Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

K8SPSMDB-796: Fix PBM connection if replset is exposed #1060

Merged
merged 1 commit into from Oct 6, 2022
Merged

K8SPSMDB-796: Fix PBM connection if replset is exposed #1060

merged 1 commit into from Oct 6, 2022

Conversation

egegunes
Copy link
Contributor

@egegunes egegunes commented Oct 5, 2022
edited by pull-request-badge bot

K8SPSMDB-796 Powered by Pull Request Badge

If replset is exposed, the operator uses ClusterIPs in the replset config. When PBM tries to open connection to replset using TLS certificates, it fails since these IPs are not included in the certificate. Ideally we want to move away from using unsafe options from TLS but it needs careful thinking.

@egegunes
K8SPSMDB-796: Fix PBM connection if replset is exposed
2ae3023 
If replset is exposed, the operator uses ClusterIPs in the replset
config. When PBM tries to open connection to replset using TLS
certificates, it fails since these IPs are not included in the
certificate. Ideally we want to move away from using unsafe options from
TLS but it needs careful thinking.
@pull-request-size pull-request-size bot added the size/S 10-29 lines label Oct 5, 2022
@JNKPercona
Copy link
Collaborator

Test name Status
storage passed
self-healing passed
self-healing-chaos passed
operator-self-healing passed
one-pod passed
init-deploy passed
operator-self-healing-chaos passed
monitoring-2-0 passed
limits passed
arbiter passed
scaling passed
service-per-pod passed
security-context passed
liveness passed
rs-shard-migration passed
cross-site-sharded passed
smart-update passed
version-service passed
users passed
data-sharded passed
non-voting passed
demand-backup-eks-credentials passed
data-at-rest-encryption passed
upgrade-consistency passed
demand-backup passed
scheduled-backup passed
demand-backup-sharded passed
upgrade passed
upgrade-sharded passed
pitr passed
pitr-sharded passed
We run 31 out of 30

commit: 2ae3023
image: perconalab/percona-server-mongodb-operator:PR-1060-2ae30234

@hors hors merged commit 143af7a into main Oct 6, 2022
@hors hors deleted the K8SPSMDB-796 branch October 6, 2022 09:36
@jonathon2nd
Copy link

I'm replying here as my post keeps getting hidden on the forum
https://forums.percona.com/t/basic-cluster-with-tls-not-working-operator-k8s-helm-setup/17844/7

Installed operator with
kubectl apply --server-side -f https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/deploy/bundle.yaml

Then installed this cluster

apiVersion: psmdb.percona.com/v1
kind: PerconaServerMongoDB
metadata:
  name: minimal
  namespace: default
spec:
  image: percona/percona-server-mongodb:latest
  replsets:
  - affinity:
      antiAffinityTopologyKey: kubernetes.io/hostname
    name: rs0
    size: 3
    volumeSpec:
      persistentVolumeClaim:
        resources:
          requests:
            storage: 3Gi
  secrets:
    users: minimal
  sharding:
    enabled: false
  upgradeOptions:
    apply: disabled
    schedule: 0 2 * * *

And this cert gets made

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: minimal-ssl
  namespace: default
  ownerReferences:
  - apiVersion: psmdb.percona.com/v1
    controller: true
    kind: PerconaServerMongoDB
    name: minimal
    uid: 6271257d-6ece-4da5-8d51-54ecdebc6ad1
  resourceVersion: "18897670"
  uid: 32945f74-5399-4c6a-9375-a23dcf547986
spec:
  commonName: minimal
  dnsNames:
  - localhost
  - minimal-rs0
  - minimal-rs0.default
  - minimal-rs0.default.svc.cluster.local
  - '*.minimal-rs0'
  - '*.minimal-rs0.default'
  - '*.minimal-rs0.default.svc.cluster.local'
  - minimal-rs0.default.svc.clusterset.local
  - '*.minimal-rs0.default.svc.clusterset.local'
  - '*.default.svc.clusterset.local'
  - minimal-mongos
  - minimal-mongos.default
  - minimal-mongos.default.svc.cluster.local
  - '*.minimal-mongos'
  - '*.minimal-mongos.default'
  - '*.minimal-mongos.default.svc.cluster.local'
  - minimal-cfg
  - minimal-cfg.default
  - minimal-cfg.default.svc.cluster.local
  - '*.minimal-cfg'
  - '*.minimal-cfg.default'
  - '*.minimal-cfg.default.svc.cluster.local'
  - minimal-mongos.default.svc.clusterset.local
  - '*.minimal-mongos.default.svc.clusterset.local'
  - minimal-cfg.default.svc.clusterset.local
  - '*.minimal-cfg.default.svc.clusterset.local'

here are the full log files
minimal-rs0-0_mongod.log
minimal-rs0-1_mongod.log
minimal-rs0-2_mongod.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hors hors hors approved these changes

@inelpandzic inelpandzic inelpandzic approved these changes

@tplavcic tplavcic Awaiting requested review from tplavcic tplavcic is a code owner

@nmarukovich nmarukovich Awaiting requested review from nmarukovich nmarukovich is a code owner

@cap1984 cap1984 Awaiting requested review from cap1984

@pooknull pooknull Awaiting requested review from pooknull pooknull is a code owner

Assignees
No one assigned
Labels
size/S 10-29 lines
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@egegunes @JNKPercona @jonathon2nd @hors @inelpandzic