Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

K8SPSMDB-1132: add spec.secrets.keyFile field #1639

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
+299 −59
Open

K8SPSMDB-1132: add spec.secrets.keyFile field #1639

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
b53695d
K8SPSMDB-1132: add `spec.secrets.keyFile` field
pooknull Sep 4, 2024
24a97ea
add test
pooknull Sep 9, 2024
7eb4c8f
Merge branch 'main' into dev/K8SPSMDB-1132
inelpandzic Sep 10, 2024
6ba6bbc
Merge branch 'main' into dev/K8SPSMDB-1132
hors Sep 12, 2024
e6f565f
Merge branch 'main' into dev/K8SPSMDB-1132
hors Sep 12, 2024
0e53564
use keyfile auth when secret is specified
pooknull Sep 19, 2024
c848046
Merge branch 'main' into dev/K8SPSMDB-1132
hors Sep 21, 2024
226b74f
fix
pooknull Sep 23, 2024
734662e
Merge branch 'main' into dev/K8SPSMDB-1132
inelpandzic Sep 26, 2024
cf4e799
fix mongos
pooknull Sep 26, 2024
8ae7767
Merge branch 'main' into dev/K8SPSMDB-1132
hors Sep 30, 2024
4e49c79
Merge branch 'main' into dev/K8SPSMDB-1132
hors Sep 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions config/crd/bases/psmdb.percona.com_perconaservermongodbs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8370,6 +8370,8 @@ spec:
properties:
encryptionKey:
type: string
keyFile:
type: string
ldapSecret:
type: string
sse:
Expand Down
2 changes: 2 additions & 0 deletions deploy/bundle.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9052,6 +9052,8 @@ spec:
properties:
encryptionKey:
type: string
keyFile:
type: string
ldapSecret:
type: string
sse:
Expand Down
1 change: 1 addition & 0 deletions deploy/cr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ spec:
secrets:
users: my-cluster-name-secrets
encryptionKey: my-cluster-name-mongodb-encryption-key
# keyFile: my-cluster-name-mongodb-keyfile
# vault: my-cluster-name-vault
# ldapSecret: my-ldap-secret
# sse: my-cluster-name-sse
Expand Down
2 changes: 2 additions & 0 deletions deploy/crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9052,6 +9052,8 @@ spec:
properties:
encryptionKey:
type: string
keyFile:
type: string
ldapSecret:
type: string
sse:
Expand Down
2 changes: 2 additions & 0 deletions deploy/cw-bundle.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9052,6 +9052,8 @@ spec:
properties:
encryptionKey:
type: string
keyFile:
type: string
ldapSecret:
type: string
sse:
Expand Down
219 changes: 219 additions & 0 deletions e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,219 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
annotations: {}
generation: 1
labels:
app.kubernetes.io/component: mongod
app.kubernetes.io/instance: mydb
app.kubernetes.io/managed-by: percona-server-mongodb-operator
app.kubernetes.io/name: percona-server-mongodb
app.kubernetes.io/part-of: percona-server-mongodb
app.kubernetes.io/replset: rs0
name: mydb-rs0
ownerReferences:
- controller: true
kind: PerconaServerMongoDB
name: mydb
spec:
podManagementPolicy: OrderedReady
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: mongod
app.kubernetes.io/instance: mydb
app.kubernetes.io/managed-by: percona-server-mongodb-operator
app.kubernetes.io/name: percona-server-mongodb
app.kubernetes.io/part-of: percona-server-mongodb
app.kubernetes.io/replset: rs0
serviceName: mydb-rs0
template:
metadata:
annotations: {}
labels:
app.kubernetes.io/component: mongod
app.kubernetes.io/instance: mydb
app.kubernetes.io/managed-by: percona-server-mongodb-operator
app.kubernetes.io/name: percona-server-mongodb
app.kubernetes.io/part-of: percona-server-mongodb
