LDAP over TLS connection between MongoDB and OpenLDAP server.

Value type	Example
string	my-ldap-secret

Replsets Section

The replsets section controls the MongoDB Replica Set.

replsets.name

The name of the MongoDB Replica Set .

Value type	Example
string	rs 0

replsets.size

The size of the MongoDB Replica Set, must be >= 3 for High-Availability .

Value type	Example
int	3

replsets.terminationGracePeriodSeconds

The amount of seconds Kubernetes will wait for a clean replica set Pods termination.

Value type	Example
int	300

‘replsets.serviceAccountName’

Name of the separate privileged service account for Replica Set Pods.

Value type	Example
string	default

replsets.topologySpreadConstraints.labelSelector.matchLabels

The label selector for the Kubernetes Pod Topology Spread Constraints .

Value type	Example
label	app.kubernetes.io/name: percona-server-mongodb

replsets.topologySpreadConstraints.maxSkew

The degree to which Pods may be unevenly distributed under the Kubernetes Pod Topology Spread Constraints .

Value type	Example
int	1

replsets.topologySpreadConstraints.topologyKey

The key of node labels for the Kubernetes Pod Topology Spread Constraints .

Value type	Example
string	kubernetes.io/hostname

replsets.topologySpreadConstraints.whenUnsatisfiable

What to do with a Pod if it doesn’t satisfy the Kubernetes Pod Topology Spread Constraints .

Value type	Example
string	DoNotSchedule

replsets.replsetOverrides.MEMBER-NAME.host

Use if you need to override the replica set members FQDNs with custom host names. Each key (MEMBER-NAME) under replsetOverrides should be name of a Pod. The Operator won’t perform any validation for hostnames, so it’s the user’s responsibility to ensure connectivity.

Value type	Example
string	my-cluster-name-rs0-0.example.net:27017

replsets.replsetOverrides.MEMBER-NAME.priority

Use if you need to override the replica set members priorities .

Value type	Example
int	3

replsets.replsetOverrides.MEMBER-NAME.tags

Optional custom tags which can be added to the replset members to make their identication easier.

Value type	Example
label	key: value-0

replsets.externalNodes.host

The URL or IP address of the external replset instance.

Value type	Example
string	34.124.76.90

replsets.externalNodes.port

The port number of the external replset instance.

Value type	Example
string	27017

replsets.externalNodes.votes

The number of votes of the external replset instance.

Value type	Example
string	0

replsets.externalNodes.priority

The priority of the external replset instance.

Value type	Example
string	0

replsets.configuration

Custom configuration options for mongod. Please refer to the official manual for the full list of options, and specific Percona Server for MongoDB docs .

Value type	Example
subdoc	| operationProfiling: mode: slowOp systemLog: verbosity: 1 storage: engine: wiredTiger wiredTiger: engineConfig: directoryForIndexes: false journalCompressor: snappy collectionConfig: blockCompressor: snappy indexConfig: prefixCompression: true

replsets.affinity.antiAffinityTopologyKey

The Kubernetes topologyKey node affinity constraint for the Replica Set nodes.

Value type	Example
string	kubernetes.io/hostname

replsets.affinity.advanced

In cases where the pods require complex tuning the advanced option turns off the topologykey effect. This setting allows the standard Kubernetes affinity constraints of any complexity to be used.

Value type	Example
subdoc

replsets.tolerations.key

The Kubernetes Pod tolerations key for the Replica Set nodes.

Value type	Example
string	node.alpha.kubernetes.io/unreachable

replsets.tolerations.operator

The Kubernetes Pod tolerations operator for the Replica Set nodes.

Value type	Example
string	Exists

replsets.tolerations.effect

The Kubernetes Pod tolerations effect for the Replica Set nodes.

Value type	Example
string	NoExecute

replsets.tolerations.tolerationSeconds

The Kubernetes Pod tolerations time limit for the Replica Set nodes.

Value type	Example
int	6000

replsets.primaryPreferTagSelector.region

Ensures the MongoDB instance is selected as Primary based on specified region

Value type	Example
string	us-west-2

replsets.primaryPreferTagSelector.zone

Ensures the MongoDB instance is selected as Primary based on specified zone

Value type	Example
string	us-west-2c

replsets.priorityClassName

The Kuberentes Pod priority class for the Replica Set nodes.

Value type	Example
string	high priority

replsets.annotations

The Kubernetes annotations metadata for the Replica Set nodes.

Value type	Example
string	iam.amazonaws.com/role: role-arn

replsets.labels

The Kubernetes affinity labels for the Replica Set nodes.

Value type	Example
label	rack: rack-22

replsets.nodeSelector

The Kubernetes nodeSelector affinity constraint for the Replica Set nodes.

Value type	Example
label	disktype: ssd

replsets.storage.engine

Sets the storage.engine option https://docs.mongodb.com/manual/reference/configuration-options/#storage.engine`_ for the Replica Set nodes.

Value type	Example
string	wiredTiger

replsets.storage.wiredTiger.engineConfig.cacheSizeRatio

The ratio used to compute the storage.wiredTiger.engineConfig.cacheSizeGB option for the Replica Set nodes.

Value type	Example
float	0.5

replsets.storage.wiredTiger.engineConfig.directoryForIndexes

Sets the storage.wiredTiger.engineConfig.directoryForIndexes option for the Replica Set nodes.

Value type	Example
boolean	false

replsets.storage.wiredTiger.engineConfig.journalCompressor

Sets the storage.wiredTiger.engineConfig.journalCompressor option for the Replica Set nodes.

Value type	Example
string	snappy

replsets.storage.wiredTiger.collectionConfig.blockCompressor

Sets the storage.wiredTiger.collectionConfig.blockCompressor option for the Replica Set nodes.

Value type	Example
string	snappy

replsets.storage.wiredTiger.indexConfig.prefixCompression

Sets the storage.wiredTiger.indexConfig.prefixCompression option for the Replica Set nodes.

Value type	Example
boolean	true

replsets.storage.inMemory.engineConfig.inMemorySizeRatio

The ratio used to compute the storage.engine.inMemory.inMemorySizeGb option for the Replica Set nodes.

Value type	Example
float	0.9

replsets.livenessProbe.failureThreshold

Number of consecutive unsuccessful tries of the liveness probe to be undertaken before giving up.

Value type	Example
int	4

replsets.livenessProbe.initialDelaySeconds

Number of seconds to wait after the container start before initiating the liveness probe .

