Releases: mongodb/mongodb-atlas-kubernetes
Releases · mongodb/mongodb-atlas-kubernetes
v1.9.3
v1.7.3
MongoDB Atlas Operator v1.7.3
Operator Changes
- Move
leases.coordination.k8s.ioto its own proxy-role rule (#947)
AtlasProject Resource
- Added
IsExtendedStorageSizesEnabledfield to thesettingssection (#936) - Bumped up Go version to 1.20 (#936)
AtlasDeployment Resource
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator
v2.0.1
What's Changed
!!! Warning, this release contains breaking changes !!!
Breaking changes
- Improve snapshot distribution management by @helderjs in #1168
To enable anAtlasBackupSchedulecustom resource to be reused by multiple deployments managed by the operator, we have removedreplicationSpecIdfrom theAtlasBackupSchedulecustom resource. It will now be automatically set for every deployment that references it. As a result of this change,replicationSpecIdis no longer configurable in anAtlasBackupScheduleand should be removed. - Add deletion protection feature by @helderjs in #1173 See: https://www.mongodb.com/docs/atlas/atlas-operator/#new-default--deletion-protection-in-ak8so-2.0
With Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer deleted in Atlas by default. Instead, Atlas Kubernetes Operator simply stops managing those resources - avoiding destructive change. The old behavior can be reverted. More info https://www.mongodb.com/docs/atlas/atlas-operator/#new-default--deletion-protection-in-ak8so-2.0 - Remove legacy deployment by @igor-karpukhin in #1182
In order to standardize on one deployment type (for non-serverless deployments), we have removed the notion ofadvancedDeploymentSpec. All deployment options are now supported as part of thedeploymentSpec. For the AtlasDeployment resource, the following things were changed:
spec.deploymentSpec- now contains all fields from the spec.advancedDeploymentSpec.
spec.advancedDeploymentSpec- is gone. If you usedadvancedDeploymentSpecbefore, the only change you need to make is to rename theadvancedDeploymentSpectodeploymentSpecin theAtlasDeploymentresource. If you useddeploymentSpec, you will need to rewrite it toadvancedDeploymentSpecformat. - Force
secretReffields for EncryptionAtREST and AlertConfiguration features by @roothorp in #1203 . This forces use of secrets for all credentials to promote security best practices.
The following API secrets and credentials were moved from theAtlasProjectcustom resource to Secrets. Credentials and API secrets should now be stored inSecretsand referenced from theAtlasProjectcustom resource. The following fields were replaced:
For the.spec.alertConfiguration.notifications:
APIToken->APITokenRef
DatadogAPIKey->DatadogAPIKeyRef
FlowdockTokenAPI->FlowdockTokenAPIRef
OpsGenieAPIKey->OpsGenieAPIKeyRef
VictorOpsAPIKey->VictorOpsSecretRef
VictorOpsRoutingKey->VictorOpsSecretRef(expected to have both VictorOps values)
For the.spec.encryptionAtRest:- For AWS:
AccessKeyID,SecretAccessKey,CustomerMasterKeyIDandRoleID->secretRef(expected to contain all those fields with values). Note: although there are fieldsAccessKeyID,SecretAccessKeythey can only be provided forAtlasProjectresources that had them before. New projects required to configureCloudProviderAccessRolesfeature to enable the Encryption at REST for AWS. - For Azure:
SubscriptionID,KeyVaultName,KeyIdentifier,Secret->secretRef(expected to contain all those fields with values) - For GCP:
ServiceAccountKey,KeyVersionResourceID->secretRef(expected to contain all those fields with values)
- For AWS:
Fixes
- Fixed resource version label by @igor-karpukhin in #1209
- Put go context within workflow.Context by @josvazg in #1152
- Replace github.com/pborman/uuid with github.com/google/uuid by @gssbzn in #1187
- Bump google.golang.org/api from 0.143.0 to 0.146.0 by @dependabot in #1159
- Bump github.com/aws/aws-sdk-go from 1.45.20 to 1.45.24 by @dependabot in #1160
- Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.2 to 1.8.0 by @dependabot in #1163
- Bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #1162
- Bump github.com/onsi/ginkgo/v2 from 2.12.1 to 2.13.0 by @dependabot in #1161
- Bump go.mongodb.org/atlas from 0.33.0 to 0.34.0 by @dependabot in #1174
- Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 by @dependabot in #1175
- Bump github.com/aws/aws-sdk-go from 1.45.24 to 1.45.26 by @dependabot in #1176
- Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #1177
- Bump cloud.google.com/go/compute from 1.23.0 to 1.23.1 by @dependabot in #1178
- Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #1169
- Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 by @dependabot in #1189
