Description
What did you do to encounter the bug?
Steps to reproduce the behavior:
created MongoDBCommunity without the spec.users[0].scramCredentialsSecretName set.
users:
- db: admin
name: db-admin
passwordSecretRef:
name: mongo-root-password
roles:
- db: admin
name: db-admin
# scramCredentialsSecretName: db-admin <---------- this field was not set
version: 7.0.21
Ideally it should have been validation issue and should be reported during apply time itself, but it was reported at runtime when the code failed to concat it with -scram-credentials.
It should be set to a required value and admission hook itself should throw an error ?
What did you expect?
scram credentials to just work or CRD should not be applied itself and rejected.
What happened instead?
It was silently accepted at CRD level and only reported at logs. That too doesn't give a hint that this field scramCredentialsSecretName needs to be set and is currently empty
Screenshots
If applicable, add screenshots to help explain your problem.
Operator Information
- Operator Version: 0.12.1
- MongoDB Image used:
Kubernetes Cluster Information
- Distribution
- Version
- Image Registry location (quay, or an internal registry)
Additional context
Add any other context about the problem here.
If possible, please include:
Error deploying MongoDB ReplicaSet: failed to ensure AutomationConfig: could not build automation config: could not configure scram authentication: could not convert users to Automation Config users: failed to convert scram user db-admin to Automation Config user: could not ensure scram credentials: faild to create scram credentials secret -scram-credentials: Secret "-scram-credentials" is invalid: metadata.name: Invalid value: "-scram-credentials": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
- yaml definitions of your MongoDB Deployment(s):
kubectl get mdbc -oyaml
- yaml definitions of your kubernetes objects like the statefulset(s), pods (we need to see the state of the containers):
kubectl get sts -oyamlkubectl get pods -oyaml
- The Pod logs:
kubectl logs mongo-0
- The agent clusterconfig of the faulty members:
kubectl exec -it mongo-0 -c mongodb-agent -- cat /var/lib/automation/config/cluster-config.json
- The agent health status of the faulty members:
kubectl exec -it mongo-0 -c mongodb-agent -- cat /var/log/mongodb-mms-automation/healthstatus/agent-health-status.json
- The verbose agent logs of the faulty members:
kubectl exec -it mongo-0 -c mongodb-agent -- cat /var/log/mongodb-mms-automation/automation-agent-verbose.log
- You might not have the verbose ones, in that case the non-verbose agent logs:
kubectl exec -it mongo-0 -c mongodb-agent -- cat /var/log/mongodb-mms-automation/automation-agent.log