New to KubeDB? Please start here.
Reconfiguring TLS of MongoDB Database
This guide will give an overview on how KubeDB Ops-manager operator reconfigures TLS configuration i.e. add TLS, remove TLS, update issuer/cluster issuer or Certificates and rotate the certificates of a MongoDB database.
Before You Begin
- You should be familiar with the following
KubeDBconcepts:
How Reconfiguring MongoDB TLS Configuration Process Works
The following diagram shows how KubeDB Ops-manager operator reconfigures TLS of a MongoDB database. Open the image in a new tab to see the enlarged version.
The Reconfiguring MongoDB TLS process consists of the following steps:
At first, a user creates a
MongoDBCustom Resource Object (CRO).KubeDBProvisioner operator watches theMongoDBCRO.When the operator finds a
MongoDBCR, it creates required number ofPetSetsand related necessary stuff like secrets, services, etc.Then, in order to reconfigure the TLS configuration of the
MongoDBdatabase the user creates aMongoDBOpsRequestCR with desired information.KubeDBOps-manager operator watches theMongoDBOpsRequestCR.When it finds a
MongoDBOpsRequestCR, it pauses theMongoDBobject which is referred from theMongoDBOpsRequest. So, theKubeDBProvisioner operator doesn’t perform any operations on theMongoDBobject during the reconfiguring TLS process.Then the
KubeDBOps-manager operator will add, remove, update or rotate TLS configuration based on the Ops Request yaml.Then the
KubeDBOps-manager operator will restart all the Pods of the database so that they restart with the new TLS configuration defined in theMongoDBOpsRequestCR.After the successful reconfiguring of the
MongoDBTLS, theKubeDBOps-manager operator resumes theMongoDBobject so that theKubeDBProvisioner operator resumes its usual operations.
In the next docs, we are going to show a step by step guide on reconfiguring TLS configuration of a MongoDB database using MongoDBOpsRequest CRD.