MCK 1.8.0 Release Notes

New Features

• MongoDBSearch (Public Preview): The MongoDBSearch resource now supports horizontal scaling, L7 load balancing, and sharded MongoDB cluster support — significantly expanding the capabilities of full-text search and vector search on Enterprise Advanced.

  Sharded cluster support

  • The MongoDBSearch resource now supports sharded MongoDB clusters as a source, in addition to replica sets. The operator deploys a dedicated mongot group per shard and manages routing independently for each one. Both operator-managed and externally-managed sharded clusters are supported.

  Horizontal scaling and load balancing

  • Search workloads can now scale horizontally with multiple mongot replicas through spec.replicas. For replica sets, this controls the total mongot pods. For sharded clusters, it controls the number of mongot pods per shard.
  • Multi-mongot deployments require L7 load balancing. The operator can deploy and manage an Envoy proxy (spec.loadBalancer.managed) that handles gRPC stream-level balancing between mongod and mongot. Alternatively, spec.loadBalancer.unmanaged lets you bring your own proxy infrastructure.

  Security and configuration

  • Added x509 client certificate authentication for mongot-to-mongod connections through spec.source.x509, as an alternative to username and password authentication.
  • Added convention-based TLS secret naming through spec.security.tls.certsSecretPrefix, enabling automatic per-shard TLS certificate discovery. We recommend using certsSecretPrefix for new deployments.
  • Added support for custom JVM flags through spec.jvmFlags (for example, -Xms, -Xmx). If heap size flags are not configured, the operator automatically sets the heap size to half of the container's memory request.
  • Updated the default mongodb/mongodb-search image version to 0.64.0.
  • Updated the default resource requests for search pods to 2 CPUs and 4Gi of memory (previously 2 CPUs and 2G).

  For configuration examples and the full API reference, see the MongoDBSearch documentation.

Bug Fixes

• MongoDBOpsManager: Correctly handle the edge case where -admin-key was created by user and malformed. Previously the error was only presented in DEBUG log entry.
• MongoDBOpsManager: Improved readiness probe error handling and appDB agent status logging
• MongoDB: Added a 60 seconds delay before enabling backup for sharded clusters to avoid race condition between Ops Manager topology discovery and backup enablement.
• MongoDBOpsManager: Ops Manager and BackupDaemon services no longer set publishNotReadyAddresses: true. This previously caused reverse proxies (e.g. Traefik) to route traffic to NotReady pods during rolling upgrades, making Ops Manager temporarily unavailable.

Other Changes

• Container images: Merged the init-database and init-appdb init container images into a single init-database image. The init-appdb image will no longer be published and does not affect existing deployments.
  • The following Helm chart values have been removed: initAppDb.name, initAppDb.version, and registry.initAppDb. Use initDatabase.name, initDatabase.version, and registry.initDatabase instead.
  • The following environment variables have been removed: INIT_APPDB_IMAGE_REPOSITORY and INIT_APPDB_VERSION. Use INIT_DATABASE_IMAGE_REPOSITORY and INIT_DATABASE_VERSION instead.
• Helm Chart: Removed operator.baseName Helm value. This value was never intended to be consumed by operator users and was never documented. The value controls the prefix for workload RBAC resource names (mongodb-kubernetes default), but changing it could break the operator and workloads because the operator is not aware of custom prefixes. With this change, the Helm chart will no longer allow customisation and the relevant resources will be deployed with predefined names (ServiceAccount with names mongodb-kubernetes-appdb, mongodb-kubernetes-database-pods, mongodb-kubernetes-ops-manager, Role with name mongodb-kubernetes-appdb and RoleBinding with name mongodb-kubernetes-appdb).