Error deploying PerconaServerMongoDB .spec.secrets.key: field not declared in schema

Biju_Seoane · July 29, 2024, 1:51pm

Hello there,

We are trying to deploy PerconaServerMongDB (percona-server-mongodb-4.0) in the GKE environment. We do need to deploy it using a custom mongo internal authentication key. Following this documentation (Application and system users - Percona Operator for MongoDB) seems you can “overwrite” the default random key generated by specifying a pre-existing secret as follows (as we did with users):

 spec:
   secrets:
     users: percona-server-mongodb-users
     key: percona-server-mongodb-keyfile

However, when applying this .yaml, we got the following error:

Warning ReconciliationFailed 20s (x4 over 2m42s) kustomize-controller PerconaServerMongoDB/databases-legacy/mongo-4-0-legacy-percona dry-run failed: failed to create typed patch object: .spec.secrets.key: field not declared in schema

In fact, it seems attribute “key” is not defined in the template percona-server-mongodb-operator/deploy/crd.yaml at v1.13.0 · percona/percona-server-mongodb-operator · GitHub

More context:

Percona Operator version is 1.13, but we are setting it up as an unmanaged cluster.
May PerconaServerMongDB 4.0 is a little bit old. However, using newer versions, we get the same error.

Is the documentation misleading? Is this feature not yet implemented? Are we not implementing it correctly?

Ivan_Groenewold · July 29, 2024, 3:18pm

Hi, it appears there is a bug with the keyfile auth. I have created [K8SPSMDB-1132] - Percona JIRA to track this down. Feel free to subscribe and upvote.

Biju_Seoane · August 2, 2024, 9:44am

Hello again,

As a workaround, we found a way to use a custom mongo internal authentication key by creating a Kubernetes secret with the same default secret name than Percona Operator expects before deploying Percona Server Mongo DB, as documentation states:

If you would like to deploy a different key, create the secret manually before starting the operator.

For instance, a Percona Server Mongo DB cluster named ‘percona-mongo’ would expect a secret named ‘percona-mongo-mongodb-keyfile’. We leave an example of a secret created before deploying Percona Server Mongo DB:

apiVersion: v1
kind: Secret
metadata:
  name: percona-mongo-mongodb-keyfile
type: Opaque
data:
  mongodb-key: <replace-this-value-with-base-64-encoded-text>

As mentioned before, this is a workaround to be able to use a custom mongo keyfile. However, may not work in all scenarios.

Cheers,

Topic		Replies	Views
1.12.0, crd.yaml nok Percona Operator for MongoDB	3	1011	April 12, 2023
Can't authenticate with default users Percona Operator for MongoDB percona , mongodb	2	1110	April 26, 2022
Percona server for MongoDB rejects clusterAuthMode keyfile Percona Server for MongoDB	1	915	March 10, 2021
Updating to 1.12.0 Fails To Reconcile in Flux Percona Operator for MongoDB	1	1046	May 9, 2022
Full customization of deployment with kubernetes Percona Operator for MongoDB	2	607	May 20, 2022

Error deploying PerconaServerMongoDB .spec.secrets.key: field not declared in schema

Related topics