Value type	Example
int	60

replsets.livenessProbe.periodSeconds

How often to perform a liveness probe (in seconds).

Value type	Example
int	30

replsets.livenessProbe.timeoutSeconds

Number of seconds after which the liveness probe times out.

Value type	Example
int	10

replsets.livenessProbe.startupDelaySeconds

Time after which the liveness probe is failed if the MongoDB instance didn’t finish its full startup yet.

Value type	Example
int	7200

replsets.readinessProbe.failureThreshold

Number of consecutive unsuccessful tries of the readiness probe to be undertaken before giving up.

Value type	Example
int	8

replsets.readinessProbe.initialDelaySeconds

Number of seconds to wait after the container start before initiating the readiness probe .

Value type	Example
int	10

replsets.readinessProbe.periodSeconds

How often to perform a readiness probe (in seconds).

Value type	Example
int	3

replsets.readinessProbe.successThreshold

Minimum consecutive successes for the readiness probe to be considered successful after having failed.

Value type	Example
int	1

replsets.readinessProbe.timeoutSeconds

Number of seconds after which the readiness probe times out.

Value type	Example
int	2

‘replsets.containerSecurityContext’

A custom Kubernetes Security Context for a Container to be used instead of the default one.

Value type	Example
subdoc	privileged: false

‘replsets.podSecurityContext’

A custom Kubernetes Security Context for a Pod to be used instead of the default one.

Value type	Example
subdoc	runAsUser: 1001 runAsGroup: 1001 supplementalGroups: [1001]

replsets.runtimeClassName

Name of the Kubernetes Runtime Class for Replica Set Pods.

Value type	Example
string	image-rc

replsets.sidecars.image

Image for the custom sidecar container for Replica Set Pods.

Value type	Example
string	busybox

replsets.sidecars.command

Command for the custom sidecar container for Replica Set Pods.

Value type	Example
array	["/bin/sh"]

replsets.sidecars.args

Command arguments for the custom sidecar container for Replica Set Pods.

Value type	Example
array	["-c", "while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done"]

replsets.sidecars.name

Name of the custom sidecar container for Replica Set Pods.

Value type	Example
string	rs-sidecar-1

replsets.sidecars.volumeMounts.mountPath

Mount path of the custom sidecar container volume for Replica Set Pods.

Value type	Example
string	/volume1

replsets.sidecars.volumeMounts.name

Name of the custom sidecar container volume for Replica Set Pods.

Value type	Example
string	sidecar-volume-claim

replsets.sidecarVolumes.name

Name of the custom sidecar container volume for Replica Set Pods.

Value type	Example
string	sidecar-config

replsets.sidecarVolumes.configMap.name

Name of the ConfigMap for a custom sidecar container volume for Replica Set Pods.

Value type	Example
string	myconfigmap

replsets.sidecarVolumes.secret.secretName

Name of the Secret for a custom sidecar container volume for Replica Set Pods.

Value type	Example
string	sidecar-secret

replsets.sidecarVolumes.nfs.server

The hostname of the NFS server that will provide remote filesystem to the custom sidecar container volume for Replica Set Pods.

Value type	Example
string	nfs-service.storage.svc.cluster.local

replsets.sidecarVolumes.nfs.path

The path on the NFS server that will be provided as a remote filesystem to the custom sidecar container volume for Replica Set Pods.

Value type	Example
string	/psmdb-some-name-rs0

replsets.sidecarPVCs

Persistent Volume Claim for the custom sidecar container volume for Replica Set Pods.

Value type	Example
subdoc

replsets.podDisruptionBudget.maxUnavailable

The Kubernetes Pod distribution budget limit specifying the maximum value for unavailable Pods.

Value type	Example
int	1

replsets.podDisruptionBudget.minAvailable

The Kubernetes Pod distribution budget limit specifying the minimum value for available Pods.

Value type	Example
int	1

replsets.splitHorizons.REPLICASET-POD-NAME.external

External URI for Split-horizon for replica set Pods of the exposed cluster.

Value type	Example
string	rs0-0.mycluster.xyz

replsets.splitHorizons.REPLICASET-POD-NAME.external-2

External URI for Split-horizon for replica set Pods of the exposed cluster.

Value type	Example
string	rs0-0.mycluster2.xyz

replsets.expose.enabled

Enable or disable exposing MongoDB Replica Set nodes with dedicated IP addresses.

Value type	Example
boolean	false

replsets.expose.type

The IP address type to be exposed.

Value type	Example
string	ClusterIP

replsets.expose.loadBalancerClass

Define the implementation of the load balancer you want to use. This setting enables you to select a custom or specific load balancer class instead of the default one provided by the cloud provider.

Value type	Example
string	eks.amazonaws.com/nlb

replsets.expose.loadBalancerSourceRanges

The range of client IP addresses from which the load balancer should be reachable (if not set, there is no limitations).

Value type	Example
string	10.0.0.0/8

replsets.expose.annotations

The Kubernetes annotations metadata for the MongoDB mongod daemon.

Value type	Example
string	service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http

replsets.expose.labels

The Kubernetes labels for the MongoDB Replica Set Service.

Value type	Example
string	rack: rack-22

replsets.expose.internalTrafficPolicy

Specifies whether Service for MongoDB instances should route internal traffic to cluster-wide or to node-local endpoints (it can influence the load balancing effectiveness).

Value type	Example
boolean	Local

replsets.expose.externalTrafficPolicy

Specifies whether Service for MongoDB instances should route external traffic to cluster-wide (Cluster) or to node-local (Local) endpoints. It can influence the load balancing effectiveness.

Value type	Example
string	Local

replsets.nonvoting.enabled

Enable or disable creation of Replica Set non-voting instances within the cluster.

Value type	Example
boolean	false

replsets.nonvoting.size

The number of Replica Set non-voting instances within the cluster.

Value type	Example
int	1

replsets.nonvoting.podSecurityContext

A custom Kubernetes Security Context for a Pod to be used instead of the default one.

Value type	Example
subdoc	{}

replsets.nonvoting.containerSecurityContext

A custom Kubernetes Security Context for a Container to be used instead of the default one.

Value type	Example
subdoc	{}

replsets.nonvoting.afinity.antiAffinityTopologyKey

The Kubernetes topologyKey node affinity constraint for the non-voting nodes.

Value type	Example
string	kubernetes.io/hostname

replsets.nonvoting.affinity.advanced

In cases where the pods require complex tuning the advanced option turns off the topologykey effect. This setting allows the standard Kubernetes affinity constraints of any complexity to be used.

