Trouble connecting to mongodb deployed on k8s

Hi. I’ve just started using Percona Server for MongoDB with the Kubernetes Operator. I’ve got a standard replicaset cluster created using the example template.

My application needs to be able to create databases as well as collections so i’ve created a default admin user using the following script.

json="if (db.system.users.count({user: \"$database_username\"}) === 0) { db.createUser({user: \"$database_username\",pwd: \"$database_password\",roles: [\"dbAdminAnyDatabase\",\"readWriteAnyDatabase\",\"userAdminAnyDatabase\"],mechanisms: [\"SCRAM-SHA-1\"],\"authenticationRestrictions\":[{\"clientSource\":[\"172.0.0.0/8\"]},{\"serverAddress\":[\"172.0.0.0/8\"]}]}) } else { db.updateUser(\"$database_username\", {\"pwd\":\"$database_password\",\"passwordDigestor\":\"server\"}); }"
mongo "mongodb+srv://$MONGODB_USER_ADMIN_USER:$MONGODB_USER_ADMIN_PASSWORD@db-mongodb-rs0.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local/admin?replicaSet=rs0&ssl=false" --eval "$json"

Now when my application attempts to connect to the mongodb cluster I am getting the following error.

Connecting to database [mongodb+srv://****:****@db-mongodb-rs0.my-namespace.svc.cluster.local/mydb?replicaSet=rs0]...
error: connection <monitor> to 172.24.2.236:27017 closed
(node:1) UnhandledPromiseRejectionWarning: MongoServerSelectionError: connection <monitor> to 172.24.2.236:27017 closed
    at Timeout._onTimeout (/app/node_modules/mongodb/lib/core/sdam/topology.js:438:30)
    at listOnTimeout (internal/timers.js:557:17)
    at processTimers (internal/timers.js:500:7)
    at emitUnhandledRejectionWarning (internal/process/promises.js:168:15)
    at processPromiseRejections (internal/process/promises.js:247:11)
    at processTicksAndRejections (internal/process/task_queues.js:96:32)
(node:1) MongoServerSelectionError: connection <monitor> to 172.24.2.236:27017 closed
    at Timeout._onTimeout (/app/node_modules/mongodb/lib/core/sdam/topology.js:438:30)
    at listOnTimeout (internal/timers.js:557:17)
    at processTimers (internal/timers.js:500:7)
(node:1) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
    at emitDeprecationWarning (internal/process/promises.js:180:11)
    at processPromiseRejections (internal/process/promises.js:249:13)
    at processTicksAndRejections (internal/process/task_queues.js:96:32)

Based on my research it looks like its an IP whitelist issue but this should already be covered by the authenticationRestrictions provided when creating the user. What am I doing wrong?

TIA!

Brief update. I’ve tried disabling authorization on the cluster but this yielded the same result.

I also tried adding the following configuration to both the mongod and mongos specs:

security:
        clusterIpSourceAllowlist:
          - "172.0.0.0/8"
          - "127.0.0.1"
          - "::1"

Unfortunately this doesn’t seem to work either. All available information online refers to configuring network access in MongoDB Atlas but this clearly doesn’t apply. How do I configure the network access for a Percona MongoDB server?