Closed mkellogg91 closed 3 years ago
Hi, thanks for creating this issue with a detailed explanation. I was checking the bitnami/mongodb-sharded and there is not an option to enable SSL/TLS out of the box in the chart, it is needed to do some manual changes.
On the other hand, the regular bitnami/mongodb chart contains different options to configure SSL/TLS, you can find more info about that in the following links:
I think a similar approach can be used in the bitnami/mongodb-sharded one, would you like to create a PR implementing the required changes? The team will be happy to review it and merge the changes. Otherwise, I can create an internal task to do it ourselves, but it will depend on the other priorities of the team so I can't provide an ETA for the internal task to be completed.
@carrodher thanks for getting back to me as this helps me decide what to do in the immediate future. While the challenge of getting this working and submitting a pr would be an interesting task to take on, unfortunately I don't have the luxury of using my work time to do so. I recommend opening an internal task if your team sees this as a valuable TODO.
For anyone who does take this issue on:
tlsMode
to "requireTLS" and passing certs into mongotlsMode
to "allowTLS" on all pods and the cluster was able to come up normally without failure, but the moment I turned on "requireTLS" it would break, again, I would look at whatever init script commands are being run to see if they are not including TLS props when doing mongo connections when they would be required toUnfortunately for me I will have to make some simpler custom helm charts
Thanks for the detailed information, I'm sure it can be helpful for other people. In the same way, I'm glad you were able to continue with a patch for your use case!
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
I have encountered the same problems. Have you an idea when the TLS options for the non-sharded mongodb will be available for the sharded one ? Do you have any plan for that or not at all ?
If not do you know any workable workaround ?
Thank you for your help on the Helm chart !
Which chart: mongodb-sharded. appVersion 4.4.4
Is your feature request related to a problem? Please describe. I'm not able to enable TLS/SSL on my sharded cluster without wanting to kill myself
Describe the solution you'd like Ideally there would be properties for enabling TLS and setting Certfile and CA file properties equal to the file location of the certs on the pod. for example: " tlsMode: "requireTLS" certicateKeyFile: "/etc/mongodb/.... certificateKeyFilePassword: "foo"
Describe alternatives you've considered Here is what I'm currently doing to try and make this work
mongodbExtraFlags
property to try and pass the tls properties needed via command line flags. However if I try to bring the cluster up from scratch it never gets off the ground. It seems like when the helm chart is trying to bootstrap the initial primary nodes it can't find the mongos and or configsvr to connect to.I am currently trying an approach where I get my sharded cluster up and running with no tls properties set and see if I can enable them at runtime slowly.
Am I missing something glaringly obvious or am I just the first person to try to set up TLS on this mongdb-sharded helm chart?
Additional context unfortunately I can't provide my exact config stuff as all my work is on a closed network