Ops Tools
488 results found
-
Add option to disable Search Nodes reconciliation in AKO
We are using the Atlas Kubernetes Operator (v2.8.2) to manage Atlas deployments and use dedicated Search Nodes.
We would like to use the Atlas Admin API to scale up larger search nodes then scale back down after our daily processing window, but the k8s operator doesn't allow this currently. After I send an API request to scale search nodes the k8s operator waits for the search nodes to be ready and then reverts to the values set in the AtlasDeployment.
Similar to compute/disk autoscaling an "enabled" flag for the search node reconciliation would give more flexibility to leverage the Admin…
2 votes -
Encryption at REST, KMIP alternative
Hi,
Currently, for a production Setup of MongoDB EA and Ops Manager, only option to enable Encryption at REST that would cover both the Replica Set and Backups in Ops Manager, is to use 3rd party application that has KMIP engine, which by itself usually is locked behind additional costs with enterprise licensing.
I would like to suggest, that MongoDB could develop either an alternative feature for Encryption at REST which would enable anyone who has MongoDB Enterprise advanced license to have fully functional Encryption at REST for a production environment or A full KMS solution to leverage KMIP capabilities…
6 votes -
When Terminate Button is pushed in the Ops Manager UI, issue a warning
A valid UI button such as Terminate, should not cause a lot of uncertainty. Currently, when an user clicks Terminate, there is no guarantee the Terminate will complete or it will go on for hours, in some cases over days.
The user needs to be warned this uncertainty is possible and also in the warning, it should be clearly noted that the Force Terminate should not be used, as it can lead to other issues.2 votes -
custom query support for monitoring and alert
We have customers asking for having a support in Ops Manager for writing custom queries for monitoring and alerts. We raised a ticket https://support.mongodb.com/case/01503095 for that, so can please we have this feature implemented ?
1 vote -
If vaultSecretBackend enabled, Allow specifying vault role names
When we enable vaultSecretBackend, it creates default vault roles which are hardcoded in the vault package here https://github.com/mongodb/mongodb-kubernetes/blob/master/pkg/vault/vault.go#L36-L38
mongodbenterprisedatabase
mongodbenterpriseopsmanager
mongodbenterpriseappdbIt would be great if we can configure these roles through configmap in the secrets-config.yaml (https://github.com/mongodb/mongodb-kubernetes/blob/master/helm_chart/templates/secret-config.yaml)
2 votes -
If vaultSecretBackend is enabled, allow specifying the kv mount
When enabling
vaultSecretBackend, there is no option to specify the path/name of the kv engine to use within the specified vault namespace (it is hardcoded tosecret).For example: https://github.com/mongodb/mongodb-kubernetes/blob/master/pkg/vault/vault.go#L291
It would be great if we could configure this in the secret-config.yml (https://github.com/mongodb/mongodb-kubernetes/blob/master/helm_chart/templates/secret-config.yaml) in a similar way to how the base paths for the various secrets are configured (e.g.
OPERATOR_SECRET_BASE_PATH)2 votes -
Authentication mode MONGODB-OIDC
Support for authentication: MONGODB-OIDC
security:
authentication:
enabled: true
modes:
- "MONGODB-OIDC"currently we get the following error wir kuberntes operator 1.26.0, OpsManager 7.0.7 and RS 7.0.11:
Unsupported value: "MONGODB-OIDC"13 votesWork for OIDC support for Database users has started, and is expected to release around May 2025.
-
Make it possible to specify the key names in the Kubernetes Secret containing S3 access and secret access keys when configuring backups
Currently, the expected data key names in the Secrets referenced in the MongoDBOpsManager CR snippet below are hard-coded into the operator as "accessKey" and "secretKey".
apiVersion: mongodb.com/v1 kind: MongoDBOpsManager ... spec: backup: s3OpLogStores: - s3SecretRef: name: mdb-bkp-aws-s3-creds s3Stores: - s3SecretRef: name: mdb-bkp-aws-s3-credsIf the Secret's data key names were configurable, it would make life much easier for folks using the OpenShift Cloud Credentials Operator to generate S3 credentials. Maybe the CR could change to look something like this:
apiVersion: mongodb.com/v1 kind: MongoDBOpsManager ... spec: backup: s3OpLogStores: - s3SecretRef: name: mdb-bkp-aws-s3-creds accessKeyDataKeyName: aws_access_key_id s3Stores: - s3SecretRef: name: mdb-bkp-aws-s3-creds secretKeyDataKeyName: aws_secret_access_key1 vote -
Option to select the S3 Storage Class for snapshots and oplog slices
Ops Manager currently uses S3 Standard storage for all snapshot storage and oplog storage and the storage class is not configurable.
