diff --git a/build/pbm-entry.sh b/build/pbm-entry.sh index e85e3eaef..c40cf7ef6 100755 --- a/build/pbm-entry.sh +++ b/build/pbm-entry.sh @@ -1,15 +1,10 @@ #!/bin/bash -PBM_MONGODB_URI="mongodb://${PBM_AGENT_MONGODB_USERNAME}:${PBM_AGENT_MONGODB_PASSWORD}@localhost:${PBM_MONGODB_PORT}/?replicaSet=${PBM_MONGODB_REPLSET}" - if [[ -z ${PBM_AGENT_TLS_ENABLED} ]] || [[ ${PBM_AGENT_TLS_ENABLED} == "true" ]]; then MONGO_SSL_DIR=/etc/mongodb-ssl - if [[ -f "${MONGO_SSL_DIR}/tls.crt" ]] && [[ -f "${MONGO_SSL_DIR}/tls.key" ]]; then - PBM_MONGODB_URI="${PBM_MONGODB_URI}&tls=true&tlsCertificateKeyFile=%2Ftmp%2Ftls.pem&tlsCAFile=${MONGO_SSL_DIR}%2Fca.crt&tlsInsecure=true" + if [[ -e "${MONGO_SSL_DIR}/tls.crt" ]] && [[ -e "${MONGO_SSL_DIR}/tls.key" ]]; then cat "${MONGO_SSL_DIR}/tls.key" "${MONGO_SSL_DIR}/tls.crt" >/tmp/tls.pem fi fi -export PBM_MONGODB_URI - exec "$@" diff --git a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg-oc.yml b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg-oc.yml index 6e5ddd977..d4d352c3e 100644 --- a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg-oc.yml +++ b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg-oc.yml @@ -166,7 +166,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg.yml b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg.yml index c4efd8c75..81bfea05f 100644 --- a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg.yml +++ b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg.yml @@ -167,7 +167,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0-oc.yml index 25743202d..87c7757d7 100644 --- a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0-oc.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0.yml b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0.yml index 518c9fc0d..f02736c7d 100644 --- a/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0.yml @@ -174,7 +174,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-fs/compare/statefulset_some-name-rs0.yml b/e2e-tests/demand-backup-fs/compare/statefulset_some-name-rs0.yml index 6dbd4992b..e4cf4aac7 100644 --- a/e2e-tests/demand-backup-fs/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/demand-backup-fs/compare/statefulset_some-name-rs0.yml @@ -182,7 +182,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-4-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-4-oc.yml index 4a9801f70..42e79c1d5 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-4-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-4-oc.yml @@ -190,7 +190,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-oc.yml index ffc395ab6..e5bcd8c4e 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-oc.yml @@ -190,7 +190,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg.yml index 32757b47c..c8841f11b 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg.yml @@ -191,7 +191,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-4-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-4-oc.yml index 001a586e3..6356b63c3 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-4-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-4-oc.yml @@ -175,7 +175,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-oc.yml index c7adabbb9..3698a079c 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-oc.yml @@ -175,7 +175,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0.yml index 4d85e97e3..c8d6f12f7 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0.yml @@ -176,7 +176,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1-oc.yml index ae398cf20..02b94ae13 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1-oc.yml @@ -175,7 +175,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1.yml index d7f1e9eb7..ce0eb5974 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1.yml @@ -176,7 +176,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2-oc.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2-oc.yml index a2dbe6528..578a719bb 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2-oc.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2-oc.yml @@ -185,7 +185,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2.yml b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2.yml index 3060b7664..256424223 100644 --- a/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2.yml +++ b/e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2.yml @@ -186,7 +186,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/demand-backup/compare/statefulset_some-name-rs0-oc.yml index b4fb0d75d..cdb987280 100644 --- a/e2e-tests/demand-backup/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/demand-backup/compare/statefulset_some-name-rs0-oc.yml @@ -172,7 +172,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/demand-backup/compare/statefulset_some-name-rs0.yml b/e2e-tests/demand-backup/compare/statefulset_some-name-rs0.yml index 0f781ccac..34bbd119b 100644 --- a/e2e-tests/demand-backup/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/demand-backup/compare/statefulset_some-name-rs0.