I tried to setup TLS authentication for my sharded cluster. Created a secret with base64 encoded cert keys. The encoded certs are in format of ca.crt tls.crt and tls.key
apiVersion: v1
data:
ca.crt: XXXXXX
tls.crt: XXXXXX
tls.key: XXXXXX
kind: Secret
name: my-testdb-psmdb-mongo
namespace: percona-operator
type: kubernetes.io/tls
And mentioned in cluster.yaml
secrets:
ssl: my-testdb-psmdb-mongo
sslInternal: my-testdb-psmdb-mongo
Error:
in cfg-
QUERY [js] uncaught exception: TypeError: db.isMaster(…).$configServerState is undefined :
@(shell eval):1:1
[main] exiting with code -4
- exit_status=0
Exit: connect to PBM: create mongo connection: create mongo client: tls: private key does not match public key
- What should be certificate format included in secret?
- Is there any extended cert configuration so that we can add our own cluster issuer like venafi