Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[stable/mongodb-replicaset] Failing to create user from existing secret #2965

Closed
scottcrespo opened this issue Dec 7, 2017 · 3 comments
Closed

[stable/mongodb-replicaset] Failing to create user from existing secret #2965

scottcrespo opened this issue Dec 7, 2017 · 3 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@scottcrespo
Copy link

scottcrespo commented Dec 7, 2017
edited
Loading

Is this a request for help?:

yes

Is this a BUG REPORT or FEATURE REQUEST? (choose one):
BUG REPORT
similar to #2457

Version of Helm and Kubernetes:
minikube version: v0.24.1

kubectl version: Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T19:12:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"darwin/amd64"}

helm version: Client: &version.Version{SemVer:"v2.7.2", GitCommit:"8478fb4fc723885b155c924d1c8c410b7a9444e6", GitTreeState:"clean"}

Which chart:
stable/mongodb-replicaset

What happened:
MongoDB admin user is not created when configuring existingAdminSecret from values.yml file.

What you expected to happen:
MongoDB admin user exists in the database, and clients can successfully authenticate using the same credentials specified in the secret.

How to reproduce it (as minimally and precisely as possible):

Step 1: Create secret containing keys user and password

a) echo -n "test" > user
b) echo -n "test > password
c) kubectl create secret generic mongo-cred --from-file=./user --from-file=./password

Step 2: Verify secret exists and contains correct keys

a) kubectl get secret mongo-cred -o yaml

apiVersion: v1
data:
  password: dGVzdAo=
  user: dGVzdAo=
kind: Secret
metadata:
  creationTimestamp: 2017-12-07T21:23:26Z
  name: mongo-cred
  namespace: default
  resourceVersion: "106205"
  selfLink: /api/v1/namespaces/default/secrets/mongo-cred
  uid: dce9406d-db94-11e7-b0ee-080027b27dbc
type: Opaque

Step 3: Configure existingAdminSecret in values.yml

auth:
  enabled: true
  # adminUser: username
  # adminPassword: password
  key: keycontent
  # existingKeySecret:
  existingAdminSecret: mongo-cred

Step 4: Install chart

helm install -f values.yml stable/mongodb-replicaset

Step 5: Verify admin user exists and client can authenticate

a) shell into primary node
b) authenticate to mongo and call db.getUsers()

mongo admin -u test -p test --eval 'db.getUsers()'

Output:

MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017/admin
MongoDB server version: 3.4.10
2017-12-07T21:52:23.641+0000 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1461:20
@(auth):6:1
@(auth):1:2
exception: login failed

Anything else we need to know:

I'm fairly new to Kubernetes and Helm, but I've done my best to research the issue and resolve on my own. Fortunately, I do have a few years' experience with MongoDB operations

As additional verification the user doesn't exist - I can successfully access mongo shell without credentials and manually create user named 'test'. If the user already existed, the command db.createUser() would fail.

User was successfully created when entering plain text values into the fields adminUser and adminPassword in values.yml file.

I inspected the secret auto-generated by the chart when supplying plain-text values, and the only substantive difference between that and my own secret were the labels. So, I additionally tried creating a secret with the same labels the chart-generated secret uses, but still the user was not created in the DB.

EDIT:

I was able to successfully use my existing secret when setting auth values via command line like so:

helm install --set auth.enabled=true,auth.existingAdminSecret=mongo-cred,auth.key=test stable/mongodb-replicaset

Problem persists however when I attempt to install from file using helm install -f ...
@dimhoLt dimhoLt mentioned this issue Dec 9, 2017
Closed
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 8, 2018
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 7, 2018
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scottcrespo @k8s-ci-robot @fejta-bot