Configure Encryption

Enable HTTPS

The Kubernetes Operator supports configuring Ops Manager to run over HTTPS.

Enable HTTPS before deploying your Ops Manager resources to avoid a situation where the Kubernetes Operator reports your resources' status as Failed.

Enable TLS

The Kubernetes Operator supports TLS encryption. Use TLS with your MongoDB deployment to encrypt your data over the network.

The configuration in the following example enables TLS for the replica set. When TLS is enabled, all traffic between members of the replica set and clients is encrypted using TLS certificates.

To learn more about securing your MongoDB deployments using TLS, see Deploy a Replica Set.

The default TLS mode is requireTLS. You can customize it using the spec.additionalMongodConfig.net.ssl.mode configuration parameter, as shown in the following abbreviated example.

1
apiVersion: mongodb.com/v1
2
kind: MongoDB
3
metadata:
4
name: my-tls-enabled-rs
5
spec:
6
  type: ReplicaSet
7
  members: 3
8
  version: 4.4.0-ent
9
10
 opsManager:
11
   configMapRef:
12
     name: my-project
13
 credentials: my-credentials
14
15
 security:
16
   tls:
17
     enabled: true
18
     ca: <custom-ca>
19
20
 ...
21
 additionalMongodConfig:
22
   net:
23
     ssl:
24
      mode: "preferSSL"

See the full TLS configuration example in replica-set.yaml in the TLS samples directory. This directory also contains sample TLS configurations for sharded clusters and standalone deployments.