Skip to content

Search: remove external.tls.enabled #442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 32 commits into from
Sep 15, 2025
Merged

Search: remove external.tls.enabled #442

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
88c1290
CLOUDP-312564: MongoDB Search - Public Preview
lsierant Sep 8, 2025
ba79106
Apply suggestions from code review
fealebenpae Sep 9, 2025
1aa6e3e
regenerate CRDs with the latest controller-gen
fealebenpae Sep 10, 2025
94df612
replace most literals with constants
fealebenpae Sep 10, 2025
84a27c8
rename search_controller to searchcontroller
fealebenpae Sep 10, 2025
fee1e84
lower test timeouts
fealebenpae Sep 10, 2025
e2fe9cd
added source resolution comments
fealebenpae Sep 10, 2025
d238db4
storage and requests constants
fealebenpae Sep 10, 2025
72a7340
remove comment mentioning tls.pem
fealebenpae Sep 10, 2025
5c3ea5b
fix broken unit test
fealebenpae Sep 11, 2025
28f6602
update the keyFileSecretRef constant
anandsyncs Sep 11, 2025
807c1f5
searchCoordinator role detection supports -pre and -ent versions
fealebenpae Sep 11, 2025
b99d026
remove external.tls.enabled
anandsyncs Sep 11, 2025
ee2df3b
update
anandsyncs Sep 11, 2025
abb02ee
update
anandsyncs Sep 11, 2025
29b2f56
remove enabled from search.spec.security.tls
anandsyncs Sep 11, 2025
3daaea7
remove enabled from search.spec.security.tls
anandsyncs Sep 11, 2025
6e15d39
fix community tests
fealebenpae Sep 11, 2025
e0fd04c
fix NeedsSearchCoordinatorRolePolyfill for MongoDB older than 8
fealebenpae Sep 11, 2025
6d7046c
make certificate authority fields mandatory
anandsyncs Sep 11, 2025
72f871d
remove duplicated helm args
fealebenpae Sep 11, 2025
0207a44
Merge branch 'master' into search/public-preview-operator
fealebenpae Sep 11, 2025
bd491a8
rename COMMUNITY_PRIVATE_PREVIEW_PULLSECRET_DOCKERCONFIGJSON
fealebenpae Sep 12, 2025
804c02e
Merge branch 'search/public-preview-operator' into anandsyncs/remove-…
anandsyncs Sep 12, 2025
1ffaab5
run make manifests
anandsyncs Sep 12, 2025
d263c3f
add comment
anandsyncs Sep 12, 2025
e35b3da
merge master
anandsyncs Sep 12, 2025
554fcfb
remove enabled field from snippets
anandsyncs Sep 12, 2025
f234fb4
run external snippets in evergreen
anandsyncs Sep 12, 2025
14b0070
make file executable
anandsyncs Sep 12, 2025
3b14c34
make file executable
anandsyncs Sep 12, 2025
f509ba0
remove-extraneous-change
anandsyncs Sep 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .evergreen-snippets.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,12 @@ tasks:
- func: test_code_snippets
- func: sample_commit_output

- name: test_kind_search_external_mongod_snippets.sh
tags: [ "code_snippets", "patch-run" ]
commands:
- func: test_code_snippets
- func: sample_commit_output

task_groups:
- name: gke_code_snippets_task_group
<<: *setup_and_teardown_group_gke_code_snippets
Expand All @@ -135,6 +141,7 @@ task_groups:
tasks:
- test_kind_search_community_snippets.sh
- test_kind_search_enterprise_snippets.sh
- test_kind_search_external_mongod_snippets.sh

buildvariants:
# These variants are used to test the code snippets and each one can be used in patches
Expand Down
10 changes: 4 additions & 6 deletions api/v1/search/mongodbsearch_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,22 +69,20 @@ type ExternalMongoDBSource struct {
}

type ExternalMongodTLS struct {
Enabled bool `json:"enabled"`
// +optional
CA *corev1.LocalObjectReference `json:"ca,omitempty"`
// CA is a reference to a Secret containing the CA certificate that issued mongod's TLS certificate.
// The CA certificate is expected to be PEM encoded and available at the "ca.crt" key.
CA *corev1.LocalObjectReference `json:"ca"`
}

