Closed cmanzur closed 1 year ago
Hi,
Thank you so much for reporting, would you like to submit a PR improving the solution?
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
I am encountering the exact same error described in this issue when attempting to deploy MongoDB with TLS without using mutual TLS. Could you provide more detailed instructions or an update on the fix for this?
Name and Version
bitnami/mongodb-13.3.0
What steps will reproduce the bug?
I have found the problem and the solution also. The problem is that you can't currently deploy using TLS but without using certificates on the clients (mTLS) Basically if you deploy the chart with tlsEnabled it will set mutualTLS by default. and it's not possible to change this behavior.
Are you using any custom parameters or values?
rootPassword: "root1234" tlsEnabled: true
What is the expected behavior?
Deploy monoDB with TLS but without mTLS.
What do you see instead?
The problem is in this line (for standalone): https://github.com/bitnami/charts/blob/main/bitnami/mongodb/templates/standalone/dep-sts.yaml#L244 when you set
--tlsCAFile
on the extraFlags it will run mongodb in mutal TLS It's well documented here: https://www.mongodb.com/docs/manual/tutorial/configure-ssl/#set-up-mongod-and-mongos-with-client-certificate-validationSo, The client must use:
mongosh admin --host "mongo-mongodb-headless" --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD --tls --tlsCAFile ca.pem --tlsCertificateKeyFile client-cert.pem
I have tested deleting the
--tlsCAFile
on that line and it works with TLS (without mutual TLS) You need to add some logic on the Helm template to achieve this.The client can now use:
mongosh admin --host "mongo-mongodb-headless" --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD --tls --tlsCAFile ca.pem
Additional information
No response