Skip to content

external mongod #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: search/public-preview
Choose a base branch
from
Draft

external mongod #308

wants to merge 11 commits into from

Conversation

anandsyncs
Copy link
Contributor

Summary

Proof of Work

Checklist

  • Have you linked a jira ticket and/or is the ticket in the title?
  • Have you checked whether your jira ticket required DOCSP changes?
  • Have you added changelog file?

@anandsyncs anandsyncs changed the base branch from master to search/public-preview August 1, 2025 13:30
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 1, 2025

⚠️ (this preview might not be accurate if the PR is not rebased on current master branch)

MCK 1.2.1 Release Notes

Other Changes

  • Optional permissions for PersistentVolumeClaim moved to a separate role. When managing the operator with Helm it is possible to disable permissions for PersistentVolumeClaim resources by setting operator.enablePVCResize value to false (true by default). When enabled, previously these permissions were part of the primary operator role. With this change, permissions have a separate role.
  • subresourceEnabled Helm value was removed. This setting used to be true by default and made it possible to exclude subresource permissions from the operator role by specifying false as the value. We are removing this configuration option, making the operator roles always have subresource permissions. This setting was introduced as a temporary solution for this OpenShift issue. The issue has since been resolved and the setting is no longer needed.

fealebenpae
fealebenpae approved these changes Aug 15, 2025
View reviewed changes
Copy link
Contributor

@fealebenpae fealebenpae left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I just recommend explicitly using distinct names for the mdbc and mdbs resources to make sure the implicit name matching isn't kicking in at all.

Please resolve the lint issue and merge.

lsierant
lsierant requested changes Aug 19, 2025
View reviewed changes
Copy link
Contributor

@lsierant lsierant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've left some comments

api/v1/search/mongodbsearch_types.go
type ExternalMongodTLS struct {
Enabled bool `json:"enabled"`
// +optional
CASecretRef *userv1.SecretKeyRef `json:"caSecretRef,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CA doesn't need to be a secret. See TLSConfig struct used in our CRDs

controllers/search_controller/search_construction.go
}

func (r *externalSearchResource) IsSecurityTLSConfigEnabled() bool {
if r.spec.TLS != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: we can simplify as return r.spec.TLS != nil && r.spec.TLS.Enabled

controllers/search_controller/search_construction.go
@@ -31,27 +35,78 @@ const (
//
// TODO check if we could use already existing interface (DbCommon, MongoDBStatefulSetOwner, etc.)
type SearchSourceDBResource interface {
Name() string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please check if this removal won't clash with enterprise support in #309?

docker/mongodb-kubernetes-tests/tests/search/search_community_external_mongod_basic.py
sample_movies_helper.assert_search_query(retry_timeout=60)


def get_connection_string(mdbc: MongoDBCommunity, user_name: str, user_password: str) -> str:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should probably make this an utility function as we have few copies of it already

docker/mongodb-kubernetes-tests/tests/search/search_community_external_mongod_tls.py
{
"mongotHost": mongot_host,
"searchIndexManagementHostAndPort": mongot_host,
"skipAuthenticationToSearchIndexManagementServer": False,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why no searchTLSMode in here? Is it defaulting to true?

docker/mongodb-kubernetes-tests/tests/search/search_community_external_mongod_tls.py

@mark.e2e_search_external_tls
def test_validate_tls_connections(mdbc: MongoDBCommunity, mdbs: MongoDBSearch, namespace: str, issuer_ca_filepath: str):
with pymongo.MongoClient(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use ReplicaSetTester.assert_connectivity for checking connection to mongodb? It guess it's doing exactly what we do here.

mongodb-community-operator/controllers/replica_set_controller.go
@@ -834,7 +837,8 @@ func getMongodConfigModification(mdb mdbv1.MongoDBCommunity) automationconfig.Mo
// getMongodConfigModification will merge the additional configuration in the CRD
// into the configuration set up by the operator.
func getMongodConfigSearchModification(search *searchv1.MongoDBSearch) automationconfig.Modification {
if search == nil {
// Condition for skipping add parameter if it is external mongod
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: unnecessary comment as it's just explain this simple code

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah yes, I simplified the logic but didn't remove the comment, thanks for pointing out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lsierant lsierant lsierant requested changes

@fealebenpae fealebenpae fealebenpae approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@anandsyncs @lsierant @fealebenpae