Value type	Example
subdoc

replsets.nonvoting.tolerations.key

The Kubernetes Pod tolerations key for the non-voting nodes.

Value type	Example
string	node.alpha.kubernetes.io/unreachable

replsets.nonvoting.tolerations.operator

The Kubernetes Pod tolerations operator for the non-voting nodes.

Value type	Example
string	Exists

replsets.nonvoting.tolerations.effect

The Kubernetes Pod tolerations effect for the non-voting nodes.

Value type	Example
string	NoExecute

replsets.nonvoting.tolerations.tolerationSeconds

The Kubernetes Pod tolerations time limit for the non-voting nodes.

Value type	Example
int	6000

replsets.nonvoting.priorityClassName

The Kuberentes Pod priority class for the non-voting nodes.

Value type	Example
string	high priority

replsets.nonvoting.annotations

The Kubernetes annotations metadata for the non-voting nodes.

Value type	Example
string	iam.amazonaws.com/role: role-arn

replsets.nonvoting.labels

The Kubernetes affinity labels for the non-voting nodes.

Value type	Example
label	rack: rack-22

replsets.nonvoting.nodeSelector

The Kubernetes nodeSelector affinity constraint for the non-voting nodes.

Value type	Example
label	disktype: ssd

replsets.nonvoting.podDisruptionBudget.maxUnavailable

The Kubernetes Pod distribution budget limit specifying the maximum value for unavailable Pods among non-voting nodes.

Value type	Example
int	1

replsets.nonvoting.podDisruptionBudget.minAvailable

The Kubernetes Pod distribution budget limit specifying the minimum value for available Pods among non-voting nodes.

Value type	Example
int	1

replsets.nonvoting.resources.limits.cpu

Kubernetes CPU limit for MongoDB container.

Value type	Example
string	300m

replsets.nonvoting.resources.limits.memory

Kubernetes Memory limit for MongoDB container.

Value type	Example
string	0.5G

replsets.nonvoting.resources.requests.cpu

The Kubernetes CPU requests for MongoDB container.

Value type	Example
string	300m

replsets.nonvoting.resources.requests.memory

The Kubernetes Memory requests for MongoDB container.

Value type	Example
string	0.5G

replsets.nonvoting.volumeSpec.emptyDir

The Kubernetes emptyDir volume , i.e. the directory which will be created on a node, and will be accessible to the MongoDB Pod containers.

Value type	Example
string	{}

replsets.nonvoting.volumeSpec.hostPath.path

Kubernetes hostPath volume , i.e. the file or directory of a node that will be accessible to the MongoDB Pod containers.

Value type	Example
string	/data

replsets.nonvoting.volumeSpec.hostPath.type

The Kubernetes hostPath volume type .

Value type	Example
string	Directory

replsets.nonvoting.volumeSpec.persistentVolumeClaim.annotations

The Kubernetes annotations metadata for Persistent Volume Claim .

Value type	Example
string	service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http

replsets.nonvoting.volumeSpec.persistentVolumeClaim.labels

The Kubernetes labels metadata for Persistent Volume Claim .

Value type	Example
string	rack: rack-22

replsets.nonvoting.volumeSpec.persistentVolumeClaim.storageClassName

The Kubernetes Storage Class to use with the MongoDB container Persistent Volume Claim for the non-voting nodes. Use Storage Class with XFS as the default filesystem if possible, [for better MongoDB performance ](https://dba.stackexchange.com/questions/190578/is-xfs-still-the-best-choice-for-mongodb.

Value type	Example
string	standard

replsets.nonvoting.volumeSpec.persistentVolumeClaim.accessModes

The Kubernetes Persistent Volume access modes for the MongoDB container for the non-voting nodes.

Value type	Example
array	[ "ReadWriteOnce" ]

replsets.nonvoting.volumeSpec.persistentVolumeClaim.resources.requests.storage

The Kubernetes Persistent Volume size for the MongoDB container for the non-voting nodes.

Value type	Example
string	3Gi

replsets.arbiter.enabled

Enable or disable creation of Replica Set Arbiter nodes within the cluster.

Value type	Example
boolean	false

replsets.arbiter.size

The number of Replica Set Arbiter instances within the cluster.

Value type	Example
int	1

replsets.arbiter.afinity.antiAffinityTopologyKey

The Kubernetes topologyKey node affinity constraint for the Arbiter.

Value type	Example
string	kubernetes.io/hostname

replsets.arbiter.affinity.advanced

In cases where the pods require complex tuning the advanced option turns off the topologykey effect. This setting allows the standard Kubernetes affinity constraints of any complexity to be used.

Value type	Example
subdoc

replsets.arbiter.tolerations.key

The Kubernetes Pod tolerations key for the Arbiter nodes.

Value type	Example
string	node.alpha.kubernetes.io/unreachable

replsets.arbiter.tolerations.operator

The Kubernetes Pod tolerations operator for the Arbiter nodes.

Value type	Example
string	Exists

replsets.arbiter.tolerations.effect

The Kubernetes Pod tolerations effect for the Arbiter nodes.

Value type	Example
string	NoExecute

replsets.arbiter.tolerations.tolerationSeconds

The Kubernetes Pod tolerations time limit for the Arbiter nodes.

Value type	Example
int	6000

replsets.arbiter.priorityClassName

The Kuberentes Pod priority class for the Arbiter nodes.

Value type	Example
string	high priority

replsets.arbiter.annotations

The Kubernetes annotations metadata for the Arbiter nodes.

Value type	Example
string	iam.amazonaws.com/role: role-arn

replsets.arbiter.labels

The Kubernetes affinity labels for the Arbiter nodes.

Value type	Example
label	rack: rack-22

replsets.arbiter.nodeSelector

The Kubernetes nodeSelector affinity constraint for the Arbiter nodes.

Value type	Example
label	disktype: ssd

replsets.resources.limits.cpu

Kubernetes CPU limit for MongoDB container.

Value type	Example
string	300m

replsets.resources.limits.memory

Kubernetes Memory limit for MongoDB container.

Value type	Example
string	0.5G

replsets.resources.requests.cpu

The Kubernetes CPU requests for MongoDB container.

Value type	Example
string	300m

replsets.resources.requests.memory

The Kubernetes Memory requests for MongoDB container.

Value type	Example
string	0.5G

replsets.volumeSpec.emptyDir

The Kubernetes emptyDir volume , i.e. the directory which will be created on a node, and will be accessible to the MongoDB Pod containers.

