K8SPSMDB-1062: Setting appProtocol for service objects #1393
Conversation
sorenmat
requested review from
egegunes,
hors,
inelpandzic and
pooknull
as code owners
|
|
sorenmat
requested review from
nmarukovich,
ptankov and
tplavcic
as code owners
|
@sorenmat ping |
|
I'm on it... 👍🏼 sorry for the delay |
sorenmat
force-pushed
the
appProtocol
branch
2 times, most recently
from
3491eb0 to
df4b668
Compare
|
@sorenmat please ensure that you add this new field to every service controlled by the operator |
sorenmat
force-pushed
the
appProtocol
branch
2 times, most recently
from
c9c7eb9 to
61dc1f1
Compare
sorenmat
force-pushed
the
appProtocol
branch
from
61dc1f1 to
6415417
Compare
|
Hi @sorenmat! We're working on next PSMDB operator release and if you finish this PR in next 2 weeks we can include this. |
There was a problem hiding this comment.
Pull request overview
This PR adds support for setting appProtocol: mongo on Kubernetes service objects to enable proper operation within service meshes like Istio. Since MongoDB uses a server-first protocol that can break mTLS negotiation, explicitly declaring the protocol allows service meshes to handle the traffic correctly.
Key Changes:
- Added
appProtocol: mongoto service ports for operator version 1.22.0 and above - Updated test comparison files to reflect the new service configuration
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| pkg/psmdb/service.go | Added version-gated logic to set appProtocol: mongo on service ports in both Service() and ExternalService() functions |
| e2e-tests/upgrade-consistency/compare/service_some-name-rs0-1201.yml | Updated expected service configuration to include appProtocol: mongo |
| e2e-tests/upgrade-consistency-sharded-tls/compare/service_some-name-cfg-1220.yml | Updated expected service configuration to include appProtocol: mongo |
| e2e-tests/monitoring-pmm3/compare/service_monitoring-pmm3-rs0.yml | Updated expected service configuration to include appProtocol: mongo |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 32 out of 32 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 37 out of 37 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
egegunes
left a comment
egegunes
left a comment
There was a problem hiding this comment.
there's a diff in init-deploy
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 39 out of 39 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
commit: 371bdb6 |
6 participants
CHANGE DESCRIPTION
Problem:
When running in Istio (perhaps other serice meshes) we need to set the appProtocol to mongo.
This is needed since mongo is a server first protocol, which breaks the mTLS protocol
Cause:
A mongo cluster is not able to form.
Solution:
Just adding mongo as an appProtocol see: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
CHECKLIST
Jira
Needs Doc) and QA (Needs QA)?Tests
compare/*-oc.yml)?Config/Logging/Testability