type Security struct {
// +optional
TLS TLS `json:"tls"`
TLS *TLS `json:"tls,omitempty"`
}

type TLS struct {
Enabled bool `json:"enabled"`
// CertificateKeySecret is a reference to a Secret containing a private key and certificate to use for TLS.
// The key and cert are expected to be PEM encoded and available at "tls.key" and "tls.crt".
// This is the same format used for the standard "kubernetes.io/tls" Secret type, but no specific type is required.
// +optional
CertificateKeySecret corev1.LocalObjectReference `json:"certificateKeySecretRef"`
}

Expand Down
12 changes: 4 additions & 8 deletions config/crd/bases/mongodb.com_mongodbsearch.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,10 +179,8 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
enabled:
type: boolean
required:
- enabled
- certificateKeySecretRef
type: object
type: object
source:
Expand Down Expand Up @@ -211,8 +209,8 @@ spec:
properties:
ca:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
CA is a reference to a Secret containing the CA certificate that issued mongod's TLS certificate.
The CA certificate is expected to be PEM encoded and available at the "ca.crt" key.
properties:
name:
default: ""
Expand All @@ -225,10 +223,8 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
enabled:
type: boolean
required:
- enabled
- ca
type: object
type: object
mongodbResourceRef:
Expand Down
2 changes: 1 addition & 1 deletion controllers/operator/mongodbsearch_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func (r *MongoDBSearchReconciler) Reconcile(ctx context.Context, request reconci
}

// Watch our own TLS certificate secret for changes
if mdbSearch.Spec.Security.TLS.Enabled {
if mdbSearch.Spec.Security.TLS != nil {
r.watch.AddWatchedResourceIfNotAdded(mdbSearch.Spec.Security.TLS.CertificateKeySecret.Name, mdbSearch.Namespace, watch.Secret, mdbSearch.NamespacedName())
}

Expand Down
2 changes: 1 addition & 1 deletion controllers/searchcontroller/external_search_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ func (r *externalSearchResource) Validate() error {
}

func (r *externalSearchResource) TLSConfig() *TLSSourceConfig {
if r.spec.TLS == nil || !r.spec.TLS.Enabled {
if r.spec.TLS == nil {
return nil
}

Expand Down
4 changes: 2 additions & 2 deletions controllers/searchcontroller/mongodbsearch_reconcile_helper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ func (r *MongoDBSearchReconcileHelper) ensureMongotConfig(ctx context.Context, l
}

func (r *MongoDBSearchReconcileHelper) ensureIngressTlsConfig(ctx context.Context) (mongot.Modification, statefulset.Modification, error) {
if !r.mdbSearch.Spec.Security.TLS.Enabled {
if r.mdbSearch.Spec.Security.TLS == nil {
mongotModification := func(config *mongot.Config) {
config.Server.Wireproto.TLS.Mode = mongot.ConfigTLSModeDisabled
}
Expand Down Expand Up @@ -390,7 +390,7 @@ func createMongotConfig(search *searchv1.MongoDBSearch, db SearchSourceDBResourc

func GetMongodConfigParameters(search *searchv1.MongoDBSearch) map[string]any {
searchTLSMode := automationconfig.TLSModeDisabled
if search.Spec.Security.TLS.Enabled {
if search.Spec.Security.TLS != nil {
searchTLSMode = automationconfig.TLSModeRequired
}
return map[string]any{
Expand Down
1 change: 0 additions & 1 deletion docker/mongodb-kubernetes-tests/tests/search/search_community_external_mongod_basic.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@ def mdbs(namespace: str, mdbc: MongoDBCommunity) -> MongoDBSearch:
"external": {
"hostAndPorts": seeds,
"keyfileSecretRef": {"name": f"{mdbc.name}-keyfile", "key": "keyfile"},
"tls": {"enabled": False},
},
"passwordSecretRef": {"name": f"{MDBC_RESOURCE_NAME}-{MONGOT_USER_NAME}-password", "key": "password"},
"username": MONGOT_USER_NAME,
Expand Down
3 changes: 1 addition & 2 deletions docker/mongodb-kubernetes-tests/tests/search/search_community_external_mongod_tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,15 +138,14 @@ def test_create_search_resource(mdbs: MongoDBSearch, mdbc: MongoDBCommunity):
"hostAndPorts": seeds,
"keyfileSecretRef": {"name": f"{mdbc.name}-keyfile"},
"tls": {
"enabled": True,
"ca": {"name": f"{mdbc.name}-ca"},
},
},
"passwordSecretRef": {"name": f"{MDBC_RESOURCE_NAME}-{MONGOT_USER_NAME}-password", "key": "password"},
"username": MONGOT_USER_NAME,
}

