Configuring MongoDB in Qlik Sense Enterprise on Kubernetes
Qlik Sense Enterprise on Kubernetes uses MongoDB as a database for persisting content for several services (excluding Qlik Sense app files).
By default, a pre-configured MongoDB Community Edition is added during the installation of Qlik Sense Enterprise on Kubernetes (QSEoK). This is only intended to be used for quick start, testing and evaluation purposes. If you use this version, your MongoDB data may be lost if the Kubernetes cluster is updated.
You can set up a production-ready MongoDB environment in the following ways:
- Deploy a separate MongoDB server or cluster along-side Qlik Sense.
- Use a MongoDB DBaaS provider (such as MongoDB Atlas or mlab)
Configuring the MongoDB connection
When installing QSEoK you can specify your MongoDB connection as follows:
- A parameter in the helm install command.
- Referencing the connecting settings in a values.yaml and using this in the helm install command.
Using CLI paramaters
You can extend the basic helm install command by setting the following properties:
- Set the devMode.enabled value to false to disable development mode.
- Set the mongodb.uri value with the connection string to MongoDB.
Example:
helm upgrade \
--install qliksense qlik/qliksense \
--set mongodb.uri=<your-connection-string>,engine.acceptEULA="yes"
Example: Connection URI format
The connection string format will vary depending on the configuration used. This format will be different if using a Kubernetes secret to connect with.
mongodb://user:password@mongodbhost:port/databasename
Referencing values.yaml
Create the values.yaml file and include the settings you want to reference in the helm install command.
- Set the devMode.enabled value to false to disable development mode.
- Set the mongodb.uri value with the connection string to MongoDB.
Example: values.yaml
engine:
acceptEULA: "yes"
devMode:
enabled: false
mongodb:
uri: "<your-connection-string>"
identity-providers:
secrets:
idpConfigs:
- <your IdP configuration here>
The values.yaml file is then referenced in the helm install command:
helm upgrade \
--install qliksense qlik/qliksense \
-f values.yaml
Connecting to MongoDB with SSL
You can set up an Secure Sockets Layer (SSL) connection to the MongoDB repository database.
The MongoDB server must have been set with an SSL certificate and allow SSL connections.
Add ?ssl=true to end of the connection URI to connect the MongoDB repository database with SSL.
devMode:
enabled: false
mongodb:
uri: <your-connection-string>?ssl=true
If the MongoDB database is set up with a self-signed certificate or certificates not issued by a public Certificate Authority (CA), the CA certificate chain needs to be added in the values.yaml file:
global:
certs:
enabled: true
configMap:
create: true
name: "{{ .Release.Name }}-ca-certs"
certs: |+
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIQANxWuceSqgA8h3fJ1Q7ZiTANBgkqhkiG9w0BAQsFADAm
MSQwIgYDVQQDDBtRbGlrU2VydmVyMi5kb21haW4ubG9jYWwtQ0EwHhcNMTcwOTA5
MTA1NjMwWhcNMjcwOTE2MTA1NjMwWjAmMSQwIgYDVQQDDBtRbGlrU2VydmVyMi5k
b21haW4ubG9jYWwtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ
mnjqNBml1RU6vbRlakPNrCasFZSherijN4Rzj54BMb0cljC2ZfOnve2ZS5k27Dp9
Yt/S30B6MQTRNZBCOCOw3jqnOW87iemxhoE713EkF+zNcWnhHRA53+be1iIhV+kE
fyFl6/4QQmUmZo2hu6gIajmdtZvM/CgjiPdF5a6KQp4WHA339afuIMR5KQe1Qt7E
xqaTbh7niOJEXZXSHcbT80sFam4O36rGMpjuseDbJgsIlLGSw1QwnIxWf+bFlbiD
+2XJclAVXt+BCrsYfBXd3akLDulStW+X9SFFqX1V8+rkDdOV8lffaNhN6K4HQeBG
...
LmIMzgUM9+baRYUwC552X6+szY55xqY210yjFGSqrZDyyrJMi9RhDhSL1ZqIIJDm
kpjNMY87Qa/c2slWTjg9lE/550nBFZfQoD1zODVALCil9Tlb43wRsn8nMdD4U6Qz
cgYfPkhRw2oUZuZwTmPOIYMrWPmmGXY4T9lZrq5afS7p+et1TKXZEZAC7akXDYL4
CRjjXsfxmDaxy8sefg+L0nHgvESc1hWEBD2LlVVWbZCFi4MrwkkDyik5NWu6GkN2
2xi+CJX3EBhHb1aFVDGd5dBSv3agXatsAnUMzxquuvtKbrURbMfyPCyiAZwlG9AN
-----END CERTIFICATE-----
Reference
- enabled: enables (true) or disables (false) the usage of a global CA certificate.
- create: enables (true) or disables (false) the creation of a CA certificate configMap.
- name: the templated CA certificate configMap name based on the release name.
- certs: the global CA certificate chain. This replaces any existing CA trust chain.