Qlik Sense Enterprise on Kubernetes uses MongoDB as a database for persisting content for several services (excluding Qlik Sense app files).
By default, a pre-configured MongoDB Community Edition is added during the installation of Qlik Sense Enterprise on Kubernetes (QSEoK). This is only intended to be used for quick start, testing and evaluation purposes. If you use this version, your
You can set up a production-ready MongoDB environment in the following ways:
- Deploy a separate
- Use a
Configuring the MongoDB connection
When installing QSEoK you can specify your
- A parameter in the helm install command.
- Referencing the connecting settings in a values.yaml and using this in the helm install command.
Using CLI paramaters
You can extend the basic helm install command by setting the following properties:
- Set the devMode.enabled value to false to disable development mode.
- Set the mongodb.uri value with the connection string to
Example:
helm upgrade \
--install qliksense qlik/qliksense \
--set mongodb.uri=<your-connection-string>,engine.acceptEULA="yes"Example: Connection URI format
The connection string format will vary depending on the configuration used. This format will be different if using a Kubernetes secret to connect with.
mongodb://user:password@mongodbhost:port/databasenameReferencing values.yaml
Create the values.yaml file and include the settings you want to reference in the helm install command.
- Set the devMode.enabled value to false to disable development mode.
- Set the mongodb.uri value with the connection string to
Example: values.yaml
engine:
acceptEULA: "yes"
devMode:
enabled: false
mongodb:
uri: "<your-connection-string>"
identity-providers:
secrets:
idpConfigs:
- <your IdP configuration here>The values.yaml file is then referenced in the helm install command:
helm upgrade \
--install qliksense qlik/qliksense \
-f values.yamlConnecting to MongoDB with SSL
You can set up an Secure Sockets Layer (SSL) connection to the MongoDB repository database.
The MongoDB server must have been set with an SSL certificate and allow SSL connections.
Add ?ssl=true to end of the connection URI to connect the MongoDB repository database with SSL.
devMode:
enabled: false
mongodb:
uri: <your-connection-string>?ssl=trueIf the MongoDB database is set up with a self-signed certificate or certificates not issued by a public Certificate Authority (CA), the CA certificate chain needs to be added in the values.yaml file:
global:
certs:
enabled: true
configMap:
create: true
name: "{{ .Release.Name }}-ca-certs"
certs: |+
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIQANxWuceSqgA8h3fJ1Q7ZiTANBgkqhkiG9w0BAQsFADAm
MSQwIgYDVQQDDBtRbGlrU2VydmVyMi5kb21haW4ubG9jYWwtQ0EwHhcNMTcwOTA5
MTA1NjMwWhcNMjcwOTE2MTA1NjMwWjAmMSQwIgYDVQQDDBtRbGlrU2VydmVyMi5k
b21haW4ubG9jYWwtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ
mnjqNBml1RU6vbRlakPNrCasFZSherijN4Rzj54BMb0cljC2ZfOnve2ZS5k27Dp9
Yt/S30B6MQTRNZBCOCOw3jqnOW87iemxhoE713EkF+zNcWnhHRA53+be1iIhV+kE
fyFl6/4QQmUmZo2hu6gIajmdtZvM/CgjiPdF5a6KQp4WHA339afuIMR5KQe1Qt7E
xqaTbh7niOJEXZXSHcbT80sFam4O36rGMpjuseDbJgsIlLGSw1QwnIxWf+bFlbiD
+2XJclAVXt+BCrsYfBXd3akLDulStW+X9SFFqX1V8+rkDdOV8lffaNhN6K4HQeBG
...
LmIMzgUM9+baRYUwC552X6+szY55xqY210yjFGSqrZDyyrJMi9RhDhSL1ZqIIJDm
kpjNMY87Qa/c2slWTjg9lE/550nBFZfQoD1zODVALCil9Tlb43wRsn8nMdD4U6Qz
cgYfPkhRw2oUZuZwTmPOIYMrWPmmGXY4T9lZrq5afS7p+et1TKXZEZAC7akXDYL4
CRjjXsfxmDaxy8sefg+L0nHgvESc1hWEBD2LlVVWbZCFi4MrwkkDyik5NWu6GkN2
2xi+CJX3EBhHb1aFVDGd5dBSv3agXatsAnUMzxquuvtKbrURbMfyPCyiAZwlG9AN
-----END CERTIFICATE-----Reference
- enabled: enables (true) or disables (false) the usage of a global CA certificate.
- create: enables (true) or disables (false) the creation of a CA certificate configMap.
- name: the templated CA certificate configMap name based on the release name.
- certs: the global CA certificate chain. This replaces any existing CA trust chain.