mdbs["spec"]["security"] = {"tls": {"enabled": True, "certificateKeySecretRef": {"name": MDBS_TLS_SECRET_NAME}}}
mdbs["spec"]["security"] = {"tls": {"certificateKeySecretRef": {"name": MDBS_TLS_SECRET_NAME}}}

mdbs.update()
mdbs.assert_reaches_phase(Phase.Running, timeout=300)
Expand Down
2 changes: 1 addition & 1 deletion docker/mongodb-kubernetes-tests/tests/search/search_enterprise_tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def mdbs(namespace: str) -> MongoDBSearch:
if "spec" not in resource:
resource["spec"] = {}

resource["spec"]["security"] = {"tls": {"enabled": True, "certificateKeySecretRef": {"name": MDBS_TLS_SECRET_NAME}}}
resource["spec"]["security"] = {"tls": {"certificateKeySecretRef": {"name": MDBS_TLS_SECRET_NAME}}}

return resource

Expand Down
2 changes: 0 additions & 2 deletions docs/search/04-search-external-mongod/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,8 +182,6 @@ spec:
keyfileSecretRef:
name: ${MDB_EXTERNAL_KEYFILE_SECRET_NAME}
key: keyfile
tls:
enabled: false
username: search-sync-source
passwordSecretRef:
name: mdbc-rs-search-sync-source-password
Expand Down
2 changes: 0 additions & 2 deletions .../search/04-search-external-mongod/code_snippets/04_0320_create_mongodb_search_resource.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@ spec:
keyfileSecretRef:
name: ${MDB_EXTERNAL_KEYFILE_SECRET_NAME}
key: keyfile
tls:
enabled: false
username: search-sync-source
passwordSecretRef:
name: mdbc-rs-search-sync-source-password
Expand Down
Empty file modified docs/search/04-search-external-mongod/test.sh
100644 → 100755
View file
Open in desktop
Empty file.
12 changes: 4 additions & 8 deletions helm_chart/crds/mongodb.com_mongodbsearch.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,10 +179,8 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
enabled:
type: boolean
required:
- enabled
- certificateKeySecretRef
type: object
type: object
source:
Expand Down Expand Up @@ -211,8 +209,8 @@ spec:
properties:
ca:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
CA is a reference to a Secret containing the CA certificate that issued mongod's TLS certificate.
The CA certificate is expected to be PEM encoded and available at the "ca.crt" key.
properties:
name:
default: ""
Expand All @@ -225,10 +223,8 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
enabled:
type: boolean
required:
- enabled
- ca
type: object
type: object
mongodbResourceRef:
Expand Down
12 changes: 4 additions & 8 deletions public/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4201,10 +4201,8 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
enabled:
type: boolean
required:
- enabled
- certificateKeySecretRef
type: object
type: object
source:
Expand Down Expand Up @@ -4233,8 +4231,8 @@ spec:
properties:
ca:
description: |-
LocalObjectReference contains enough information to let you locate the
referenced object inside the same namespace.
CA is a reference to a Secret containing the CA certificate that issued mongod's TLS certificate.
The CA certificate is expected to be PEM encoded and available at the "ca.crt" key.
properties:
name:
default: ""
Expand All @@ -4247,10 +4245,8 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
enabled:
type: boolean
required:
- enabled
- ca
type: object
type: object
mongodbResourceRef:
Expand Down
Empty file modified scripts/code_snippets/tests/test_kind_search_external_mongod_snippets.sh
100644 → 100755
View file
Open in desktop
Empty file.