Docs/search external replicaset external lb#788
Closed
anandsyncs wants to merge 8 commits intofeature/external-sharded-mongodb-sourcefrom
Closed
Docs/search external replicaset external lb#788anandsyncs wants to merge 8 commits intofeature/external-sharded-mongodb-sourcefrom
anandsyncs wants to merge 8 commits intofeature/external-sharded-mongodb-sourcefrom
Conversation
- TestIsSharedTLSCertificate: Tests shared vs per-shard TLS mode detection - TestTLSSecretNamespacedNameForShard: Tests per-shard source secret naming - TestTLSOperatorSecretNamespacedNameForShard: Tests per-shard operator secret naming - TestPerShardTLSResourceAdapter: Tests the perShardTLSResource adapter struct - TestValidatePerShardTLSSecrets: Tests validation of per-shard TLS secrets - TestValidatePerShardTLSSecretsAllExist: Integration test for multiple shards
- env_variables.sh: Add MDB_SEARCH_TLS_CERT_PREFIX for per-shard TLS naming
- 05_0304_generate_tls_certificates.sh: Generate per-shard certificates
instead of one shared certificate (pattern: {prefix}-{shardName}-search-cert)
- 05_0320_create_mongodb_search_resource.sh: Use certsSecretPrefix and
endpoint template with {shardName} placeholder instead of legacy format
- 05_0340_verify_mongod_search_config.sh: Add per-shard TLS secret verification
- test.sh: Enable verification script execution
Changes to YAML fixture (search-sharded-external-lb.yaml):
- Replace certificateKeySecretRef.name with certsSecretPrefix: certs
- Replace sharded.endpoints array with endpoint template using {shardName}
Changes to Python test (search_sharded_enterprise_external_lb.py):
- Replace MDBS_TLS_SECRET_NAME with MDBS_TLS_CERT_PREFIX
- Add read_secret import for TLS verification
- Add create_per_shard_search_tls_certs() helper function
- Update test_009 to create per-shard TLS certificates
- Simplify mdbs fixture to handle endpoint template
- Add test_010a_verify_per_shard_tls_secrets verification test
Secret naming patterns:
- Source secrets: {prefix}-{shardName}-search-cert (e.g., certs-mdb-sh-0-search-cert)
- Operator secrets: {shardName}-search-certificate-key (e.g., mdb-sh-0-search-certificate-key)
The endpoint template field should be at spec.lb.external.endpoint,
not spec.lb.external.sharded.endpoint.
The CRD schema defines:
- spec.lb.external.endpoint: Template endpoint (for {shardName} placeholder)
- spec.lb.external.sharded.endpoints: Legacy array format (deprecated)
The sharded object only has 'endpoints' (array), not 'endpoint' (string).
When sharded object exists without the required endpoints array,
Kubernetes validation fails with 'spec.lb.external.sharded.endpoints: Required value'.
Changes:
- YAML fixture: Move endpoint from sharded block to external level
- Python fixture: Update path to replace NAMESPACE placeholder
The operator creates TLS secrets with hash-based filenames (SHA256 hash + .pem) not a literal 'certificate-key' key. Updated test_010a_verify_per_shard_tls_secrets to check for keys ending in .pem instead of looking for 'certificate-key'.
…ppets
This merge brings in:
- Per-shard TLS certificate support with CertsSecretPrefix field
- IsSharedTLSCertificate(), TLSSecretNamespacedNameForShard() methods
- perShardTLSResource adapter for per-shard TLS processing
- validatePerShardTLSSecrets() and ensureIngressTlsConfigForShard() functions
- Updated e2e tests with .pem key verification
- Endpoint template with {shardName} placeholder support
Conflict resolution:
- search-sharded-external-lb.yaml: Used endpoint template format with {shardName}
placeholder instead of the deprecated sharded.endpoints array format
…nal replica set and external LB This documentation provides step-by-step instructions for Technical Services to test MongoDB Search with: - External non-sharded replica set (3 members) as data source - Multiple mongot replicas (2-3) for high availability - Envoy proxy as L7 load balancer with round-robin distribution - TLS enabled for all connections (mongod → Envoy → mongot) - External LB mode configuration in MongoDBSearch Includes: - Architecture overview and traffic flow diagrams - Environment variables configuration - 17 step-by-step instructions with expected outputs - Verification steps for all components - Troubleshooting guide for common issues - Cleanup instructions Location: docs/search/07-search-external-replicaset-external-lb/README.md
anandsyncs
changed the base branch from
master
to
search/sharded-lb-external-sharded
anandsyncs
changed the base branch from
search/sharded-lb-external-sharded
to
feature/external-sharded-mongodb-source
MCK 1.7.1 Release NotesOther Changes
|
Contributor
|
incorporated into #787 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Proof of Work
Checklist
skip-changeloglabel if not needed