Checking authorization failed on a new Mongodb Kubernetes install

MongoDB
1

Hello,

We set up MongoDB on a new Kubernetes K3S cluster.

We followed the Helm Percona guidelines like:
1- kubectl create namespace mongodb
2- helm install my-op percona/psmdb-operator --namespace mongodb
3- helm install my-db percona/psmdb-db --namespace=mongodb
4- kubectl get psmdb -n mongodb

Then we applied our terraform script to install our microservices apps as pods and mongo databases.

Our micro services are failing for issues related to Percona Mongo.

Here are the errors:
{“t”:{“$date”:“2026-01-23T14:15:25.148+00:00”},“s”:“I”,“c”:“ACCESS”,
“id”:20436,“svc”:“R”,“ctx”:“conn15861”,“msg”:“Checking authorization failed”,“attr”:{“error”:{“code”:13,“codeName”:“Unauthorized”,“errmsg”:"not authorized on tidepool to execute command { createIndexes: “tasks”, indexes:”

Could someone help to correct this issue? What settings are we missing with Percona Mongo?

Here is the Helm values we use to connect our micro services to Percona Mongo:
secret.

Thank you for your help

enabled: true
data_:
Scheme: “mongodb”
Addresses: “my-db-psmdb-db-mongos.mongodb.svc.cluster.local:27017”
Username: “xxxxxxx”
Password: “xxxxxxxxxxxx”
Database: “tidepool”
Tls: “false”
OptParams: “authSource=admin”

2

Hello @nitu,
When you deployed PSMDB (step 3), you did not specify any users. Thus, your mongo cluster has no username/password login information, and that’s why your application cannot log in.

You need to use --set on the helm command to create the application user, with correct roles. Here is an example:

helm ... \
  --set users[0].name=meteor-munchkin \
  --set users[0].db=admin \
  --set users[0].passwordSecretRef.name=percona-mongodb-80-secrets \
  --set users[0].passwordSecretRef.key=password \
  --set users[0].roles[0].db=munchkin \
  --set users[0].roles[0].name=readWrite \
  --set users[0].roles[1].db=airlines \
  --set users[0].roles[1].name=readWrite \

The above creates a user called “meteor-munchkin” which authorizes against the admin database. The password for the user is found in the k8s secret “percona-mongodb-80-secrets”. The user has readWrite role on the ‘munchkin’, and ‘airlines’ databases.

3

Thank you very much Matthew,

Indeed ther were two issues:
1- using a user with a database admin role: we used databaseAdmin instead of userAdmin
2- We tried multiple connection strings to connect to the mongo database.
What worked for us is the following connection string:
my-db-psmdb-db-rs0.mongodb.svc.cluster.local/admin"

But we have rs0-0/rs0-1/rs0-2
rs0-2 is pending. We don’t know why for now.
NAME READY STATUS RESTARTS AGE
my-db-psmdb-db-cfg-0 4/4 Running 0 6h13m
my-db-psmdb-db-cfg-1 4/4 Running 0 6h13m
my-db-psmdb-db-cfg-2 0/4 Pending 0 6h13m
my-db-psmdb-db-mongos-0 1/1 Running 0 6h12m
my-db-psmdb-db-mongos-1 1/1 Running 0 6h12m
my-db-psmdb-db-mongos-2 0/1 Pending 0 6h12m
my-db-psmdb-db-rs0-0 4/4 Running 0 6h13m
my-db-psmdb-db-rs0-1 4/4 Running 0 6h13m
my-db-psmdb-db-rs0-2 0/4 Pending 0 6h13m
my-op-psmdb-operator-779dd7c758-tswfx 1/1 Running 0 6h14m