[DOCS-14261] Incorrect K8 secret name for agents Created: 01/Mar/21 Updated: 29/Oct/23 Resolved: 15/Mar/21 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | Kubernetes Operator |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Mark Baker-Munton | Assignee: | Zachary Carr |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Participants: | |
| Days since reply: | 2 years, 47 weeks, 2 days ago |
| Story Points: | 1 |
| Description |
Descriptionsecret name for agents is incorrect in https://docs.mongodb.com/kubernetes-operator/master/reference/k8s-operator-specification/index.html#spec.security.authentication.agents.clientCertificateSecretRef.name As highlighted below:
Should be "agent-certs" not "agent-cert" Scope of changesImpact to Other DocsMVP (Work and Date)Resources (Scope or Design Docs, Invision, etc.) |
| Comments |
| Comment by Zachary Carr [ 15/Mar/21 ] | ||||||
|
Thanks! – Merged to master. | ||||||
| Comment by Mark Baker-Munton [ 15/Mar/21 ] | ||||||
|
Looks good to me zach.carr | ||||||
| Comment by Zachary Carr [ 09/Mar/21 ] | ||||||
|
mark.baker-munton I see, I misunderstood - here's the revised section requiring the three agents. Please let me know what you think, thank you! | ||||||
| Comment by Mark Baker-Munton [ 09/Mar/21 ] | ||||||
|
Hi zach.carr - I don't believe it's specific to replica sets, the automation, backup and monitoring pem is required for any cluster (standalone, replica set or sharded cluster). | ||||||
| Comment by Zachary Carr [ 08/Mar/21 ] | ||||||
|
Thanks mark.baker-munton, got it. I left the "agent-cert.pem" example as-is - I do think it's clear, especially with the instructions, I just wanted to confirm. I added another example for replica sets - thanks for that additional info, it definitely belongs in the docs. Would you mind taking a look? I stuck with the example-filename.pem format of the command. PR, or | ||||||
| Comment by Mark Baker-Munton [ 05/Mar/21 ] | ||||||
|
zach.carr - the "agent-cert.pem" is just whatever the filename for the certificate is. When you create the secret, the contents of the file is put into the secret with a key of "mms-automation-agent-pem" but the filename itself isn't imported into the secret so it doesn't matter. There is a variant to this command were you don't specify the secret key itself - it is inferred from the filename itself.
Here the filename and the key are both "mms-automation-agent-pem". One other thing I have found is that 3x keys are needed in the secret for the replica set to start correctly (mms-automation-agent alone seems to be insufficient). My full working config for the agent cert secret is:
Probably we should put that in the documentation too?
| ||||||
| Comment by Zachary Carr [ 04/Mar/21 ] | ||||||
|
Hi mark.baker-munton, thanks for catching this. The change is ready to go in this PR, I just want to double check that the pem file in ``mms-automation-agent-pem=agent-cert.pem`` should stay as-is (agent-cert)? |