Mongodb cipher lock down kubernetes helm chart

Hello,

Im installing mongodb using percona-helm-charts-psmdb-operator-1.17.1/charts/psmdb-db/values.yaml file and want to be able to lock down my instance to only allow certain ciphers and block TLS1 and TLS1_1. I have this working in my mongoDB helm chart but cant find where to put it in the percona helm chart. In mongo I have this under spec

spec
additionalMongodConfig
net
tls
mode: PreferTLS
disabledProtocols: TLS1_0,TLS1_1
setParameter:
opensslCipherConfig: “TLS_AES_256_GCM_SHA384”
opensslCIpherSuiteConfig: “TLS_AES_256_GCM_SHA384”

Will this work in the percona chart ? if so what section in the values file would I add the settings ?

thanks!

Hi @Henry_Smearman !

I believe you can accomplish this by specifying tls.mode: percona-helm-charts/charts/psmdb-db/values.yaml at main · percona/percona-helm-charts · GitHub

And for disabled protocols and other stuff you can specify it in mongodb configuration under replsets.rs0.configuration key: percona-helm-charts/charts/psmdb-db/values.yaml at main · percona/percona-helm-charts · GitHub
where you can specify any additional options like in the normal mongo configuration file like:

replsets:
  rs0:
    configuration: |
      net:
        tls:
          disabledProtocols: "TLS1_0,TLS1_1"
      setParameter:
        opensslCipherConfig: "TLS_AES_256_GCM_SHA384"
        opensslCIpherSuiteConfig: "TLS_AES_256_GCM_SHA384"

I didn’t try this above, but based on the options in the helm chart it should work.

Thanks very much, that seems to have worked

1 Like