Value type	Example
string	{}

replsets.volumeSpec.hostPath.path

Kubernetes hostPath volume , i.e. the file or directory of a node that will be accessible to the MongoDB Pod containers.

Value type	Example
string	/data

replsets.volumeSpec.hostPath.type

The Kubernetes hostPath volume type .

Value type	Example
string	Directory

replsets.volumeSpec.persistentVolumeClaim.annotations

The Kubernetes annotations metadata for Persistent Volume Claim .

Value type	Example
string	service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http

replsets.volumeSpec.persistentVolumeClaim.labels

The Kubernetes labels metadata for Persistent Volume Claim .

Value type	Example
string	rack: rack-22

replsets.volumeSpec.persistentVolumeClaim.storageClassName

The Kubernetes Storage Class to use with the MongoDB container Persistent Volume Claim . Use Storage Class with XFS as the default filesystem if possible, for better MongoDB performance .

Value type	Example
string	standard

replsets.volumeSpec.persistentVolumeClaim.accessModes

The Kubernetes Persistent Volume access modes for the MongoDB container.

Value type	Example
array	[ "ReadWriteOnce" ]

replsets.volumeSpec.persistentVolumeClaim.resources.requests.storage

The Kubernetes Persistent Volume size for the MongoDB container.

Value type	Example
string	3Gi

replsets.hostAliases.ip

The IP address for Kubernetes host aliases for replica set Pods.

Value type	Example
string	"10.10.0.2"

replsets.hostAliases.hostnames

Hostnames for Kubernetes host aliases for replica set Pods.

Value type	Example
subdoc

PMM Section

The pmm section in the deploy/cr.yaml file contains configuration options for Percona Monitoring and Management.

pmm.enabled

Enables or disables monitoring Percona Server for MongoDB with PMM .

Value type	Example
boolean	false

pmm.image

PMM Client docker image to use.

Value type	Example
string	percona/pmm-client:2.44.1

pmm.serverHost

Address of the PMM Server to collect data from the Cluster.

Value type	Example
string	monitoring-service

pmm.containerSecurityContext

A custom Kubernetes Security Context for a Container to be used instead of the default one.

Value type	Example
subdoc	{}

pmm.customClusterName

A custom name to define for a cluster. PMM Server uses this name to properly parse the metrics and display them on dashboards. Using a custom name is useful for clusters deployed in different data centers - PMM Server connects them and monitors them as one deployment. Another use case is for clusters deployed with the same name in different namespaces - PMM treats each cluster separately.

Value type	Example
string	mongo-cluster

pmm.mongodParams

Additional parameters which will be passed to the pmm-admin add mongodb command for mongod Pods.

Value type	Example
string	--environment=DEV-ENV --custom-labels=DEV-ENV

pmm.mongosParams

Additional parameters which will be passed to the pmm-admin add mongodb command for mongos Pods.

Value type	Example
string	--environment=DEV-ENV --custom-labels=DEV-ENV

Sharding Section

The sharding section in the deploy/cr.yaml file contains configuration options for Percona Server for MondoDB sharding.

sharding.enabled

Enables or disables Percona Server for MondoDB sharding .

Value type	Example
boolean	true

sharding.configsvrReplSet.size

The number of Config Server instances within the cluster.

Value type	Example
int	3

sharding.configsvrReplSet.terminationGracePeriodSeconds

The amount of seconds Kubernetes will wait for a clean config server Pods termination.

Value type	Example
int	300

‘sharding.configsvrReplSet.serviceAccountName’

Name of the separate privileged service account for Config Server Pods.

Value type	Example
string	default

sharding.configsvrReplSet.topologySpreadConstraints.labelSelector.matchLabels

The label selector for the Kubernetes Pod Topology Spread Constraints .

Value type	Example
label	app.kubernetes.io/name: percona-server-mongodb

sharding.configsvrReplSet.topologySpreadConstraints.maxSkew

The degree to which Pods may be unevenly distributed under the Kubernetes Pod Topology Spread Constraints .

Value type	Example
int	1

sharding.configsvrReplSet.topologySpreadConstraints.topologyKey

The key of node labels for the Kubernetes Pod Topology Spread Constraints .

Value type	Example
string	kubernetes.io/hostname

sharding.configsvrReplSet.topologySpreadConstraints.whenUnsatisfiable

What to do with a Pod if it doesn’t satisfy the Kubernetes Pod Topology Spread Constraints .

Value type	Example
string	DoNotSchedule

sharding.configsvrReplSet.externalNodes.host

The URL or IP address of the external config server instance.

Value type	Example
string	34.124.76.90

sharding.configsvrReplSet.externalNodes.port

The port number of the external config server instance.

Value type	Example
string	27017

sharding.configsvrReplSet.externalNodes.votes

The number of votes of the external config server instance.

Value type	Example
string	0

sharding.configsvrReplSet.externalNodes.priority

The priority of the external config server instance.

Value type	Example
string	0

sharding.configsvrReplSet.configuration

Custom configuration options for Config Servers. Please refer to the official manual for the full list of options.

Value type	Example
string	| operationProfiling: mode: slowOp systemLog: verbosity: 1

sharding.configsvrReplSet.livenessProbe.failureThreshold

Number of consecutive unsuccessful tries of the liveness probe to be undertaken before giving up.

Value type	Example
int	4

sharding.configsvrReplSet.livenessProbe.initialDelaySeconds

Number of seconds to wait after the container start before initiating the liveness probe .

Value type	Example
int	60

sharding.configsvrReplSet.livenessProbe.periodSeconds

How often to perform a liveness probe (in seconds).

Value type	Example
int	30

sharding.configsvrReplSet.livenessProbe.timeoutSeconds

Number of seconds after which the liveness probe times out.

Value type	Example
int	10

sharding.configsvrReplSet.livenessProbe.startupDelaySeconds

Time after which the liveness probe is failed if the MongoDB instance didn’t finish its full startup yet.

Value type	Example
int	7200

sharding.configsvrReplSet.readinessProbe.failureThreshold

Number of consecutive unsuccessful tries of the readiness probe to be undertaken before giving up.

Value type	Example
int	3

sharding.configsvrReplSet.readinessProbe.initialDelaySeconds

Number of seconds to wait after the container start before initiating the readiness probe .

Value type	Example
int	10

sharding.configsvrReplSet.readinessProbe.periodSeconds

How often to perform a readiness probe (in seconds).

Value type	Example
int	3

sharding.configsvrReplSet.readinessProbe.successThreshold

Minimum consecutive successes for the readiness probe to be considered successful after having failed.

