Skip to content

feat: add connection string secret annotations #119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: add connection string secret annotations #119

wants to merge 2 commits into from

Conversation

limwa
Copy link

@limwa limwa commented May 14, 2025

Summary

Fixes mongodb/mongodb-kubernetes-operator#1522.

This is a port of mongodb/mongodb-kubernetes-operator#1582.

In this PR, I've added the ability to add custom annotations to the generated connection string secrets in MongoDB Community Operator.

This is useful to handle more deployment scenarios, in particular, scenarios where the operator is not deployed cluster-wide, but to a specific namespace. In these scenarios, the connectionStringSecretNamespace property becomes useless because, as stated in the Kubernetes docs, cross-namespace owner references are disallowed, thus allowing for the secrets to be immediately garbage-collected, as stated in mongodb/mongodb-kubernetes-operator#1578. For the owner references to be valid, the secrets need to be generated in the namespace of the MDBC resource. However, if the user needs the secrets to be present in other namespaces, they can use reflector, for instance, which allows for the secrets to be copied to other namespaces. The problem is that reflector and other similar controllers require the source secrets to be annotated with specific properties.

As such, I've implemented a connectionStringSecretAnnotations property that allows MongoDB Community Operator users to specify per-user connection string secret annotations.

Proof of Work

I've added a unit test and an e2e test. The unit test is passing. Regarding the e2e test, it was passing in the mongodb-kubernetes-operator repository, but I couldn't figure out how to run the e2e tests in this repository.

Checklist

  • Have you linked a jira ticket and/or is the ticket in the title?
    • No, should I create an issue in this repository for that?
  • Have you checked whether your jira ticket required DOCSP changes?
    • What does this mean?
  • Have you checked for release_note changes?

Reminder (Please remove this when merging)

  • Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible
  • Our Short Guide for PRs: Link
    • I can't access this link
  • Remember the following Communication Standards - use comment prefixes for clarity:
    • blocking: Must be addressed before approval.
    • follow-up: Can be addressed in a later PR or ticket.
    • q: Clarifying question.
    • nit: Non-blocking suggestions.
    • note: Side-note, non-actionable. Example: Praise
    • --> no prefix is considered a question

@limwa limwa requested review from dan-mckean, vinilage and a team as code owners May 14, 2025 14:17
@limwa limwa requested review from MaciejKaras and SimonBaeumer May 14, 2025 14:17
@MaciejKaras
Copy link
Collaborator

@limwa thanks for the contribution and migrating the change to MCK repository.

For the e2e tests to run MongoDB engineer needs to approve the CI pipeline. I did that and it seems PR needs to be updated with master and require running pre-commit again.

@limwa limwa force-pushed the feat/connection-string-secret-annotations branch 2 times, most recently from d73079b to 1c21283 Compare May 15, 2025 09:43
@limwa limwa force-pushed the feat/connection-string-secret-annotations branch from bc8f179 to e87cef8 Compare May 15, 2025 09:47
@limwa
Copy link
Author

limwa commented May 15, 2025

@MaciejKaras thanks! I've updated the branch with master and everything should be okay now.

I've also changed the LC_ALL variable in my Linux computer so that sort properly sorts the files, and the PR diff is now much smaller and comprehensible.

MaciejKaras
MaciejKaras approved these changes May 15, 2025
View reviewed changes
Copy link
Collaborator

@MaciejKaras MaciejKaras left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my side this is a complete feature with all necessary docs and testing. Great work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaciejKaras MaciejKaras MaciejKaras approved these changes

@dan-mckean dan-mckean Awaiting requested review from dan-mckean dan-mckean is a code owner

@vinilage vinilage Awaiting requested review from vinilage vinilage is a code owner

@SimonBaeumer SimonBaeumer Awaiting requested review from SimonBaeumer SimonBaeumer is a code owner automatically assigned from mongodb/kubernetes-hosted

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature Request] Enable Copying/Annotation of Generated Secrets to Additional Namespaces
2 participants
@limwa @MaciejKaras