[K8SPSMDB-596] remove spec.mongod section and move encryptionKeySecret to new variable - Percona JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Done
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.0
Component/s: None
Labels:
None

Needs QA:
Yes
Needs Doc:
Yes
Needs Deploy:
Yes

Description

As per https://jira.percona.com/browse/PSPEC-9 we have deprecated spec.mongod section.

In 1.12 release we are going to remove it, and only keep:

  mongod:
    security:
      encryptionKeySecret: my-cluster-name-mongodb-encryption-key

We keep it for backward compatibility and introduce new variable instead:

spec:
  secrets:
    encryptionKey:

See ITD 3.1 in spec for more details.

The key is always generated.
Encryption is enabled by default, but can be disabled by the user through the configuration section.
If both spec.secrets.encryptionKey and mongod.security.encryptionKey are specified, then spec.secrets.encryptionKey has more priority and should be used.

We give users time till release 1.14 to migrate to the new option and remove the mongod section completely in 1.14.

Attachments

Activity

People

Assignee:: Andrii Dema

Reporter:: Sergey Pronin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Nov/21 12:07 PM

Updated:: 05/May/22 3:51 PM

Resolved:: 20/Dec/21 11:54 AM

Smart Checklist