Value type	Example
int	1

sharding.configsvrReplSet.readinessProbe.timeoutSeconds

Number of seconds after which the readiness probe times out.

Value type	Example
int	2

‘sharding.configsvrReplSet.containerSecurityContext’

A custom Kubernetes Security Context for a Container to be used instead of the default one.

Value type	Example
subdoc	privileged: false

‘sharding.configsvrReplSet.podSecurityContext’

A custom Kubernetes Security Context for a Pod to be used instead of the default one.

Value type	Example
subdoc	runAsUser: 1001 runAsGroup: 1001 supplementalGroups: [1001]

sharding.configsvrReplSet.runtimeClassName

Name of the Kubernetes Runtime Class for Config Server Pods.

Value type	Example
string	image-rc

sharding.configsvrReplSet.sidecars.image

Image for the custom sidecar container for Config Server Pods.

Value type	Example
string	busybox

sharding.configsvrReplSet.sidecars.command

Command for the custom sidecar container for Config Server Pods.

Value type	Example
array	["/bin/sh"]

sharding.configsvrReplSet.sidecars.args

Command arguments for the custom sidecar container for Config Server Pods.

Value type	Example
array	["-c", "while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done"]

sharding.configsvrReplSet.sidecars.name

Name of the custom sidecar container for Config Server Pods.

Value type	Example
string	rs-sidecar-1

sharding.configsvrReplSet.sidecarVolumes.name

Name of the custom sidecar container volume for Config Server Pods.

Value type	Example
string	sidecar-config

sharding.configsvrReplSet.sidecarVolumes.nfs.server

The hostname of the NFS server that will provide remote filesystem to the custom sidecar container volume for Config Server Pods.

Value type	Example
string	nfs-service.storage.svc.cluster.local

sharding.configsvrReplSet.sidecarVolumes.nfs.path

The path on the NFS server that will be provided as a remote filesystem to the custom sidecar container volume for Config Server Pods.

Value type	Example
string	/psmdb-some-name-rs0

sharding.configsvrReplSet.limits.cpu

Kubernetes CPU limit for Config Server container.

Value type	Example
string	300m

sharding.configsvrReplSet.limits.memory

Kubernetes Memory limit for Config Server container.

Value type	Example
string	0.5G

sharding.configsvrReplSet.resources.requests.cpu

The Kubernetes CPU requests for Config Server container.

Value type	Example
string	300m

sharding.configsvrReplSet.requests.memory

The Kubernetes Memory requests for Config Server container.

Value type	Example
string	0.5G

sharding.configsvrReplSet.expose.enabled

Enable or disable exposing Config Server nodes with dedicated IP addresses.

Value type	Example
boolean	false

sharding.configsvrReplSet.expose.type

The IP address type to be exposed.

Value type	Example
string	ClusterIP

sharding.configsvrReplSet.expose.loadBalancerClass

Define the implementation of the load balancer you want to use. This setting enables you to select a custom or specific load balancer class instead of the default one provided by the cloud provider.

Value type	Example
string	eks.amazonaws.com/nlb

sharding.configsvrReplSet.expose.loadBalancerSourceRanges

The range of client IP addresses from which the load balancer should be reachable (if not set, there is no limitations).

Value type	Example
string	10.0.0.0/8

sharding.configsvrReplSet.expose.annotations

The Kubernetes annotations metadata for the Config Server daemon.

Value type	Example
string	service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http

sharding.configsvrReplSet.expose.labels

The Kubernetes labels for the Config Server Service.

Value type	Example
string	rack: rack-22

sharding.configsvrReplSet.expose.internalTrafficPolicy

Specifies whether Service for config servers should route internal traffic to cluster-wide or to node-local endpoints (it can influence the load balancing effectiveness).

Value type	Example
boolean	Local

sharding.configsvrReplSet.expose.externalTrafficPolicy

Specifies whether Service for config servers should route external traffic to cluster-wide (Cluster) or to node-local (Local) endpoints. It can influence the load balancing effectiveness.

Value type	Example
string	Local

sharding.configsvrReplSet.volumeSpec.emptyDir

The Kubernetes emptyDir volume , i.e. the directory which will be created on a node, and will be accessible to the Config Server Pod containers.

Value type	Example
string	{}

sharding.configsvrReplSet.volumeSpec.hostPath.path

Kubernetes hostPath volume , i.e. the file or directory of a node that will be accessible to the Config Server Pod containers.

Value type	Example
string	/data

sharding.configsvrReplSet.volumeSpec.hostPath.type

The Kubernetes hostPath volume type .

Value type	Example
string	Directory

sharding.configsvrReplSet.volumeSpec.persistentVolumeClaim.annotations

The Kubernetes annotations metadata for Persistent Volume Claim .

Value type	Example
string	service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http

sharding.configsvrReplSet.volumeSpec.persistentVolumeClaim.labels

The Kubernetes labels metadata for Persistent Volume Claim .

Value type	Example
string	rack: rack-22

sharding.configsvrReplSet.volumeSpec.persistentVolumeClaim.storageClassName

The Kubernetes Storage Class to use with the Config Server container Persistent Volume Claim . Use Storage Class with XFS as the default filesystem if possible, for better MongoDB performance .

Value type	Example
string	standard

sharding.configsvrReplSet.volumeSpec.persistentVolumeClaim.accessModes

The Kubernetes Persistent Volume access modes for the Config Server container.

Value type	Example
array	[ "ReadWriteOnce" ]

sharding.configsvrReplSet.volumeSpec.persistentVolumeClaim.resources.requests.storage

The Kubernetes Persistent Volume size for the Config Server container.

Value type	Example
string	3Gi

sharding.configsvrReplSet.hostAliases.ip

The IP address for Kubernetes host aliases for replica set Pods.

Value type	Example
string	"10.10.0.2"

sharding.configsvrReplSet.hostAliases.hostnames

Hostnames for Kubernetes host aliases for config server Pods.

Value type	Example
subdoc

sharding.mongos.size

The number of mongos instances within the cluster.

Value type	Example
int	3

sharding.mongos.terminationGracePeriodSeconds

The amount of seconds Kubernetes will wait for a clean mongos Pods termination.

Value type	Example
int	300

‘sharding.mongos.serviceAccountName’

Name of the separate privileged service account for mongos Pods.

Value type	Example
string	default

sharding.mongos.topologySpreadConstraints.labelSelector.matchLabels

The label selector for the Kubernetes Pod Topology Spread Constraints .