- Bump google.golang.org/api from 0.146.0 to 0.148.0 by @dependabot in #1192
- Bump docker/login-action from 2 to 3 by @dependabot in #1194
- Bump cloud.google.com/go/kms from 1.15.2 to 1.15.3 by @dependabot in #1193
- Bump google.golang.org/grpc from 1.58.2 to 1.58.3 in /tools/clean by @dependabot in #1200
- Bump cloud.google.com/go/compute from 1.23.1 to 1.23.2 by @dependabot in #1204
- Bump cloud.google.com/go/kms from 1.15.3 to 1.15.4 by @dependabot in #1205
- Bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in #1206
- Bump github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault from 1.2.0 to 1.3.0 by @dependabot in #1207
- Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.46.7 by @dependabot in #1208
- Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.8.0 to 1.9.0 by @dependabot in #1214
- Bump cloud.google.com/go/kms from 1.15.4 to 1.15.5 by @dependabot in #1215
- Bump github.com/aws/aws-sdk-go from 1.46.7 to 1.47.4 by @dependabot in #1216
- Bump go.mongodb.org/atlas from 0.34.0 to 0.35.0 by @dependabot in #1217
- Bump google.golang.org/api from 0.148.0 to 0.150.0 by @dependabot in #1218
New Contributors
Full Changelog: v1.9.0...v2.0.0
Contributors
gssbzn, josvazg, and 3 other contributors
Assets 3
MongoDB Atlas Operator v1.9.1
Fixes
- Minor update fixing some missing permissions for Atlas Federated Authentication Resources (#1198)
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator
v1.9.0
MongoDB Atlas Operator v1.9.0
Attention
- Duplicate Alert Configurations are now rejected by Validation (#1148).
Fixes
- Fixed a bug duplicating Projects listed in Teams Status (#1139).
- Refactor IPAccessList reconciliation flow to avoid unneeded recreation (#1121)
- Fixed backup schedule repeatedly updating (#1136).
New
- Atlas Federated Auth Custom Resources can be specified for Identity Providers already registered in Atlas
- Atlas Goverment deployments must configure the Gov endpoint accordingly. Only AWS is supported as a provider
- Support for Deployment Resource Tagging
- New arguments to serverless for continuous backups and termination protection
- Improved validation and handling of autoscaling reporting
- Provide guidance on using 3rd party secret management tools with the Atlas Operator to support external key management systems
- Use UBI micro base image instead of minimal - smaller base image with fewer dependencies
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator
v1.8.2
MongoDB Atlas Operator v1.8.2
Operator Changes
AtlasProject Resource
- Fixed a problem with constant Auditing reconciliations (#1081)
- Fixed a problem with incorrect reconciliation for CustomRoles (#1096)
AtlasDeployment Resource
- Fixed a problem with removing
AtlasBackupScheduleresources that were referenced byAtalsDeploymentresources (#1082)
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator
v1.8.1
MongoDB Atlas Operator v1.8.1
Operator Changes
- Atlas client version bumped up to v0.32.0 (#1077)
AtlasProject Resource
- Fixed missing watchers for
Integrationssecrets (#1021) Encryption at RESTfeature: credentials for cloud providers can now be stored in secrets instead of the AtlasProject CR (#1045)Encryption at RESTfeature: fixed GCP credentials validation (#1008)
AtlasDeployment Resource
AtlasDatabaseUser Resource
- Fixed missing PE connection string for SHARDED clusters (#1062)
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator
v1.8.0
MongoDB Atlas Operator v1.8.0
Operator Changes
AtlasDataFederation Resource
- Support to manage Data Federation deployments (#943)
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator
v1.7.2
MongoDB Atlas Operator v1.7.2
Operator Changes
- Internally use only Atlas Advanced Cluster API (#825)
AtlasDeployment Resource
- Fix connection secret generation for different namespaces (#914)
- Fix Backup Auto Export configuration (#923)
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator
v1.7.1
763db17
This commit was signed with the committer’s verified signature.
fabritsius
Anton
MongoDB Atlas Operator v1.7.1
Operator Changes
- Atlas operator now won't print credentials in logs #907
Fixes CVE-2023-0436: Secret logging may occur in debug mode of Atlas Operator
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0.
Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version.
Required Configuration:
DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27)
CVSS: 4.5
CWE-532 Insertion of Sensitive Information into Log File
AtlasBackupSchedule Resource
- Fixed broken
exportfield #897
The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator