Configuring MongoDB in Qlik Sense Enterprise on Kubernetes

Qlik Sense Enterprise on Kubernetes uses MongoDB as a database for persisting content for several services (excluding Qlik Sense app files).

By default, a pre-configured MongoDB Community Edition is added during the installation of Qlik Sense Enterprise on Kubernetes (QSEoK). This is only intended to be used for quick start, testing and evaluation purposes. If you use this version, your MongoDB data may be lost if the Kubernetes cluster is updated.

You can set up a production-ready MongoDB environment in the following ways:

  • Deploy a separate MongoDB server or cluster along-side Qlik Sense.
  • Use a MongoDB DBaaS provider (such as MongoDB Atlas or mlab)

Configuring the MongoDB connection

When installing QSEoK you can specify your MongoDB connection as follows:

  • A parameter in the helm install command.
  • Referencing the connecting settings in a values.yaml and using this in the helm install command.

Using CLI paramaters

You can extend the basic helm install command by setting the following properties:

  • Set the devMode.enabled value to false to disable development mode.
  • Set the mongodb.uri value with the connection string to MongoDB.

Example:  

helm upgrade \
    --install qliksense qlik/qliksense \
    --set mongodb.uri=<your-connection-string>,engine.acceptEULA="yes"

Example: Connection URI format

The connection string format will vary depending on the configuration used. This format will be different if using a Kubernetes secret to connect with.

mongodb://user:password@mongodbhost:port/databasename
Note: Some services assume that SSL is enabled in MongoDB. If SSL is not being used then add ?ssl=false to end of the connection URI.

Referencing values.yaml

Create the values.yaml file and include the settings you want to reference in the helm install command.

  • Set the devMode.enabled value to false to disable development mode.
  • Set the mongodb.uri value with the connection string to MongoDB.

Example: values.yaml

engine:
  acceptEULA: "yes"

devMode:
  enabled: false
mongodb:
  uri: "<your-connection-string>"

identity-providers:
  secrets:
    idpConfigs:
      - <your IdP configuration here>

The values.yaml file is then referenced in the helm install command:

helm upgrade \
  --install qliksense qlik/qliksense \
  -f values.yaml

Connecting to MongoDB with SSL

You can set up an Secure Sockets Layer (SSL) connection to the MongoDB repository database.

Note: Works on Qlik Sense Enterprise on Kubernetes June 2019 and later.

The MongoDB server must have been set with an SSL certificate and allow SSL connections.

Add ?ssl=true to end of the connection URI to connect the MongoDB repository database with SSL.

devMode:
  enabled: false

mongodb:
  uri: <your-connection-string>?ssl=true

If the MongoDB database is set up with a self-signed certificate or certificates not issued by a public Certificate Authority (CA), the CA certificate chain needs to be added in the values.yaml file:

global:
  certs:
    enabled: true
    configMap:
      create: true
      name: "{{ .Release.Name }}-ca-certs"
      certs: |+
        -----BEGIN CERTIFICATE-----
        MIIDLDCCAhSgAwIBAgIQANxWuceSqgA8h3fJ1Q7ZiTANBgkqhkiG9w0BAQsFADAm
        MSQwIgYDVQQDDBtRbGlrU2VydmVyMi5kb21haW4ubG9jYWwtQ0EwHhcNMTcwOTA5
        MTA1NjMwWhcNMjcwOTE2MTA1NjMwWjAmMSQwIgYDVQQDDBtRbGlrU2VydmVyMi5k
        b21haW4ubG9jYWwtQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ
        mnjqNBml1RU6vbRlakPNrCasFZSherijN4Rzj54BMb0cljC2ZfOnve2ZS5k27Dp9
        Yt/S30B6MQTRNZBCOCOw3jqnOW87iemxhoE713EkF+zNcWnhHRA53+be1iIhV+kE
        fyFl6/4QQmUmZo2hu6gIajmdtZvM/CgjiPdF5a6KQp4WHA339afuIMR5KQe1Qt7E
        xqaTbh7niOJEXZXSHcbT80sFam4O36rGMpjuseDbJgsIlLGSw1QwnIxWf+bFlbiD
        +2XJclAVXt+BCrsYfBXd3akLDulStW+X9SFFqX1V8+rkDdOV8lffaNhN6K4HQeBG
        ...
        LmIMzgUM9+baRYUwC552X6+szY55xqY210yjFGSqrZDyyrJMi9RhDhSL1ZqIIJDm
        kpjNMY87Qa/c2slWTjg9lE/550nBFZfQoD1zODVALCil9Tlb43wRsn8nMdD4U6Qz
        cgYfPkhRw2oUZuZwTmPOIYMrWPmmGXY4T9lZrq5afS7p+et1TKXZEZAC7akXDYL4
        CRjjXsfxmDaxy8sefg+L0nHgvESc1hWEBD2LlVVWbZCFi4MrwkkDyik5NWu6GkN2
        2xi+CJX3EBhHb1aFVDGd5dBSv3agXatsAnUMzxquuvtKbrURbMfyPCyiAZwlG9AN
        -----END CERTIFICATE-----

Reference

  • enabled: enables (true) or disables (false) the usage of a global CA certificate.
  • create: enables (true) or disables (false) the creation of a CA certificate configMap.
  • name: the templated CA certificate configMap name based on the release name.
  • certs: the global CA certificate chain. This replaces any existing CA trust chain.

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?