Value type	Example
label	app.kubernetes.io/name: percona-server-mongodb

sharding.mongos.topologySpreadConstraints.maxSkew

The degree to which Pods may be unevenly distributed under the Kubernetes Pod Topology Spread Constraints .

Value type	Example
int	1

sharding.mongos.topologySpreadConstraints.topologyKey

The key of node labels for the Kubernetes Pod Topology Spread Constraints .

Value type	Example
string	kubernetes.io/hostname

sharding.mongos.topologySpreadConstraints.whenUnsatisfiable

What to do with a Pod if it doesn’t satisfy the Kubernetes Pod Topology Spread Constraints .

Value type	Example
string	DoNotSchedule

sharding.mongos.configuration

Custom configuration options for mongos. Please refer to the official manual for the full list of options.

Value type	Example
string	| systemLog: verbosity: 1

sharding.mongos.afinity.antiAffinityTopologyKey

The Kubernetes topologyKey node affinity constraint for mongos.

Value type	Example
string	kubernetes.io/hostname

sharding.mongos.affinity.advanced

In cases where the Pods require complex tuning the advanced option turns off the topologykey effect. This setting allows the standard Kubernetes affinity constraints of any complexity to be used.

Value type	Example
subdoc

sharding.mongos.tolerations.key

The Kubernetes Pod tolerations key for mongos instances.

Value type	Example
string	node.alpha.kubernetes.io/unreachable

sharding.mongos.tolerations.operator

The Kubernetes Pod tolerations operator for mongos instances.

Value type	Example
string	Exists

sharding.mongos.tolerations.effect

The Kubernetes Pod tolerations effect for mongos instances.

Value type	Example
string	NoExecute

sharding.mongos.tolerations.tolerationSeconds

The Kubernetes Pod tolerations time limit for mongos instances.

Value type	Example
int	6000

sharding.mongos.priorityClassName

The Kuberentes Pod priority class for mongos instances.

Value type	Example
string	high priority

sharding.mongos.annotations

The Kubernetes annotations metadata for the mongos instances.

Value type	Example
string	iam.amazonaws.com/role: role-arn

sharding.mongos.labels

The Kubernetes affinity labels for mongos instances.

Value type	Example
label	rack: rack-22

sharding.mongos.nodeSelector

The Kubernetes nodeSelector affinity constraint for mongos instances.

Value type	Example
label	disktype: ssd

sharding.mongos.livenessProbe.failureThreshold

Number of consecutive unsuccessful tries of the liveness probe to be undertaken before giving up.

Value type	Example
int	4

sharding.mongos.livenessProbe.initialDelaySeconds

Number of seconds to wait after the container start before initiating the liveness probe .

Value type	Example
int	60

sharding.mongos.livenessProbe.periodSeconds

How often to perform a liveness probe (in seconds).

Value type	Example
int	30

sharding.mongos.livenessProbe.timeoutSeconds

Number of seconds after which the liveness probe times out.

Value type	Example
int	10

sharding.mongos.livenessProbe.startupDelaySeconds

Time after which the liveness probe is failed if the MongoDB instance didn’t finish its full startup yet.

Value type	Example
int	7200

sharding.mongos.readinessProbe.failureThreshold

Number of consecutive unsuccessful tries of the readiness probe to be undertaken before giving up.

Value type	Example
int	3

sharding.mongos.readinessProbe.initialDelaySeconds

Number of seconds to wait after the container start before initiating the readiness probe .

Value type	Example
int	10

sharding.mongos.readinessProbe.periodSeconds

How often to perform a readiness probe (in seconds).

Value type	Example
int	3

sharding.mongos.readinessProbe.successThreshold

Minimum consecutive successes for the readiness probe to be considered successful after having failed.

Value type	Example
int	1

sharding.mongos.readinessProbe.timeoutSeconds

Number of seconds after which the readiness probe times out.

Value type	Example
int	2

‘sharding.mongos.containerSecurityContext’

A custom Kubernetes Security Context for a Container to be used instead of the default one.

Value type	Example
subdoc	privileged: false

‘sharding.mongos.podSecurityContext’

A custom Kubernetes Security Context for a Pod to be used instead of the default one.

Value type	Example
subdoc	runAsUser: 1001 runAsGroup: 1001 supplementalGroups: [1001]

sharding.mongos.runtimeClassName

Name of the Kubernetes Runtime Class for mongos Pods.

Value type	Example
string	image-rc

sharding.mongos.sidecars.image

Image for the custom sidecar container for mongos Pods.

Value type	Example
string	busybox

sharding.mongos.sidecars.command

Command for the custom sidecar container for mongos Pods.

Value type	Example
array	["/bin/sh"]

sharding.mongos.sidecars.args

Command arguments for the custom sidecar container for mongos Pods.

Value type	Example
array	["-c", "while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done"]

sharding.mongos.sidecars.name

Name of the custom sidecar container for mongos Pods.

Value type	Example
string	rs-sidecar-1

sharding.mongos.limits.cpu

Kubernetes CPU limit for mongos container.

Value type	Example
string	300m

sharding.mongos.limits.memory

Kubernetes Memory limit for mongos container.

Value type	Example
string	0.5G

sharding.mongos.resources.requests.cpu

The Kubernetes CPU requests for mongos container.

Value type	Example
string	300m

sharding.mongos.requests.memory

The Kubernetes Memory requests for mongos container.

Value type	Example
string	0.5G

sharding.mongos.expose.type

The IP address type to be exposed.

Value type	Example
string	ClusterIP

sharding.mongos.expose.servicePerPod

If set to true, a separate ClusterIP Service is created for each mongos instance.

Value type	Example
boolean	true

sharding.mongos.expose.loadBalancerClass

Define the implementation of the load balancer you want to use. This setting enables you to select a custom or specific load balancer class instead of the default one provided by the cloud provider.

Value type	Example
string	eks.amazonaws.com/nlb

sharding.mongos.expose.loadBalancerSourceRanges

The range of client IP addresses from which the load balancer should be reachable (if not set, there is no limitations).

Value type	Example
string	10.0.0.0/8

sharding.mongos.expose.annotations

The Kubernetes annotations metadata for the MongoDB mongos daemon.

Value type	Example
string	service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http

sharding.mongos.expose.labels

The Kubernetes labels for the MongoDB mongos Service.

