K8SPSMDB-958 fix mongos metrics

[nmarukovich]

CHANGE DESCRIPTION

Problem:
Short explanation of the problem.
On mongos we do not have
Cause:
Short explanation of the root cause of the issue if applicable.
PMM fails to monitor mongoS due to lack of permission
Solution:
Short explanation of the solution we are providing with this PR.

CHECKLIST

Jira

• Is the Jira ticket created and referenced properly?
• Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
• Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

• Is an E2E test/test case added for the new feature/change?
• Are unit tests added where appropriate?
• Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

• Are all needed new/changed options added to default YAML files?
• Are the manifests (crd/bundle) regenerated if needed?
• Did we add proper logging messages for operator actions?
• Did we ensure compatibility with the previous version or cluster upgrade process?
• Does the change support oldest and newest supported MongoDB version?
• Does the change support oldest and newest supported Kubernetes version?

[github-actions]

[gofmt] _{reported by reviewdog 🐶}

Suggested change

	if platform == version.PlatformKubernetes {
	var tp int64 = 1001
	fsgroup = &tp
	}
	if platform == version.PlatformKubernetes {
	var tp int64 = 1001
	fsgroup = &tp
	}

[github-actions]

[gofmt] _{reported by reviewdog 🐶}

Suggested change

	tvar := true
	cr.Spec.Sharding.Mongos.ContainerSecurityContext = &corev1.SecurityContext{
	RunAsNonRoot: &tvar,
	RunAsUser: fsgroup,
	}
	}
	if cr.Spec.Sharding.Mongos.PodSecurityContext == nil {
	cr.Spec.Sharding.Mongos.PodSecurityContext = &corev1.PodSecurityContext{
	FSGroup: fsgroup,
	}
	}
	tvar := true
	cr.Spec.Sharding.Mongos.ContainerSecurityContext = &corev1.SecurityContext{
	RunAsNonRoot: &tvar,
	RunAsUser: fsgroup,
	}
	}
	if cr.Spec.Sharding.Mongos.PodSecurityContext == nil {
	cr.Spec.Sharding.Mongos.PodSecurityContext = &corev1.PodSecurityContext{
	FSGroup: fsgroup,
	}
	}

[hors]

I think we need to set it only for >- 1.15

[nmarukovich]

Agree.

[inelpandzic]

I don't think we should do this here by modifying user CR. I think we should do it directly where we define mongos sts, in pkg/psmdb/mongos.go.

Wdyt @egegunes @hors

[nmarukovich]

Why is it better to do it in sts? @inelpandzic

[inelpandzic]

I don't think we should touch CR if not necessary, it can be easily removed by the user. In the end, it is something internal that we need to ensure, just like we, for example, set init container or sidecar containers. We don't do it by updating the CR, but internally set it in our sts/deployment specs.

[nmarukovich]

As for me, we should either change this feature in CR or STS for all types of resources. Because for now we change it for cfg and rs in CR.
@egegunes @hors @inelpandzic
What do you think?

[inelpandzic]

Aha, I just saw that we do the same thing for other objects, like backup, and in this case, I think we should do it as you did it now @nmarukovich because of the consistency even though I think that generally it should be done where we create specs themselves rather than in CR.

[nmarukovich]

Aha, I just saw that we do the same thing for other objects, like backup, and in this case, I think we should do it as you did it now @nmarukovich because of the consistency even though I think that generally it should be done where we create specs themselves rather than in CR.

Despite the fact, that we already did it, I still want to discuss what we want to have ideally. In this case we can plan to refactor it or add a comment that decided to do like this (just avoid next time the same discussion )

[egegunes]

Ideally these should be (or close to) where we define sts for given component. Currently this place is the correct one IMO.

[nmarukovich]

Ok! So let's merge in this case (=

[JNKPercona]

Test name	Status
arbiter	passed
cross-site-sharded	passed
data-at-rest-encryption	passed
data-sharded	passed
demand-backup	passed
demand-backup-eks-credentials	passed
demand-backup-physical	passed
demand-backup-physical-sharded	passed
demand-backup-sharded	passed
expose-sharded	passed
ignore-labels-annotations	passed
init-deploy	passed
limits	passed
liveness	passed
mongod-major-upgrade	passed
mongod-major-upgrade-sharded	passed
monitoring-2-0	passed
multi-cluster-service	passed
non-voting	passed
one-pod	passed
operator-self-healing-chaos	passed
pitr	passed
pitr-sharded	passed
recover-no-primary	passed
rs-shard-migration	passed
scaling	passed
scheduled-backup	passed
security-context	passed
self-healing-chaos	passed
service-per-pod	passed
serviceless-external-nodes	passed
smart-update	passed
storage	passed
upgrade	passed
upgrade-consistency	passed
upgrade-sharded	passed
users	passed
version-service	passed
We run 38 out of 38

commit: b24a013
image: perconalab/percona-server-mongodb-operator:PR-1289-b24a0130