You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
New to KubeDB? Please start here.
This guide will give an overview on how KubeDB Ops-manager operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a MongoDB
database.
KubeDB
concepts:The following diagram shows how KubeDB Ops-manager operator reconfigures TLS of a MongoDB
database. Open the image in a new tab to see the enlarged version.
The Reconfiguring MongoDB TLS process consists of the following steps:
At first, a user creates a MongoDB
Custom Resource Object (CRO).
KubeDB
Provisioner operator watches the MongoDB
CRO.
When the operator finds a MongoDB
CR, it creates required number of StatefulSets
and related necessary stuff like secrets, services, etc.
Then, in order to reconfigure the TLS configuration of the MongoDB
database the user creates a MongoDBOpsRequest
CR with desired information.
KubeDB
Ops-manager operator watches the MongoDBOpsRequest
CR.
When it finds a MongoDBOpsRequest
CR, it pauses the MongoDB
object which is referred from the MongoDBOpsRequest
. So, the KubeDB
Provisioner operator doesn’t perform any operations on the MongoDB
object during the reconfiguring TLS process.
Then the KubeDB
Ops-manager operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.
Then the KubeDB
Ops-manager operator will restart all the Pods of the database so that they restart with the new TLS configuration defined in the MongoDBOpsRequest
CR.
After the successful reconfiguring of the MongoDB
TLS, the KubeDB
Ops-manager operator resumes the MongoDB
object so that the KubeDB
Provisioner operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a MongoDB database using MongoDBOpsRequest
CRD.