app.kubernetes.io/replset: rs0
spec:
containers:
- args:
- --bind_ip_all
- --auth
- --dbpath=/data/db
- --port=27017
- --replSet=rs0
- --storageEngine=wiredTiger
- --relaxPermChecks
- --sslAllowInvalidCertificates
- --clusterAuthMode=keyFile
- --keyFile=/etc/mongodb-secrets/mongodb-key
- --tlsMode=requireTLS
- --enableEncryption
- --encryptionKeyFile=/etc/mongodb-encryption/encryption-key
- --wiredTigerCacheSizeGB=0.25
- --wiredTigerIndexPrefixCompression=true
- --config=/etc/mongodb-config/mongod.conf
- --quiet
command:
- /opt/percona/ps-entry.sh
env:
- name: SERVICE_NAME
value: mydb
- name: MONGODB_PORT
value: "27017"
- name: MONGODB_REPLSET
value: rs0
envFrom:
- secretRef:
name: internal-mydb-users
optional: false
imagePullPolicy: Always
livenessProbe:
exec:
command:
- /opt/percona/mongodb-healthcheck
- k8s
- liveness
- --ssl
- --sslInsecure
- --sslCAFile
- /etc/mongodb-ssl/ca.crt
- --sslPEMKeyFile
- /tmp/tls.pem
- --startupDelaySeconds
- "7200"
failureThreshold: 4
initialDelaySeconds: 60
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
name: mongod
ports:
- containerPort: 27017
name: mongodb
protocol: TCP
readinessProbe:
exec:
command:
- /opt/percona/mongodb-healthcheck
- k8s
- readiness
- --component
- mongod
failureThreshold: 8
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 2
resources:
limits:
cpu: 300m
memory: 500M
requests:
cpu: 300m
memory: 500M
securityContext:
runAsNonRoot: true
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: mydb-custom-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
readOnly: true
- mountPath: /etc/mongodb-ssl-internal
name: ssl-internal
readOnly: true
- mountPath: /etc/mongodb-config
name: config
- mountPath: /opt/percona
name: bin
- mountPath: /etc/mongodb-encryption
name: mydb-custom-encryption-key
readOnly: true
- mountPath: /etc/users-secret
name: users-secret-file
workingDir: /data/db
dnsPolicy: ClusterFirst
initContainers:
- command:
- /init-entrypoint.sh
imagePullPolicy: Always
name: mongo-init
resources:
limits:
cpu: 300m
memory: 500M
requests:
cpu: 300m
memory: 500M
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /opt/percona
name: bin
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1001
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 60
volumes:
- name: mydb-custom-mongodb-keyfile
secret:
defaultMode: 288
optional: false
secretName: mydb-custom-mongodb-keyfile
- emptyDir: {}
name: bin
- configMap:
defaultMode: 420
name: mydb-rs0-mongod
optional: true
name: config
- name: mydb-custom-encryption-key
secret:
defaultMode: 288
optional: false
secretName: mydb-custom-encryption-key
- name: ssl
secret:
defaultMode: 288
optional: false
secretName: mydb-custom-ssl
- name: ssl-internal
secret:
defaultMode: 288
optional: true
secretName: mydb-custom-ssl-internal
- name: users-secret-file
secret:
defaultMode: 420
secretName: internal-mydb-users
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
volumeClaimTemplates:
- metadata:
name: mongod-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi
status:
phase: Pending
9 changes: 5 additions & 4 deletions e2e-tests/serviceless-external-nodes/conf/external.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,11 @@ spec:
image: percona/percona-server-mongodb:6.0.4-3
imagePullPolicy: Always
secrets:
users: mydb-users
ssl: mydb-ssl
sslInternal: mydb-ssl-internal
encryptionKey: mydb-encryption-key
users: mydb-custom-users
ssl: mydb-custom-ssl
sslInternal: mydb-custom-ssl-internal
encryptionKey: mydb-custom-encryption-key
keyFile: mydb-custom-mongodb-keyfile
replsets:

- name: rs0
Expand Down
11 changes: 7 additions & 4 deletions e2e-tests/serviceless-external-nodes/conf/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,16 @@ spec:
replsetSize: true
mongosSize: true
clusterServiceDNSMode: "Internal"
tls:
mode: requireTLS
image: percona/percona-server-mongodb:6.0.4-3
imagePullPolicy: Always
secrets:
users: mydb-users
ssl: mydb-ssl
sslInternal: mydb-ssl-internal
encryptionKey: mydb-encryption-key
users: mydb-custom-users
ssl: mydb-custom-ssl
sslInternal: mydb-custom-ssl-internal
encryptionKey: mydb-custom-encryption-key
keyFile: mydb-custom-mongodb-keyfile
replsets:

- name: rs0
Expand Down
10 changes: 5 additions & 5 deletions e2e-tests/serviceless-external-nodes/conf/secrets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: mydb-users
name: mydb-custom-users
type: Opaque
stringData:
MONGODB_BACKUP_USER: backup
Expand All @@ -23,7 +23,7 @@ data:
encryption-key: WnFlNS9NaXRoUWdFMEp3cTlteXJGR2kvT1p4akdnWWNMcmNidFlUUzVIMD0=
kind: Secret
metadata:
name: mydb-encryption-key
name: mydb-custom-encryption-key
---
apiVersion: v1
data:
Expand All @@ -32,7 +32,7 @@ data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBbGhWejBQbUFXTTRIUW1xQUtkUFExOC9oelV6aG0wVXdxVDdpUFBHTFpuaE9jVlRqCjlnOGFteGdGM0psSXJNV0d0QXhwM3ZwNnRzVFBLSGJYV3l2TDZXNkREa251MGNPNDYxYVoyVGE4alI4dUxHaGsKbHYzRm5DVUNnRW9xNHUyMDJvRm1qdkVLS1Y1NnNSZHZZZTMxWlJ1UDBCN3k4WnpXanhDcjcrYWVMeCtSQ3lGYwpLZ3d6VmdSeE14WlVEYkQ2VWpmOWZGVDFtS01FQTQ3UlQyblBFQ1UyVVpHeEI4dVh0VVNKY1ZlSTRUdWFiWWI3ClJwbkhtSENEQmpEOEE2WmhjUUtVbFA4dWowYUpHdndtR01CT2ExQ0x0eVJ2dWR3RXRoQXhQcEE1SHRNdHRJcW0KMlNjZjNvQWVnd1BxSm9KU1dWRlpUSlBMdnFzMlNnNlBVdDVzZ3dJREFRQUJBb0lCQUJiODFpNXQ2TUN4WGQ5SQpYTFVMWW5PTHZiUXFVR3Z0M3hRdE00M09HV0hxajJsQWJXSWswaGhyUjRxUVY5ZE9zZUVsL1psUG1EZ2lVUENMCnMxU2RrckFBWTBadkFJdFVoU0JXdFYzVnltOTdGU0ZzSSt3VWxvM2lCVTRORGlDUDlDRjdyRys4YjZnQ2RweGwKVUlRWlpIckdDL0wrcW90alVHRzlWZmg2eEVQSFArNDg2b2NYeHZSOUZmWHd2YlgrU1FPQVRHWDNZK3MwZ09zWAp6cEUzWk5NNnpFR3l1NEVYWGpGV0tLUjJQc1VPM2FQTFZCTkNNS1BtSFo1RXhFbFd2dVdtSVh0eXI1MVZINXRKClJjclREZi9VVitWWDVEZnJxOVpVQnQ5dkw2Uyt2cm8ra0dTMHBnN002VDh1NlNDa3h3aGtVNzhaMFQyU3o0RDQKdjU1d2grRUNnWUVBeEYzTlMzRVdvLzBPZVk0OHJOTzV6R0Fya1MraFZ1Zk5iZktZQ1NIaTluNzVySEdqckluWQp4M3JQV0srcWh1WjRiT0dZa0xaOXRTTFZpZVBXVzZTUnRxNWhrQXpXaFFJM21HVyswanU0QXMyTG90bkQzZmw4CnhtcWtkQkNJQ21ka0Z2M0dvMHd0bHZRUk9DbERPUkRJT2RWcVdKMk5HVndhS3o5MzlNQ0E4dXNDZ1lFQXc2bDcKTi9JdUxQTW14TkRNdE9DYVVwTEpXanlXemVoRWEySm5BUk1iUmR0KzVWRHZLUGRGR3NnS3ZiakhNWWo2R0FGUwpwWS9tSERNRjVQb1pybkpJb3VVdldOc1hNT3ZDRE0xS3hBWUZENXhJQUtSQmQzengxMTA1dU9pMmk0eXVUSUFOCjJzT3RoQ0tlQno5R3gyL2Jka2tvMlI0VDVoSGZuYjJkRVFkZWxza0NnWUVBaWxmN3R0YnB1SWNrbDRjYVFEaTYKZ2I2UGN5NDNZTjdXNEVzMXlkbFI2WS96bndaQTVlSUlGQ0gxeXVtWUhvcG85V3pLNjhsbUx5Tm5oa282VHo1VwpXbm5veW5BQkFweFpSc2tIODEyWGVvSU5pcUlaV0YzWkJvRkRjM0hpSmxKSk5kbDlCTGM2dDBza2hvaXJqNXkvCk05K2ptT01HOFlMdC9PSXVSUVVLMUJrQ2dZQmliSFB1VGFZS3VIbXRFYmVYMlUvbjc2elg5cGlKbGFndE9IL0cKRzUxaGc2dU9vU3JkT1oyS2ZreGc2WDFTSHF4bnZPcWRIQWpOOEtDcmNWL1B6KzlYK2QvYVc4T0x1VnlRNGdnVgpHVTRjYnlvTklKTktEeEQ4bkFtNFNWL2lUTzgwemttcDNUc0F1QVUwY2hFaHE5UUM2WVJoeTI2SkVqNmhjOHQ1CjBISTFlUUtCZ0ZMa2xUTDNoZjNUOWFtZ3R1OFJIOWJ1alVYUHh3ajBtQ0N4RmVCVFYwMXBWSVpldHI1MThzNWMKQ2EzUUpwcTRVVUdLYUFyeW1hRUVLVjArVWdoVTV1bHZBMHR1VS9wSEZ5c0R1VUpDNDgwK3g5d1VOa0tNOHN3OQpENis0dkhKeURFS0xPNXIveTZFRDFKcHFnT3lKV1UwKzd3akp6K1kzaUZOU3NNUHVPVmpKCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
kind: Secret
metadata:
name: mydb-ssl
name: mydb-custom-ssl
type: kubernetes.io/tls
---
apiVersion: v1
Expand All @@ -42,13 +42,13 @@ data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBek1MYkJOdXR1NnM1d0VwOTVNNWhhaVBVNXFIckt2ZjA4Snh2V3dqSkVxblh1VUVrCi9wYXByNFRqL1RMQkRxN3dKTFRhNkJMZ3dhSGJlK2R0MFA2SnpWd0o0SHBhZFNqQ3QxNkhXMDJhVGQxcmJNeGoKMlhpOHpPc2szZUNSOExCb1pkRVRkUnZ5SGp2ZStpL0hqZkxNY2JLazdxYU5McUJTUS8vekdGMGNCTW9idTZRMwprMEdxL0xJSWs5dWp3S09KVTdtU1NQd3pBeU9YVitHMjBoS0dITGlyRDU5Nlpva1ordDEyYjJBMTM1OWpXVUUrCkFwekJMQ0dZQ2RkeElUQzRudFl6aDFEanAxYTNtbmw5bHZRWHV4Y2RmRGEzVlVaajg1eEdiMU5xdkR1UG5ENFIKcDBrS2JGSk1uc2JnMEFjSlEvMXdzZGJFdEUzRUdObGQ5dUpvandJREFRQUJBb0lCQUMyd0FLeVowNjcvS3BpawpSbWpxUDhRdUVKQVJhdWFnZ3UrNUNBTzQ5eHlKOXc5bjRMaEpwN3o1R3VIaEZFQ1JlaFhHb04yTmNNYmp0WlIwCjlBVGc5cUJ5dStWeGg0T0N2OGVvZU8wL2FJR2RPUjRDa1BqeVByWStkWEJvYmtmVkpNWXJHM3RTNi9naEJjU3YKS29pYXQxRmJPZi9oKzdoK256eDYvS1BnQ3FOcWl3OHZRMEE2bWd3bFd0YWNjMjJFNytMdG4xeGZwNHE5NXdkUwowcXBlSzJjZ3BaMHlzdHhta3RFNklzRThRaU01QUdpYVhuWjdtOEhDNXMwRko3RzR0eGVGTVp3M0tCTVQvcHM0ClE5Z0p1U045bnNqaE5wWHRYdTc1dU9TeGhibkcrUW9ZZTN3SFE2SFVZVG5zTExyZkc1QmJXMWdKMXFUVzA3SGkKN2VrKzlsRUNnWUVBNWxWSmM1NzBYVUcyMW8vN29yTmJaWVZjUXdLRmFSSWtrb3J2N0cycCtJaFZGZDRuWGhUcwpJOVZGSTFVOGNZR2N0djBDMCt4ZzdONnFuN3U0UVhkYzdqUUNCaC9peUFHSzh3VUt1WVpubVc5UTdKVTEzVkxmCjZJL2VKbWdBRHczWHpEaWtLYXJsSmVSS2lwUVJNdFU4dndqNUtlSW1FN21sUGtKbVl3OExONGtDZ1lFQTQ1UVQKaW1zMXQ2SDFDSVpoMVRjNHJLUDlURXlYVVZTOXl2MVY1TmRwbi8zUU10eHFrN0h0WGFaWEFlOUlmVkVXak1BTgpuMFpTd2tPbVExdU0ybHNGeXdJbXhZTWxzZ0lmK3dJWlRCWU5zSUJaMW1KV2ZHOE1KbWY4UGJad0FsdGczRDlSCmVKQ0V2YndsdnZTVEFVYUxYUVpKdXhWcWd6MW5LVHVCRTVaREFWY0NnWUVBMG00a3R1OEh6Wk5WMlZ5ZHhwMFoKNlB3WHVGaTdUYXozb0xJeVU4dzB0d3pHdnozQXRhRmp3N0Q2Z3pkQ0Mya2dwY1V0S2pRUXNSY1V4dTRYZmlmdwp6T2JTMm9tVEJLcjBLT1g0VUZyTWwwOHRuWmNNS1BHb0FxNDloTlVMQ0xYYTY0YnI0KzF2Z0ZpN0NUUVJLbUhLCko3V28vV3pRNE1DQWlRcmN3NjlnemhFQ2dZRUF0cFA3d1ZjVnQ0ZEZzRnN2YmdGcGhJZmtGU3gxVVppczA0ZS8KTzJMZXFLN1dNNWZHSVV2ajVQZ29ZYkw0OHlEMCtHSzBDdzQrSXdCbkNTOFBwN2JTeFBXcTZWYTREVUhMS25PYQpuQUl0WldienJCMGt5WnZGb2FKWEthT041VFl1VlVTdk5neXJraFM2SzZMSHRZUkZGcEtPNEhya0F2cG1JeHhNCkI4ekxZTzBDZ1lBdGkwZEc2ODIyUjlaeHh6Uk51eDB5UlhMVSswbGNJUVNIR2YwL3pWY2NPTFlHRjRkZ1FGY2UKeGpRRlpnZ1Zzc3dtankrUUd0UFI1bVBjdmx0djEybnFINXZJRVpPVDhxY0pzaXJIdjFqSGpaMUYzZzlwVS9xTQp2cS9BTGVTSjl3S0pqMUNGdDZnZWp5SEI5bE9UYjVGWTVLM29hVFJHRm0rbWoxY3ZkNksrcUE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
name: mydb-ssl-internal
name: mydb-custom-ssl-internal
type: kubernetes.io/tls
---
apiVersion: v1
data:
mongodb-key: bm5ydmNaYVJobW9IV0Nob3I1RWE5d1RxamMvWDhwRkJ5MW5BNVBsRklkQmI4NnN2M0czRFNOeVcwNm5McTZBcEFkeFhHUW9uRnEzWjNIVHNQSUNLaGE3aVVuYUZ1Y1ozK2pJSEY2aVErRTJqUUMzenI0aDg0eGtnWnlNMEVleFBVbGF3UndwbkZNbnl5MktyY25NaHpzQ2d4Q21VS3h1Mko1cktucFJNL3Npdm1INXhIQkFJUkRRaUY3UVFlYXYyQnEwcGhqeit5Z2kxYjlwVnk1M3VQbkUxK3h3d2JPdU9NaVBIZGl2aFZOZTFMK0lRMnY5amlpd09PUWtXRW1WWm13UGlScFFVUml2QXRPVWpocVk3ZDFoT085SHVtUFU1dFlxQXFvaHZnUFUxL0tpSC9uSjRJL2x5dFFJVm5BdmVHcmdib254a2d3V0o3QnEybWVUZHZuMFpOUWx4b0poaStTTThmTWtpREo5bXRKYWZ0QkVuMDBGYlpkR3pNb3RoSjZLZFlhRGFlaTZ0TlIrZEh1Z0xsaTZwRVdEOVRNNy84YVVGdkdEZ1ovbHVBb09rZDJUVWhKSklMWEpYdlpoajFnOEhMK0VNUnZaVDFMSmZVc2czdkphb0xEczVLM1V0YU9RejYvOTZGRXhOQUJnSU1LWEhPWEhaeC9tYlhtYzZJd2R0RjZ1Q1I0L2loTVJEY1BBZmtXb2ZwWi9ucDBNTnZpU2VPWktldHFmbEdXYVpRMExoYlRJRGJXZE00VlRnMHgzYWJQNlozdHJyejhva1FubEw1VUg1cVZBREQ5UXBtTTVqMkZuc3FuRFJ3V2xBNk9YWXhXQytVTjhmZGlyM0tvZDVYNWEvSFY4a1Yyd1B1NG9YTWR3Q2lKTklCUisvWEQycUdQREJMeVZsVXorMjdURTg2M3J5ZCtlSGFTQVl0RUJhaWZxdDc1YWh2aHJPTkVjRGRIQitDMkNaa29Pd002VXVNUGl3NU0yQm9QMW1HTTdML3cyc2VFTjZFaGFWYjVWL3FEbTlZZiszQUpOR0VtZlNWN1hUVDMyVWdFYzg0bjFTMkRULzhxRWNGNGN2dFFrWGFBNWZLTWZNUWR6ZWtNdDV6RFR5RlVCV1MralFnZEx0NHBIOXZMNFA0UGxsS1dkZ2t2TVRCNFpMejZJcjZxbE5uVGJWNXRoNkkvbGZTNzRpVTlFdGl0Ri9BN2xpWHMrTkoyTnphZUtTUVFmK0VwWlNKbU1rSWtyQUNEdnFUcWZRQ0tmNEphc3BucnQ2cEUrU1phMXo4c29DTmd0d0dUVklpdzFwdG1oWmtybFQ5bDVVb1ZzenNBQmxWYWJXQmh3SUU1ZFVnNFB0STcrVg==
kind: Secret
metadata:
name: mydb-mongodb-keyfile
name: mydb-custom-mongodb-keyfile
type: Opaque
13 changes: 13 additions & 0 deletions e2e-tests/serviceless-external-nodes/run
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,13 @@ kubectl_bin apply \

