Hello,
Im installing mongodb using percona-helm-charts-psmdb-operator-1.17.1/charts/psmdb-db/values.yaml file and want to be able to lock down my instance to only allow certain ciphers and block TLS1 and TLS1_1. I have this working in my mongoDB helm chart but cant find where to put it in the percona helm chart. In mongo I have this under spec
spec
additionalMongodConfig
net
tls
mode: PreferTLS
disabledProtocols: TLS1_0,TLS1_1
setParameter:
opensslCipherConfig: “TLS_AES_256_GCM_SHA384”
opensslCIpherSuiteConfig: “TLS_AES_256_GCM_SHA384”
Will this work in the percona chart ? if so what section in the values file would I add the settings ?
thanks!
Hi @Henry_Smearman !
I believe you can accomplish this by specifying tls.mode
: percona-helm-charts/charts/psmdb-db/values.yaml at main · percona/percona-helm-charts · GitHub
And for disabled protocols and other stuff you can specify it in mongodb configuration under replsets.rs0.configuration
key: percona-helm-charts/charts/psmdb-db/values.yaml at main · percona/percona-helm-charts · GitHub
where you can specify any additional options like in the normal mongo configuration file like:
replsets:
rs0:
configuration: |
net:
tls:
disabledProtocols: "TLS1_0,TLS1_1"
setParameter:
opensslCipherConfig: "TLS_AES_256_GCM_SHA384"
opensslCIpherSuiteConfig: "TLS_AES_256_GCM_SHA384"
I didn’t try this above, but based on the options in the helm chart it should work.
Thanks very much, that seems to have worked
1 Like