Value type	Example
string	rack: rack-22

‘sharding.mongos.expose.nodePort’

The Node port number to be allocated for the MongoDB mongos Service when the sharding.mongos.expose.type is set to the NodePort, and sharding.mongos.expose.servicePerPod is not turned on.

Value type	Example
int	32017

sharding.mongos.internalTrafficPolicy

Specifies whether Services for the mongos instances should route internal traffic to cluster-wide or to node-local endpoints (it can influence the load balancing effectiveness).

Value type	Example
boolean	Local

sharding.mongos.externalTrafficPolicy

Specifies whether Service for the mongos instances should route external traffic to cluster-wide (Cluster) or to node-local (Local) endpoints. It can influence the load balancing effectiveness.

Value type	Example
string	Local

sharding.mongos.hostAliases.ip

The IP address for Kubernetes host aliases for mongos Pods.

Value type	Example
string	"10.10.0.2"

sharding.mongos.hostAliases.hostnames

Hostnames for Kubernetes host aliases for mongos Pods.

Value type	Example
subdoc

Roles section

The roles section in the deploy/cr.yaml file contains various configuration options to configure custom MongoDB user roles via the Custom Resource.

roles.role

The cusom MongoDB role name.

Value type	Example
string	myClusterwideAdmin

roles.db

Database in which you want to store the user-defined role.

Value type	Example
string	`admin

roles.authenticationRestrictions.clientSource

List of the IP addresses or CIDR blocks from which users assigned this role can connect. MongoDB servers reject connection requests from users with this role if the requests come from a client that is not present in this array.

Value type	Example
subdoc	127.0.0.1

roles.authenticationRestrictions.serverAddress

List of the IP addresses or CIDR blocks to which users assigned this role can connect. MongoDB servers reject connection requests from users with this role if the client requests to connect to a server that is not present in this array.

Value type	Example
subdoc	127.0.0.1

roles.privileges.actions

List of custom role actions that users granted this role can perform: For a list of accepted values, see Privilege Actions  in the MongoDB Manual.

Value type	Example
subdoc	addShard

roles.privileges.resource.db

Database for which the custom role actions apply. An empty string (“”) indicates that the privilege actions apply to all databases.

Value type	Example
string	""

roles.privileges.resource.collection

Collection for which the custom role actions apply. An empty string (“”) indicates that the privilege actions apply to all of the database’s collections.

Value type	Example
string	""

roles.privileges.resource.cluster

If true, the custom role actions apply to all databases and collections in the MongoDB deployment. False by default. If set to true, values for roles.privileges.resource.db and roles.privileges.resource.collection shouldn’t be provided.

Value type	Example
boolean	true

roles.roles

An array of roles (with names of the role and the database) from which this role inherits privileges, if any.

Value type	Example
subdoc	role: read db: admin

Users section

The users section in the deploy/cr.yaml file contains various configuration options to configure custom MongoDB users via the Custom Resource.

users.name

The username of the MongoDB user.

Value type	Example
string	my-user

users.db

Database that the user authenticates against.

Value type	Example
string	admin

users.passwordSecretRef.name

Name of the secret that contains the user’s password. If passwordSecretRef is not present, password will be generated automatically.

Value type	Example
string	my-user-password

users.passwordSecretRef.key

Key in the secret that corresponds to the value of the user’s password (password by default).

Value type	Example
string	password

users.roles.role.name

Name of the MongoDB role assigned to the user. As built-in roles, so custom roles are supported.

Value type	Example
string	clusterAdmin

users.roles.role.db

Database that the MongoDB role applies to.

Value type	Example
string	admin

Backup Section

The backup section in the deploy/cr.yaml file contains the following configuration options for the regular Percona Server for MongoDB backups.

backup.enabled

Enables or disables making backups.

Value type	Example
boolean	true

backup.image

The Percona Server for MongoDB Docker image to use for the backup.

Value type	Example
string	percona/percona-server-mongodb-operator:1.20.0-backup

backup.serviceAccountName

Name of the separate privileged service account for backups; service account for backups is not used by the Operator any more, and the option is deprecated since the Operator version 1.16.0.

Value type	Example
string	percona-server-mongodb-operator

backup.annotations

The Kubernetes annotations metadata for the backup job.

Value type	Example
string	sidecar.istio.io/inject: "false"

backup.resources.limits.cpu

Kubernetes CPU limit for backups.

Value type	Example
string	300m

backup.resources.limits.memory

Kubernetes Memory limit for backups.

Value type	Example
string	1.2G

backup.resources.requests.cpu

The Kubernetes CPU requests for backups.

Value type	Example
string	300m

backup.resources.requests.memory

The Kubernetes Memory requests for backups.

Value type	Example
string	1G

‘backup.containerSecurityContext’

A custom Kubernetes Security Context for a Container to be used instead of the default one.

Value type	Example
subdoc	privileged: false

backup.storages.STORAGE-NAME.main

Marks the storage as main. All other storages you define are added as profiles. The Operator saves backups to all storages but it saves oplog chunks for point-in-time recovery only to the main storage. You can define only one storage as main. Read more about multiple storages for backups.

Value type	Example
boolean	true

backup.storages.STORAGE-NAME.type

The cloud storage type used for backups. Only s3, azure, and filesystem types are supported.

Value type	Example
string	s3

backup.storages.STORAGE-NAME.s3.insecureSkipTLSVerify

Enable or disable verification of the storage server TLS certificate. Disabling it may be useful e.g. to skip TLS verification for private S3-compatible storage with a self-issued certificate.

Value type	Example
boolean	true

backup.storages.STORAGE-NAME.s3.credentialsSecret

The Kubernetes secret for backups. It should contain AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY keys.

Value type	Example
string	my-cluster-name-backup-s3

backup.storages.STORAGE-NAME.s3.bucket

The Amazon S3 bucket name for backups.

Value type	Example
string

backup.storages.STORAGE-NAME.s3.prefix

The path (sub-folder) to the backups inside the bucket .

Value type	Example
string	""

backup.storages.STORAGE-NAME.s3.uploadPartSize

The size of data chunks in bytes to be uploaded to the storage bucket (10 MiB by default).

Value type	Example
int	10485760

backup.storages.STORAGE-NAME.s3.maxUploadParts

The maximum number of data chunks to be uploaded to the storage bucket (10000 by default).

Value type	Example
int	10000

backup.storages.STORAGE-NAME.s3.storageClass

The storage class name of the S3 storage.

Value type	Example
string	STANDARD

backup.storages.STORAGE-NAME.s3.retryer.numMaxRetries

The maximum number of retries to upload data to S3 storage.