AWS has storage classes that are specifically designed for backups (lower storage costs, but higher retrieval costs) like GlacierInstantRetrieval.
We could significantly reduce costs if we could select the Storage Class that Ops Manager would use when uploading data to S3.
NOTES
It is possible to create lifecycle rules in S3 to transition the objects from Standard Storage to another Storage Class, but this transition itself incurs a cost for the objects/bytes that are transitioned. This may reduce costs…
3 votes -
atlas online archive inside ops manger on-premise
develop "atlas online archive" inside ops manger on-premise
1 vote -
Add CRD for Trigger Functions.
We would like to create a Scheduled Trigger Function for a federated database instance, and currently the Operator does not support this resouce. Do you have any future plans to support Trigger Functions with the Atlas Kubernetes Operator? Or is there any alternate solution that you would recommend?
1 vote -
Prevent aggregation queries from appearing as poorly targeted queries
When looking at query targeting aggregate group queries can show up incorrectly as poorly targeted. For example if I select all documents with a given client id and group them by null and sum a field (eg revenue) then if there are 1,000,000 documents that get summed up to return 1 agregate document then it considers the query targeting to be 1,000,000 because it scanned 1,000,000 documents and returned one. This is highly misleading however since the query used an index to find the exact 1,000,000 documents needed and then used every single one of those documents to generate the…
1 vote -
Allow alerts based on CPU iowait in OPS manager
Currently, there is no way to set alerts on CPU iowait in OPS Manager. When there's disk latency, cpu iowait usually shows an immediate and consistent spike. Alerting on cpu iowait can enable customers to promptly review and address disk latency.
1 vote -
Opsmanager API: Include Backup Id in List Restore Jobs Response that restore was triggered for
Hello,
there is already a snapshot id included in the list restore jobs response, BUT the problem arises with sharded instances: If you restore a sharded instance to a specific backup, multiple restore jobs are created (one for config server, one for each shard). Thus, the snapshot id in the list restore jobs response refers to the backup of the single component (either config server or shard) and not to the overall backup of the entire sharded instance the restore was initiated for.
Hence, you cannot map those restore jobs to the backup the restore was triggered for, which makes…
4 votes -
Add imagePullPolicy to the CRD
I want to set imagePullPolicy for every container created with the Mongo DB Commnunity Operator.
1 vote -
Add Ops Manager UI breadcrumbs to help with user navigation
Breadcrumbs show the user where they are in the Ops Manager's (webpage) hierarchy.
https://www.smashingmagazine.com/2009/03/breadcrumbs-in-web-design-examples-and-best-practices/
1 vote -
Surface Important Project Level Alerts Globally
It is easy to miss global alerts if you are just using the Ops Manager UI and not seeing the emails, or if there is an email delivery issue. In fact, alerts like "Snapshots are behind", which may be days or weeks behind, are not surfaced anywhere in the UI unless you go and dig for them. I suggest adding a count in the top nav bar for critical alerts, or even all alerts.
1 vote -
Allow SSL Cert Rotation Without Restarting The Agent
It would be great if the agent could be sent a signal to pickup a new cert, or detect the cert changed via file watchers, instead of having to restart it.
1 vote -
Separeted mongod and mongodb agent in Kubernetes Operator container
Now both mongod and agent Ops Manager are running in the mongodb-enterprise-database container. Sometimes it becomes necessary to restart the agent separately from the mongodb instance. Now this is impossible to do because systemd does not work in containers
1 voteWe have plans to have the two run separately! Though no firm timeline yet, we're hoping this year.
Right now we have two architectures. The default is a single container that pulls the binaries for the agent and MongoDB server (mongod) from Ops Manager/Cloud Manager. The other is in Private Preview (potential for breaking changes still) and is known as our Static Architecture.
Neither actually runs each in their own containers, and we're hoping to alter the static architecture to make that the case before we release it fully and make it the default.
Aside from restarting one and not the other, this would offer a more intuitive setup when configuring and troubleshooting, and align to a very future proof definition of what "static" means - where security tools are converging on blocking any significant changes to a container between the image and runtime.
-
deployment metadata resync
Ops Manager needs a way to resync deployments' metadata from the console (or command line, or API), rather than direct undocumented CURD operations in AppDB.
My reason for this suggestion:
See Case: 01438273. One of my deployments had duplicate entries for all 3 nodes. We suspect that happened because we were initially using short name hostnames in the deployment's replica set definition and later changed that to FQDN hostnames. The original entries should have been removed from the AppDB collection, but instead they remained there indicating version 4.0.26, while new ones were created, which were then successively updated as the…1 vote
- Don't see your idea?