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-4-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-4-oc.yml index 45b359662..35d73eea0 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-4-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-4-oc.yml @@ -187,7 +187,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-oc.yml index c883f5459..b58c2103f 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-oc.yml @@ -187,7 +187,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg.yml index c461a21ab..ef1556cff 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-cfg.yml @@ -188,7 +188,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-4-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-4-oc.yml index 23f09200f..a8c18d088 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-4-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-4-oc.yml @@ -185,7 +185,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-oc.yml index 23f09200f..a8c18d088 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-oc.yml @@ -185,7 +185,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled-oc.yml index 149138432..b1e02dafc 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled-oc.yml @@ -182,7 +182,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled.yml index 599510d3e..49e3b62c1 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled.yml @@ -183,7 +183,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled-oc.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled-oc.yml index 993b7d60c..f86321352 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled-oc.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled-oc.yml @@ -185,7 +185,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled.yml index 92721accb..ea8576114 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled.yml @@ -186,7 +186,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0.yml b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0.yml index b048e5614..5775d500e 100644 --- a/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/expose-sharded/compare/statefulset_some-name-rs0.yml @@ -186,7 +186,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed-oc.yml b/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed-oc.yml index ba90fcdf2..17cb0bbfe 100644 --- a/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed-oc.yml +++ b/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed-oc.yml @@ -167,7 +167,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed.yml b/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed.yml index d4e53c089..9591a7fc7 100644 --- a/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed.yml +++ b/e2e-tests/liveness/compare/statefulset_liveness-rs0-changed.yml @@ -168,7 +168,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-oc.yml index ff3937b7c..a69081bbd 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-oc.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-oc.yml @@ -178,7 +178,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret-oc.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret-oc.yml index 80c3b6007..eac7a7fdb 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret-oc.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret-oc.yml @@ -178,7 +178,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret.yml index 73f9b9a9b..9d948e2ff 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret.yml @@ -179,7 +179,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0.yml b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0.yml index 1180803ae..4b8e87d2f 100644 --- a/e2e-tests/one-pod/compare/statefulset_one-pod-rs0.yml +++ b/e2e-tests/one-pod/compare/statefulset_one-pod-rs0.yml @@ -179,7 +179,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-4-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-4-oc.yml index 45b359662..35d73eea0 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-4-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-4-oc.yml @@ -187,7 +187,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-oc.yml index c883f5459..b58c2103f 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-oc.yml @@ -187,7 +187,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg.yml index c461a21ab..ef1556cff 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg.yml @@ -188,7 +188,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-4-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-4-oc.yml index 3635363d5..549a6c93c 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-4-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-4-oc.yml @@ -175,7 +175,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-oc.yml index 7f01ca26c..71d78af04 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-oc.yml @@ -175,7 +175,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0.yml index 3b81ccfc2..98cba043d 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0.yml @@ -176,7 +176,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-4-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-4-oc.yml index 3838034b9..e67e34372 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-4-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-4-oc.yml @@ -175,7 +175,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-oc.yml index 2771671f2..b9582d704 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-oc.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1.yml index dda471246..63079e11d 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1.yml @@ -176,7 +176,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-4-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-4-oc.yml index 984320a55..29313c060 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-4-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-4-oc.yml @@ -185,7 +185,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-oc.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-oc.yml index 9346ce17f..54c274c7d 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-oc.