Value type	Example
int	3

backup.storages.STORAGE-NAME.s3.retryer.minRetryDelay

The minimum time in milliseconds to wait till the next retry.

Value type	Example
int	10

backup.storages.STORAGE-NAME.s3.retryer.maxRetryDelay

The maximum time in minutes to wait till the next retry.

Value type	Example
int	5

backup.storages.STORAGE-NAME.s3.region

The AWS region to use. Please note this option is mandatory for Amazon and all S3-compatible storages.

Value type	Example
string	us-east-1

backup.storages.STORAGE-NAME.s3.endpointUrl

The URL of the S3-compatible storage to be used (not needed for the original Amazon S3 cloud).

Value type	Example
string

backup.storages.STORAGE-NAME.s3.serverSideEncryption.kmsKeyID

The ID of the key stored in the AWS KMS used by the Operator for backups server-side encryption

Value type	Example
string	""

backup.storages.STORAGE-NAME.s3.serverSideEncryption.sseAlgorithm

The key management mode used for backups server-side encryption with the encryption keys stored in AWS KMS - aws:kms is the only supported value for now.

Value type	Example
string	aws:kms

backup.storages.STORAGE-NAME.s3.serverSideEncryption.sseCustomerAlgorithm

The key management mode for backups server-side encryption with customer-provided keys - AES256 is the only supported value for now.

Value type	Example
string	AES256

backup.storages.STORAGE-NAME.s3.serverSideEncryption.sseCustomerKey

The locally-stored base64-encoded custom encryption key used by the Operator for backups server-side encryption on S3-compatible storages.

Value type	Example
string	""

backup.storages.STORAGE-NAME.azure.credentialsSecret

The Kubernetes secret for backups. It should contain AZURE_STORAGE_ACCOUNT_NAME and AZURE_STORAGE_ACCOUNT_KEY |

Value type	Example
string	my-cluster-azure-secret

backup.storages.STORAGE-NAME.azure.container

Name of the container for backups.

Value type	Example
string	my-container

backup.storages.STORAGE-NAME.azure.prefix

The path (sub-folder) to the backups inside the container .

Value type	Example
string	""

‘backup.storages.STORAGE-NAME.azure.endpointUrl’

The private endpoint URL to use instead of the public endpoint.

Value type	Example
string	https://accountName.blob.core.windows.net

backup.storages.STORAGE-NAME.filesystem.path

The mount point for a remote filesystem configured to store backups.

Value type	Example
string	/mnt/nfs/

backup.volumeMounts.mountPath

Mount path for the remote backup storage.

Value type	Example
string	/mnt/nfs/

backup.volumeMounts.name

Name of the remote backup storage.

Value type	Example
string	backup-nfs

backup.pitr.enabled

Enables or disables point-in-time-recovery functionality.

Value type	Example
boolean	false

backup.pitr.oplogOnly

If true, Percona Backup for MongoDB saves oplog chunks even without the base logical backup snapshot (oplog chunks without a base backup can’t be used with logical backups to restore a backup by the Operator, but can still be useful for manual restore operations ).

Value type	Example
boolean	false

backup.pitr.oplogSpanMin

Number of minutes between the uploads of oplogs.

Value type	Example
int	10

backup.pitr.compressionType

The point-in-time-recovery chunks compression format, can be gzip, snappy, lz4, pgzip, zstd, s2, or none .

Value type	Example
string	gzip

backup.pitr.compressionLevel

The point-in-time-recovery chunks compression level (higher values result in better but slower compression ).

Value type	Example
int	6

backup.configuration.backupOptions.priority

The list of mongod nodes and their priority for making backups.

Value type	Example
subdoc	“localhost:28019”: 2.5 “localhost:27018”: 2.5

backup.configuration.backupOptions.timeouts.startingStatus

The wait time in seconds Percona Backup for MongoDB should use to start physical backups on all shards. The 0 (zero) value resets the timeout to the default 33 seconds.

Value type	Example
int	33

backup.configuration.backupOptions.oplogSpanMin

The duration (in minutes) of oplog slices saved by Percona Backup for MongoDB with the logical backup snapshot.

Value type	Example
int	10

backup.configuration.restoreOptions.batchSize

The number of documents Percona Backup for MongoDB should buffer.

Value type	Example
int	500

backup.configuration.restoreOptions.numInsertionWorkers

The number of workers that Percona Backup for MongoDB should use to add the documents to buffer.

Value type	Example
int	10

backup.configuration.restoreOptions.numDownloadWorkers

The number of workers that Percona Backup for MongoDB should use to request data chunks from the storage during the restore.

Value type	Example
int	4

backup.configuration.restoreOptions.maxDownloadBufferMb

The maximum size of the in-memory buffer that Percona Backup for MongoDB should use use when downloading files from the S3 storage.

Value type	Example
int	0

backup.configuration.restoreOptions.downloadChunkMb

The size of the data chunk in MB, that Percona Backup for MongoDB should use when downloading from the S3 storage.

Value type	Example
int	32

backup.configuration.restoreOptions.mongodLocation

The custom path to mongod binaries which Percona Backup for MongoDB should use during restore.

Value type	Example
string	/usr/bin/mongo

backup.configuration.restoreOptions.mongodLocationMap

The list of custom paths to mongod binaries on every node, which Percona Backup for MongoDB should use during restore.

Value type	Example
subdoc	“node01:2017”: /usr/bin/mongo “node03:27017”: /usr/bin/mongo

backup.tasks.name

The name of the backup.

Value type	Example
string

backup.tasks.enabled

Enables or disables this exact backup.

Value type	Example
boolean	true

backup.tasks.schedule

The scheduled time to make a backup, specified in the crontab format .

Value type	Example
string	0 0 \* \* 6

backup.tasks.keep

The amount of most recent backups to store. Older backups are automatically deleted. Set keep to zero or completely remove it to disable automatic deletion of backups.

Value type	Example
int	3

backup.tasks.storageName

The name of the S3-compatible storage for backups, configured in the storages subsection.

Value type	Example
string	st-us-west

backup.tasks.compressionType

The backup compression format, can be gzip, snappy, lz4, pgzip, zstd, s2, or none .

Value type	Example
string	gzip

backup.tasks.compressionLevel

The backup compression level (higher values result in better but slower compression ).

Value type	Example
int	6

backup.tasks.type

The backup type: (can be either logical (default) or physical; see the Operator backups official documentation for details.

Value type	Example
string	physical

---

Last update: 2025-05-20