Docs Menu
Docs Home
/
MongoDB Enterprise Kubernetes Operator
/

Configure Encryption

On this page

  • Enable HTTPS
  • Enable TLS

The Kubernetes Operator supports configuring Ops Manager to run over HTTPS.

Enable HTTPS before deploying your Ops Manager resources to avoid a situation where the Kubernetes Operator reports your resources' status as Failed.

Tip

See also:

The Kubernetes Operator supports TLS encryption. Use TLS with your MongoDB deployment to encrypt your data over the network.

The configuration in the following example enables TLS for the replica set. When TLS is enabled, all traffic between members of the replica set and clients is encrypted using TLS certificates.

To learn more about securing your MongoDB deployments using TLS, see Deploy a Replica Set.

The default TLS mode is requireTLS. You can customize it using the spec.additionalMongodConfig.net.ssl.mode configuration parameter, as shown in the following abbreviated example.

1apiVersion: mongodb.com/v1
2kind: MongoDB
3metadata:
4name: my-tls-enabled-rs
5spec:
6 type: ReplicaSet
7 members: 3
8 version: 4.4.0-ent
9
10 opsManager:
11 configMapRef:
12 name: my-project
13 credentials: my-credentials
14
15 security:
16 tls:
17 enabled: true
18 ca: <custom-ca>
19
20 ...
21 additionalMongodConfig:
22 net:
23 ssl:
24 mode: "preferSSL"

See the full TLS configuration example in replica-set.yaml in the TLS samples directory. This directory also contains sample TLS configurations for sharded clusters and standalone deployments.

Back

Apply OPA Gatekeeper Policies

Next

Configure Encryption at Rest