Configure Encryption
On this page
Enable HTTPS
The Kubernetes Operator supports configuring Ops Manager to run over HTTPS.
Enable HTTPS before deploying your Ops Manager resources to avoid a situation
where the Kubernetes Operator reports your resources' status as Failed
.
Enable TLS
The Kubernetes Operator supports TLS encryption. Use TLS with your MongoDB deployment to encrypt your data over the network.
The configuration in the following example enables TLS for the replica set. When TLS is enabled, all traffic between members of the replica set and clients is encrypted using TLS certificates.
To learn more about securing your MongoDB deployments using TLS, see Deploy a Replica Set.
The default TLS mode is requireTLS
. You can customize it using the
spec.additionalMongodConfig.net.ssl.mode
configuration
parameter, as shown in the following abbreviated example.
1 apiVersion: mongodb.com/v1 2 kind: MongoDB 3 metadata: 4 name: my-tls-enabled-rs 5 spec: 6 type: ReplicaSet 7 members: 3 8 version: 4.4.0-ent 9 10 opsManager: 11 configMapRef: 12 name: my-project 13 credentials: my-credentials 14 15 security: 16 tls: 17 enabled: true 18 ca: <custom-ca> 19 20 ... 21 additionalMongodConfig: 22 net: 23 ssl: 24 mode: "preferSSL"
See the full TLS configuration example in replica-set.yaml in the TLS samples directory. This directory also contains sample TLS configurations for sharded clusters and standalone deployments.