apply_cluster "$test_dir/conf/main.yml"
wait_for_running "$cluster-rs0" 1
compare_kubectl statefulset/mydb-rs0

secrets_count=$(kubectl_bin get secret -o yaml | yq '.items | length')
if [[ $secrets_count != 6 ]]; then
echo "It's expected to have 6 secrets. Currently have $secrets_count"
exit 1
fi

desc "Start External Cluster in unmanaged mode"
kubectl_bin config set-context $(kubectl_bin config current-context) --namespace="$replica_namespace"
Expand All @@ -34,6 +41,12 @@ apply_cluster "$test_dir/conf/external.yml"
wait_pod ${cluster}-rs0-0
wait_pod ${cluster}-rs0-1

secrets_count=$(kubectl_bin get secret -o yaml | yq '.items | length')
if [[ $secrets_count != 6 ]]; then
echo "It's expected to have 6 secrets. Currently have $secrets_count"
exit 1
fi

kubectl_bin config set-context $(kubectl_bin config current-context) --namespace="$namespace"

kubectl_bin get psmdb $cluster -o yaml >$tmp_dir/psmdb.yaml
Expand Down
2 changes: 2 additions & 0 deletions e2e-tests/version-service/conf/crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9052,6 +9052,8 @@ spec:
properties:
encryptionKey:
type: string
keyFile:
type: string
ldapSecret:
type: string
sse:
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/psmdb/v1/psmdb_defaults.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ const MultiClusterDefaultDNSSuffix = "svc.clusterset.local"

const (
MongodRESTencryptDir = "/etc/mongodb-encryption"
InternalKeyName = "mongodb-key"
EncryptionKeyName = "encryption-key"
)

Expand Down
Loading
Loading