[DOCS-14261] Incorrect K8 secret name for agents Created: 01/Mar/21  Updated: 29/Oct/23  Resolved: 15/Mar/21

Status: Closed
Project: Documentation
Component/s: Kubernetes Operator
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Mark Baker-Munton Assignee: Zachary Carr
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2021-03-01-19-06-07-156.png    
Participants:
Days since reply: 2 years, 47 weeks, 2 days ago
Story Points: 1

 Description   

Description

secret name for agents is incorrect in https://docs.mongodb.com/kubernetes-operator/master/reference/k8s-operator-specification/index.html#spec.security.authentication.agents.clientCertificateSecretRef.name

As highlighted below:

Should be "agent-certs" not "agent-cert"

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Zachary Carr [ 15/Mar/21 ]

Thanks!

Merged to master.

Comment by Mark Baker-Munton [ 15/Mar/21 ]

Looks good to me zach.carr

Comment by Zachary Carr [ 09/Mar/21 ]

mark.baker-munton I see, I misunderstood - here's the revised section requiring the three agents. Please let me know what you think, thank you!

Comment by Mark Baker-Munton [ 09/Mar/21 ]

Hi zach.carr - I don't believe it's specific to replica sets, the automation, backup and monitoring pem is required for any cluster (standalone, replica set or sharded cluster).

Comment by Zachary Carr [ 08/Mar/21 ]

Thanks mark.baker-munton, got it. I left the "agent-cert.pem" example as-is - I do think it's clear, especially with the instructions, I just wanted to confirm.

I added another example for replica sets - thanks for that additional info, it definitely belongs in the docs. Would you mind taking a look? I stuck with the example-filename.pem format of the command.

PR, or
Staged section

Comment by Mark Baker-Munton [ 05/Mar/21 ]

zach.carr - the "agent-cert.pem" is just whatever the filename for the certificate is.

When you create the secret, the contents of the file is put into the secret with a key of "mms-automation-agent-pem" but the filename itself isn't imported into the secret so it doesn't matter.

There is a variant to this command were you don't specify the secret key itself - it is inferred from the filename itself.

kubectl create secret generic agent-certs \
  --from-file=mms-automation-agent-pem

Here the filename and the key are both "mms-automation-agent-pem".

One other thing I have found is that 3x keys are needed in the secret for the replica set to start correctly (mms-automation-agent alone seems to be insufficient).

My full working config for the agent cert secret is:

kubectl create secret generic agent-certs \
--from-file=mms-automation-agent-pem \
--from-file=mms-backup-agent-pem \
--from-file=mms-monitoring-agent-pem

Probably we should put that in the documentation too?

 

 

Comment by Zachary Carr [ 04/Mar/21 ]

Hi mark.baker-munton, thanks for catching this. The change is ready to go in this PR, I just want to double check that the pem file in ``mms-automation-agent-pem=agent-cert.pem`` should stay as-is (agent-cert)?

Generated at Thu Feb 08 08:09:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.