v2.0.1

What's Changed

!!! Warning, this release contains breaking changes !!!

Breaking changes

• Improve snapshot distribution management by @helderjs in #1168
  To enable an AtlasBackupSchedule custom resource to be reused by multiple deployments managed by the operator, we have removed replicationSpecId from the AtlasBackupSchedule custom resource. It will now be automatically set for every deployment that references it. As a result of this change, replicationSpecId is no longer configurable in an AtlasBackupSchedule and should be removed.
• Add deletion protection feature by @helderjs in #1173 See: https://www.mongodb.com/docs/atlas/atlas-operator/#new-default--deletion-protection-in-ak8so-2.0
  With Atlas Kubernetes Operator 2.0, custom resources you delete in Kubernetes are no longer deleted in Atlas by default. Instead, Atlas Kubernetes Operator simply stops managing those resources - avoiding destructive change. The old behavior can be reverted. More info https://www.mongodb.com/docs/atlas/atlas-operator/#new-default--deletion-protection-in-ak8so-2.0
• Remove legacy deployment by @igor-karpukhin in #1182
  In order to standardize on one deployment type (for non-serverless deployments), we have removed the notion of advancedDeploymentSpec. All deployment options are now supported as part of the deploymentSpec. For the AtlasDeployment resource, the following things were changed:
  spec.deploymentSpec - now contains all fields from the spec.advancedDeploymentSpec.
  spec.advancedDeploymentSpec - is gone. If you used advancedDeploymentSpec before, the only change you need to make is to rename the advancedDeploymentSpec to deploymentSpec in the AtlasDeployment resource. If you used deploymentSpec, you will need to rewrite it to advancedDeploymentSpec format.
• Force secretRef fields for EncryptionAtREST and AlertConfiguration features by @roothorp in #1203 . This forces use of secrets for all credentials to promote security best practices.
  The following API secrets and credentials were moved from the AtlasProject custom resource to Secrets. Credentials and API secrets should now be stored in Secrets and referenced from the AtlasProject custom resource. The following fields were replaced:
  For the .spec.alertConfiguration.notifications:
  APIToken -> APITokenRef
DatadogAPIKey -> DatadogAPIKeyRef
FlowdockTokenAPI -> FlowdockTokenAPIRef
OpsGenieAPIKey -> OpsGenieAPIKeyRef
VictorOpsAPIKey -> VictorOpsSecretRef
VictorOpsRoutingKey -> VictorOpsSecretRef (expected to have both VictorOps values)
  For the .spec.encryptionAtRest:
  • For AWS:
    AccessKeyID, SecretAccessKey, CustomerMasterKeyID and RoleID -> secretRef (expected to contain all those fields with values). Note: although there are fields AccessKeyID, SecretAccessKey they can only be provided for AtlasProject resources that had them before. New projects required to configure CloudProviderAccessRoles feature to enable the Encryption at REST for AWS.
  • For Azure:
    SubscriptionID, KeyVaultName, KeyIdentifier, Secret -> secretRef (expected to contain all those fields with values)
  • For GCP:
    ServiceAccountKey, KeyVersionResourceID -> secretRef (expected to contain all those fields with values)

Fixes

• Fixed resource version label by @igor-karpukhin in #1209
• Put go context within workflow.Context by @josvazg in #1152
• Replace github.com/pborman/uuid with github.com/google/uuid by @gssbzn in #1187
• Bump google.golang.org/api from 0.143.0 to 0.146.0 by @dependabot in #1159
• Bump github.com/aws/aws-sdk-go from 1.45.20 to 1.45.24 by @dependabot in #1160
• Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.7.2 to 1.8.0 by @dependabot in #1163
• Bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #1162
• Bump github.com/onsi/ginkgo/v2 from 2.12.1 to 2.13.0 by @dependabot in #1161
• Bump go.mongodb.org/atlas from 0.33.0 to 0.34.0 by @dependabot in #1174
• Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.3.1 to 1.4.0 by @dependabot in #1175
• Bump github.com/aws/aws-sdk-go from 1.45.24 to 1.45.26 by @dependabot in #1176
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #1177
• Bump cloud.google.com/go/compute from 1.23.0 to 1.23.1 by @dependabot in #1178
• Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #1169
• Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 by @dependabot in #1189
• Bump google.golang.org/api from 0.146.0 to 0.148.0 by @dependabot in #1192
• Bump docker/login-action from 2 to 3 by @dependabot in #1194
• Bump cloud.google.com/go/kms from 1.15.2 to 1.15.3 by @dependabot in #1193
• Bump google.golang.org/grpc from 1.58.2 to 1.58.3 in /tools/clean by @dependabot in #1200
• Bump cloud.google.com/go/compute from 1.23.1 to 1.23.2 by @dependabot in #1204
• Bump cloud.google.com/go/kms from 1.15.3 to 1.15.4 by @dependabot in #1205
• Bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in #1206
• Bump github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault from 1.2.0 to 1.3.0 by @dependabot in #1207
• Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.46.7 by @dependabot in #1208
• Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.8.0 to 1.9.0 by @dependabot in #1214
• Bump cloud.google.com/go/kms from 1.15.4 to 1.15.5 by @dependabot in #1215
• Bump github.com/aws/aws-sdk-go from 1.46.7 to 1.47.4 by @dependabot in #1216
• Bump go.mongodb.org/atlas from 0.34.0 to 0.35.0 by @dependabot in #1217
• Bump google.golang.org/api from 0.148.0 to 0.150.0 by @dependabot in #1218