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-oc.yml @@ -183,7 +183,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2.yml b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2.yml index 02599deb4..69c54f13b 100644 --- a/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2.yml +++ b/e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2.yml @@ -186,7 +186,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/pitr/compare/statefulset_some-name-rs0-oc.yml index b4fb0d75d..cdb987280 100644 --- a/e2e-tests/pitr/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/pitr/compare/statefulset_some-name-rs0-oc.yml @@ -172,7 +172,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/pitr/compare/statefulset_some-name-rs0.yml b/e2e-tests/pitr/compare/statefulset_some-name-rs0.yml index 0f781ccac..34bbd119b 100644 --- a/e2e-tests/pitr/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/pitr/compare/statefulset_some-name-rs0.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0-oc.yml b/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0-oc.yml index 53da08230..c46a60094 100644 --- a/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0-oc.yml +++ b/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0-oc.yml @@ -172,7 +172,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0.yml b/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0.yml index 49832e53a..e1592119c 100644 --- a/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0.yml +++ b/e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/security-context/compare/statefulset_sec-context-rs0-changed.yml b/e2e-tests/security-context/compare/statefulset_sec-context-rs0-changed.yml index 30118519f..9b4d28c18 100644 --- a/e2e-tests/security-context/compare/statefulset_sec-context-rs0-changed.yml +++ b/e2e-tests/security-context/compare/statefulset_sec-context-rs0-changed.yml @@ -173,7 +173,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0-oc.yml b/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0-oc.yml index c5cbf500c..3ac1b8465 100644 --- a/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0-oc.yml +++ b/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0-oc.yml @@ -165,7 +165,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0.yml b/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0.yml index 65b85632e..a91ad55e0 100644 --- a/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0.yml +++ b/e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0.yml @@ -166,7 +166,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0-oc.yml b/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0-oc.yml index f666bd0ed..fc580935e 100644 --- a/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0-oc.yml +++ b/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0-oc.yml @@ -165,7 +165,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0.yml b/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0.yml index 073476605..b478f4cbd 100644 --- a/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0.yml +++ b/e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0.yml @@ -166,7 +166,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0-oc.yml b/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0-oc.yml index 593e9768f..4ef403c3f 100644 --- a/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0-oc.yml +++ b/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0-oc.yml @@ -165,7 +165,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0.yml b/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0.yml index f6ebbc1a7..2486c1041 100644 --- a/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0.yml +++ b/e2e-tests/service-per-pod/compare/statefulset_node-port-rs0.yml @@ -166,7 +166,7 @@ spec: apiVersion: v1 fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" imagePullPolicy: Always diff --git a/pkg/controller/perconaservermongodb/statefulset.go b/pkg/controller/perconaservermongodb/statefulset.go index f2be71b51..d71d221e7 100644 --- a/pkg/controller/perconaservermongodb/statefulset.go +++ b/pkg/controller/perconaservermongodb/statefulset.go @@ -106,13 +106,19 @@ func (r *ReconcilePerconaServerMongoDB) getStatefulsetFromReplset(ctx context.Co return nil, errors.Wrap(err, "check if mongod custom configuration exists") } - secret := new(corev1.Secret) - err = r.client.Get(ctx, types.NamespacedName{Name: api.UserSecretName(cr), Namespace: cr.Namespace}, secret) + usersSecret := new(corev1.Secret) + err = r.client.Get(ctx, types.NamespacedName{Name: api.UserSecretName(cr), Namespace: cr.Namespace}, usersSecret) if client.IgnoreNotFound(err) != nil { return nil, errors.Wrap(err, "check pmm secrets") } - sfsSpec, err := psmdb.StatefulSpec(ctx, cr, rs, ls, r.initImage, customConfig, secret) + sslSecret := new(corev1.Secret) + err = r.client.Get(ctx, types.NamespacedName{Name: api.SSLSecretName(cr), Namespace: cr.Namespace}, sslSecret) + if client.IgnoreNotFound(err) != nil { + return nil, errors.Wrap(err, "check ssl secrets") + } + + sfsSpec, err := psmdb.StatefulSpec(ctx, cr, rs, ls, r.initImage, customConfig, psmdb.StatefulSpecSecretParams{UsersSecret: usersSecret, SSLSecret: sslSecret}) if err != nil { return nil, errors.Wrapf(err, "create StatefulSet.Spec %s", sfs.Name) } diff --git a/pkg/controller/perconaservermongodb/statefulset_test.go b/pkg/controller/perconaservermongodb/statefulset_test.go index ca07689f9..f2d7b9b37 100644 --- a/pkg/controller/perconaservermongodb/statefulset_test.go +++ b/pkg/controller/perconaservermongodb/statefulset_test.go @@ -95,6 +95,11 @@ func TestReconcileStatefulSet(t *testing.T) { Name: crName + "-ssl", Namespace: tt.cr.Namespace, }, + Data: map[string][]byte{ + "ca.crt": []byte("fake-ca-cert"), + "tls.crt": []byte("fake-tls-cert"), + "tls.key": []byte("fake-tls-key"), + }, }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: crName + "-ssl-internal", diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml index 6df057d42..6567f52ef 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml @@ -182,7 +182,7 @@ spec: fieldRef: fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" image: perconalab/percona-server-mongodb-operator:main-backup diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml index 6df057d42..6567f52ef 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml @@ -182,7 +182,7 @@ spec: fieldRef: fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" image: perconalab/percona-server-mongodb-operator:main-backup diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml index 6df057d42..6567f52ef 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml @@ -182,7 +182,7 @@ spec: fieldRef: fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" image: perconalab/percona-server-mongodb-operator:main-backup diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml index 4175afd4f..f0e28a4f5 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml @@ -182,7 +182,7 @@ spec: fieldRef: fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" image: perconalab/percona-server-mongodb-operator:main-backup diff --git a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml index 781f4110d..17dc3e568 100644 --- a/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml +++ b/pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml @@ -181,7 +181,7 @@ spec: fieldRef: fieldPath: metadata.name - name: PBM_MONGODB_URI - value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME) + value: mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=/etc/mongodb-ssl/ca.crt&tlsInsecure=true - name: PBM_AGENT_TLS_ENABLED value: "true" image: perconalab/percona-server-mongodb-operator:main-backup diff --git a/pkg/psmdb/statefulset.go b/pkg/psmdb/statefulset.go index 381958e69..c4aab9968 100644 --- a/pkg/psmdb/statefulset.go +++ b/pkg/psmdb/statefulset.go @@ -31,10 +31,16 @@ func NewStatefulSet(name, namespace string) *appsv1.StatefulSet { var secretFileMode int32 = 288 +// StatefulSpecSecretParams contains secrets params for the StatefulSpec. +type StatefulSpecSecretParams struct { + UsersSecret *corev1.Secret + SSLSecret *corev1.Secret +} + // StatefulSpec returns spec for stateful set // TODO: Unify Arbiter and Node. Shoudn't be 100500 parameters func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec, - ls map[string]string, initImage string, customConf CustomConfig, usersSecret *corev1.Secret, + ls map[string]string, initImage string, customConf CustomConfig, secrets StatefulSpecSecretParams, ) (appsv1.StatefulSetSpec, error) { log := logf.FromContext(ctx) size := replset.Size @@ -259,10 +265,10 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap if name, err := replset.CustomReplsetName(); err == nil { rsName = name } - containers = append(containers, backupAgentContainer(cr, rsName, replset.GetPort(), cr.TLSEnabled())) + containers = append(containers, backupAgentContainer(ctx, cr, rsName, replset.GetPort(), cr.TLSEnabled(), secrets.SSLSecret)) } - pmmC := AddPMMContainer(cr, usersSecret, replset.GetPort(), cr.Spec.PMM.MongodParams) + pmmC := AddPMMContainer(cr, secrets.UsersSecret, replset.GetPort(), cr.Spec.PMM.MongodParams) if pmmC != nil { containers = append(containers, *pmmC) } @@ -323,7 +329,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap } // backupAgentContainer creates the container object for a backup agent -func backupAgentContainer(cr *api.PerconaServerMongoDB, replsetName string, port int32, tlsEnabled bool) corev1.Container { +func backupAgentContainer(ctx context.Context, cr *api.PerconaServerMongoDB, replsetName string, port int32, tlsEnabled bool, sslSecret *corev1.Secret) corev1.Container { fvar := false usersSecretName := api.UserSecretName(cr) @@ -417,12 +423,18 @@ func backupAgentContainer(cr *api.PerconaServerMongoDB, replsetName string, port }, }, }, - { - Name: "PBM_MONGODB_URI", - Value: "mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME)", - }, }...) + mongoDBURI := "mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@$(POD_NAME)" + if cr.CompareVersion("1.20.0") >= 0 { + mongoDBURI = buildMongoDBURI(ctx, tlsEnabled, sslSecret) + } + + c.Env = append(c.Env, corev1.EnvVar{ + Name: "PBM_MONGODB_URI", + Value: mongoDBURI, + }) + c.VolumeMounts = append(c.VolumeMounts, []corev1.VolumeMount{ { Name: "mongod-data", @@ -446,6 +458,45 @@ func backupAgentContainer(cr *api.PerconaServerMongoDB, replsetName string, port return c } +func buildMongoDBURI(ctx context.Context, tlsEnabled bool, sslSecret *corev1.Secret) string { + uri := "mongodb://$(PBM_AGENT_MONGODB_USERNAME):$(PBM_AGENT_MONGODB_PASSWORD)@localhost:$(PBM_MONGODB_PORT)" + if tlsEnabled { + if ok := sslSecretDataExist(ctx, sslSecret); ok { + // the certificate tmp/tls.pem is created on the fly during the execution of build/pbm-entry.sh + uri += fmt.Sprintf( + "/?tls=true&tlsCertificateKeyFile=/tmp/tls.pem&tlsCAFile=%s/ca.crt&tlsInsecure=true", + SSLDir, + ) + } + } + return uri +} + +func sslSecretDataExist(ctx context.Context, secret *corev1.Secret) bool { + log := logf.FromContext(ctx) + + requiredKeys := map[string]struct{}{ + "ca.crt": {}, + "tls.crt": {}, + "tls.key": {}, + } + + var missingKeys []string + + for key := range requiredKeys { + if _, exists := secret.Data[key]; !exists { + missingKeys = append(missingKeys, key) + } + } + + if len(missingKeys) > 0 { + log.Error(fmt.Errorf("SSL Secret is missing required keys: %v", missingKeys), "") + return false + } + + return true +} + func MongodCustomConfigName(clusterName, replicaSetName string) string { return fmt.Sprintf("%s-%s-mongod", clusterName, replicaSetName) }