Comments (4)
Since creating the "connectionStringSecretTemplate" proved to be too complex for me (I haven't ever programmed in Go), I've gone ahead and implemented a "connectionStringSecretAnnotations" property. It is implemented in my fork. Let me know if you'd like me to open a PR for the namespace consistency fix and/or the connectionStringSecretAnnotations property.
from mongodb-kubernetes-operator.
From what I've seen, it appears this could be caused by the following code
mongodb-kubernetes-operator/controllers/mongodb_users.go
Lines 42 to 74 in 3108a94
In it:
- In lines 46-49,
secretNamespace
is set to the connection string secret namespace, if it is defined - In lines 65-69, the password secret is read on the
secretNamespace
- In line 74, the connection string secret is set to be created on the
secretNamespace
.
Therefore, the password secret and connection string secret need to be in the same namespace.
However, when ensuring user resources, in the following code, it is expected that the password secret is in the namespace of the MDBC, and not in the one specified for the connection string secret.
mongodb-kubernetes-operator/controllers/mongodb_users.go
Lines 16 to 20 in 3108a94
Ensuring consistency in the namespace used in both functions should fix the problem of needing to have the secret in both namespaces for the connection string secret to be created.
However, I'm not sure what is causing the connection string secret to be deleted immediately after it is created (could be related, or not).
from mongodb-kubernetes-operator.
An update on this: ensuring consistency on the namespaces used did solve the problem of needing to have the password secret in both namespaces (I can open a PR for this, it's a single line change).
However, the problem with the connection string secret being immediately deleted was not solved. After some investigation, I came to the conclusion that the secret was being garbage collected by kubernetes. https://kubernetes.io/docs/concepts/architecture/garbage-collection/#owners-dependents states that cross-namespace owner references are disallowed by design, which is causing the secret to be immediately deleted.
from mongodb-kubernetes-operator.
A possible solution to the connection string secret problem is to follow an approach similar to cert-manager
(https://cert-manager.io/docs/devops-tips/syncing-secrets-across-namespaces) and allow for a "connectionStringSecretTemplate" as well. This would allow users to set annotations that can be used by reflector or kubernetes-replicator to sync the secret across namespaces. The connectionStringSecretNamespace
parameter doesn't need to be removed because it is a simpler solution for cluster-wide deployments of the mongodb-kubernetes-operator.
from mongodb-kubernetes-operator.
Related Issues (20)
- Allow service spec to be updated from MongoDBCommunity CR HOT 3
- [Feature Request] Enable Copying/Annotation of Generated Secrets to Additional Namespaces HOT 1
- Readiness probe failed: panic: open /var/log/mongodb-mms-automation/healthstatus/agent-health-status.json: no such file or directory HOT 17
- [HELP] Migrate data from bitnami MongoDB to community MongoDB. HOT 2
- Deploy a sharded cluster HOT 2
- Statefulset: volumeClaimTemplates doesn't match volumeName annotation HOT 2
- Operator fail to install Mongo 7.0.9 HOT 1
- Too many "Connection accepted" and "Connection ended" in the logs HOT 2
- mongo not working with external access HOT 1
- MongoDB Failed Status HOT 1
- Scaling beyond 7 replicas causes failure in MongoDB Kubernetes Cluster with Mongo Community Operator HOT 1
- failed to create containerd task: failed to create shim HOT 1
- Publish the MongoDB community operator under OperatorHub HOT 1
- node had volume node affinity conflict
- Arguments order for AutomationAgentCommand is incorrect HOT 2
- agent image referenced by 0.10.0 release not available on quay.io HOT 1
- Broken link in `latest` release notes HOT 2
- quay.io/mongodb/mongodb-agent-ubi:107.0.1.8507-1 has wrong architecture of binaries HOT 3
- operator CrashLoopBackOff, no logs, is my k8s version is too high? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mongodb-kubernetes-operator.