New Contributors

• @slaskawi made their first contribution in #1145

Full Changelog: v1.9.0...v2.0.0

MongoDB Atlas Operator v1.9.1

Fixes

• Minor update fixing some missing permissions for Atlas Federated Authentication Resources (#1198)

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.9.0

MongoDB Atlas Operator v1.9.0

Attention

• Duplicate Alert Configurations are now rejected by Validation (#1148).

Fixes

• Fixed a bug duplicating Projects listed in Teams Status (#1139).
• Refactor IPAccessList reconciliation flow to avoid unneeded recreation (#1121)
• Fixed backup schedule repeatedly updating (#1136).

New

• Atlas Federated Auth Custom Resources can be specified for Identity Providers already registered in Atlas
• Atlas Goverment deployments must configure the Gov endpoint accordingly. Only AWS is supported as a provider
• Support for Deployment Resource Tagging
• New arguments to serverless for continuous backups and termination protection
• Improved validation and handling of autoscaling reporting
• Provide guidance on using 3rd party secret management tools with the Atlas Operator to support external key management systems
• Use UBI micro base image instead of minimal - smaller base image with fewer dependencies

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.8.2

MongoDB Atlas Operator v1.8.2

Operator Changes

AtlasProject Resource

• Fixed a problem with constant Auditing reconciliations (#1081)
• Fixed a problem with incorrect reconciliation for CustomRoles (#1096)

AtlasDeployment Resource

• Fixed a problem with removing AtlasBackupSchedule resources that were referenced by AtalsDeployment resources (#1082)

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.8.1

MongoDB Atlas Operator v1.8.1

Operator Changes

• Atlas client version bumped up to v0.32.0 (#1077)

AtlasProject Resource

• Fixed missing watchers for Integrations secrets (#1021)
• Encryption at REST feature: credentials for cloud providers can now be stored in secrets instead of the AtlasProject CR (#1045)
• Encryption at REST feature: fixed GCP credentials validation (#1008)

AtlasDeployment Resource

AtlasDatabaseUser Resource

• Fixed missing PE connection string for SHARDED clusters (#1062)

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.8.0

MongoDB Atlas Operator v1.8.0

Operator Changes

• Fix encryption at REST aws.roleID (#987)
• Support optional secrets for Alerts Configuration (#1002)

AtlasDataFederation Resource

• Support to manage Data Federation deployments (#943)

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.7.2

MongoDB Atlas Operator v1.7.2

Operator Changes

• Internally use only Atlas Advanced Cluster API (#825)

AtlasDeployment Resource

• Fix connection secret generation for different namespaces (#914)
• Fix Backup Auto Export configuration (#923)

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.7.1

MongoDB Atlas Operator v1.7.1

Operator Changes

• Atlas operator now won't print credentials in logs #907

Fixes CVE-2023-0436: Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0.
Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version.
Required Configuration:

DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27)

CVSS: 4.5
CWE-532 Insertion of Sensitive Information into Log File

AtlasBackupSchedule Resource

• Fixed broken export field #897

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.7.0

MongoDB Atlas Operator v1.7.0

Operator Changes

• Added Openshift 4.12 compatibility

AtlasProject Resource

• Project can refer to a connection secret in a different namespace (#866)
• Support for multiple private endpoints per single provider and region & Store all private endpoints connection strings (#877)
• Fix for not working Encryption at REST for Google KMS #838

AtlasDeployment Resource

• autoIndexingEnabled field marked as deprecated (#874)
• Snapshot distribution (#870)

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

v1.6.1

MongoDB Atlas Operator v1.6.1

AtlasProject Resource

• Remove ip access list validator #852 (#851)

AtlasDeployment Resource

• Fixed BackupSchedule reconciliation #854

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator