Skip to content

K8SPSMDB-1444 Don't create keyfile secret when x509 auth is used#2391

Merged
nmarukovich merged 22 commits into
mainfrom
K8SPSMDB-1444
Jun 18, 2026
Merged

K8SPSMDB-1444 Don't create keyfile secret when x509 auth is used#2391
nmarukovich merged 22 commits into
mainfrom
K8SPSMDB-1444

Conversation

@nmarukovich

@nmarukovich nmarukovich commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

CHANGE DESCRIPTION

Problem:
When MongoDB is configured with tls.mode: preferTLS or tls.mode: requireTLS, internal cluster authentication is handled via x509 certificates. In this scenario, the keyfile secret is unnecessary — the operator was still unconditionally creating the mongodb-keyfile secret and mounting it into every pod, even when it was never used.

Cause:
Short explanation of the root cause of the issue if applicable.

Solution:
Introduced a KeyFileAuthEnabled() method on PerconaServerMongoDB that determines whether keyfile-based internal cluster authentication is actually needed

CHECKLIST

Jira

  • Is the Jira ticket created and referenced properly?
  • Does the Jira ticket have the proper statuses for documentation (Needs Doc) and QA (Needs QA)?
  • Does the Jira ticket link to the proper milestone (Fix Version field)?

Tests

  • Is an E2E test/test case added for the new feature/change?
  • Are unit tests added where appropriate?
  • Are OpenShift compare files changed for E2E tests (compare/*-oc.yml)?

Config/Logging/Testability

  • Are all needed new/changed options added to default YAML files?
  • Are all needed new/changed options added to the Helm Chart?
  • Did we add proper logging messages for operator actions?
  • Did we ensure compatibility with the previous version or cluster upgrade process?
  • Does the change support oldest and newest supported MongoDB version?
  • Does the change support oldest and newest supported Kubernetes version?

Copilot AI review requested due to automatic review settings June 9, 2026 15:46
@github-actions github-actions Bot added the tests label Jun 9, 2026
@pull-request-size pull-request-size Bot added the size/XXL 1000+ lines label Jun 9, 2026
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the operator test fixtures/manifests to reflect conditional keyFile mounting based on KeyFileAuthEnabled() (e.g., prefer/require TLS using x509 cluster auth vs. allowTLS/disabled requiring keyFile), and adjusts unit tests for an updated mongosContainer signature.

Changes:

  • Update mongosContainer unit test invocation to include the new mountKeyFile parameter.
  • Update numerous expected StatefulSet YAML fixtures (unit-test testdata and e2e compare/) to remove the keyfile secret volume/volumeMount where keyFile auth is not expected.
  • Add new e2e PITR physical backup/restore config files.

Reviewed changes

Copilot reviewed 285 out of 287 changed files in this pull request and generated 13 comments.

Show a summary per file
File Description
pkg/psmdb/mongos_test.go Updates unit test to match mongosContainer(..., mountKeyFile bool) signature.
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-nv.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-mongod.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-logrotate.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-hidden.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/rs0-arbiter.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-nv.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-mongod.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-hidden.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
pkg/controller/perconaservermongodb/testdata/reconcile-statefulset/cfg-arbiter.yaml Updates expected StatefulSet testdata (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-unreachable-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-unreachable-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-recommended-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-recommended-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-major-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-major-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-latest-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-latest-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-exact-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_version-service-exact-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/version-service/compare/statefulset_minimal-cluster-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1230.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/upgrade-consistency/compare/statefulset_some-name-rs0-1230-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-rs0-1230.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-rs0-1230-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1230.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/upgrade-consistency-sharded-tls/compare/statefulset_some-name-cfg-1230-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/unsafe-psa/compare/statefulset_unsafe-psa-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/unsafe-psa/compare/statefulset_unsafe-psa-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0-tls-disabled.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0-tls-disabled-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos-tls-disabled.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos-tls-disabled-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg-tls-disabled.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg-tls-disabled-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/storage/compare/statefulset_hostpath-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/storage/compare/statefulset_hostpath-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/storage/compare/statefulset_emptydir-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/storage/compare/statefulset_emptydir-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/smart-update/compare/statefulset_smart-update-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/smart-update/compare/statefulset_smart-update-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/smart-update/compare/statefulset_smart-update-rs0-arbiter.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/smart-update/compare/statefulset_smart-update-rs0-arbiter-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/service-per-pod/compare/statefulset_node-port-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/service-per-pod/compare/statefulset_node-port-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/service-per-pod/compare/statefulset_local-balancer-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/service-per-pod/compare/statefulset_cluster-ip-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/security-context/compare/statefulset_sec-context-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/security-context/compare/statefulset_sec-context-rs0-changed.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/scheduled-backup/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/rs-shard-migration/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/rs-shard-migration/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pvc-resize/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pvc-resize/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pvc-auto-resize/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pvc-auto-resize/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/conf/restore-physical.yaml Adds sharded PITR physical restore example config.
e2e-tests/pitr-sharded/conf/backup-aws-s3-physical.yml Adds sharded physical backup example config.
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs2-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs1-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-rs0-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-sharded/compare/statefulset_some-name-cfg-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/conf/restore-physical.yaml Adds PITR physical restore example config.
e2e-tests/pitr-physical/conf/backup-aws-s3.yml Adds PITR physical backup template config.
e2e-tests/pitr-physical/compare/statefulset_some-name-rs2.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs2-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs2-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs1.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs1-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs1-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-rs0-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical/compare/statefulset_some-name-cfg-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs2-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs1-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-rs0-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/pitr-physical-backup-source/compare/statefulset_some-name-cfg-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/one-pod/compare/statefulset_one-pod-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/one-pod/compare/statefulset_one-pod-rs0-secret-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/one-pod/compare/statefulset_one-pod-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/non-voting-and-hidden/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/non-voting-and-hidden/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/non-voting-and-hidden/compare/statefulset_some-name-rs0-nv.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/non-voting-and-hidden/compare/statefulset_some-name-rs0-nv-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/non-voting-and-hidden/compare/statefulset_some-name-rs0-hidden.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/non-voting-and-hidden/compare/statefulset_some-name-rs0-hidden-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/non-voting-and-hidden/compare/statefulset_nonvoting-rs0-nv.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-rs0-no-pmm.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-pmm3/compare/statefulset_monitoring-pmm3-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-rs0-no-pmm.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-rs0-no-pmm-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/monitoring-2-0/compare/statefulset_monitoring-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/liveness/compare/statefulset_liveness-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/liveness/compare/statefulset_liveness-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/liveness/compare/statefulset_liveness-rs0-changed.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/liveness/compare/statefulset_liveness-rs0-changed-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-rs0-increased.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-rs0-increased-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-no-limits-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-no-limits-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-no-limits-rs0-increased.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-requests-no-limits-rs0-increased-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-limits-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-limits-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-limits-rs0-increased.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/limits/compare/statefulset_no-limits-rs0-increased-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/init-deploy/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/init-deploy/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/init-deploy/compare/statefulset_another-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/init-deploy/compare/statefulset_another-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/init-deploy/compare/statefulset_another-name-rs0-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-enabled-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-sharding-disabled-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-rs0-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-mongos-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/expose-sharded/compare/statefulset_some-name-cfg-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs2-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs1-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-rs0-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-secret.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-secret-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-mongos-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-sharded/compare/statefulset_some-name-cfg-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-parallel/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-parallel/compare/statefulset_some-name-rs0_restore_sharded-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-minio/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-minio/compare/statefulset_some-name-rs0_restore_sharded-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-minio-native/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-gcp-native/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-azure/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-azure/compare/statefulset_some-name-rs0_restore_sharded-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-aws/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-sharded-aws/compare/statefulset_some-name-rs0_restore_sharded-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-minio/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-minio/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-minio/compare/statefulset_some-name-rs0_restore-arbiter-nv.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-minio-native/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-minio-native/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-minio-native-tls/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-minio-native-tls/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-gcp-s3/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-gcp-s3/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-gcp-native/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-gcp-native/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-azure/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-azure/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-aws/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-physical-aws/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-logical-minio-native-tls/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-logical-minio-native-tls/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-sharded-minio/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-sharded-azure/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-sharded-aws/compare/statefulset_some-name-rs0_restore_sharded.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-minio/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-minio/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-gcp-s3/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-gcp-s3/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-gcp-native/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-gcp-native/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-azure/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-azure/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-aws/compare/statefulset_some-name-rs0_restore.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-incremental-aws/compare/statefulset_some-name-rs0_restore-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-fs/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-eks-credentials/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/demand-backup-eks-credentials-irsa/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_my-cluster-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_my-cluster-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_minimal-cluster-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_minimal-cluster-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_minimal-cluster-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/default-cr/compare/statefulset_minimal-cluster-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/data-at-rest-encryption/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-rs0-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-mongos-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-users-roles-sharded/compare/statefulset_some-name-cfg-4-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-tls/compare/statefulset_some-name-rs0.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-tls/compare/statefulset_some-name-rs0-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-tls/compare/statefulset_some-name-mongos.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-tls/compare/statefulset_some-name-mongos-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-tls/compare/statefulset_some-name-cfg.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/custom-tls/compare/statefulset_some-name-cfg-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/arbiter/compare/statefulset_arbiter-rs0-arbiter.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/arbiter/compare/statefulset_arbiter-rs0-arbiter-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/arbiter/compare/statefulset_arbiter-clusterip-rs0-arbiter.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
e2e-tests/arbiter/compare/statefulset_arbiter-clusterip-rs0-arbiter-oc.yml Updates expected e2e StatefulSet manifest (keyfile mount/volume removed).
Comments suppressed due to low confidence (12)

e2e-tests/init-deploy/compare/statefulset_another-name-rs0.yml:302

  • This StatefulSet still references /etc/mongodb-secrets/mongodb-key in args, but the another-name-mongodb-keyfile secret volume was removed from the pod spec. Re-add the keyfile secret volume when using --clusterAuthMode=keyFile.
    e2e-tests/init-deploy/compare/statefulset_another-name-rs0-oc.yml:248
  • The keyfile secret volume (another-name-mongodb-keyfile) was removed even though the container still uses --keyFile=/etc/mongodb-secrets/mongodb-key. Re-add the secret volume so the keyfile is present in the filesystem.
    e2e-tests/init-deploy/compare/statefulset_another-name-rs0-4-oc.yml:299
  • The pod spec removed the another-name-mongodb-keyfile secret volume, but the container still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume for keyFile auth.
    e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0.yml:182
  • The pod spec removed the mydb-custom-mongodb-keyfile secret volume even though the container still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume when keyFile auth is enabled.
    e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0-oc.yml:180
  • The keyfile secret volume (mydb-custom-mongodb-keyfile) is missing from spec.volumes while the container still references /etc/mongodb-secrets/mongodb-key. Re-add the secret volume for keyFile auth.
    e2e-tests/version-service/compare/statefulset_minimal-cluster-rs0.yml:171
  • The keyfile secret volume (minimal-cluster-mongodb-keyfile) was removed from spec.volumes even though the container still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume for keyFile auth.
    e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0-tls-disabled.yml:167
  • The some-name-mongodb-keyfile secret volume was removed even though the container still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume for keyFile auth.
    e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0-tls-disabled-oc.yml:165
  • The pod spec is missing the some-name-mongodb-keyfile secret volume while the container still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume for keyFile auth.
    e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg-tls-disabled.yml:166
  • The some-name-mongodb-keyfile secret volume is missing from spec.volumes while the container still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume for keyFile auth.
    e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg-tls-disabled-oc.yml:164
  • The some-name-mongodb-keyfile secret volume was removed even though the container still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume for keyFile auth.
    e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos-tls-disabled.yml:153
  • The pod spec removed the some-name-mongodb-keyfile secret volume even though mongos still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume when keyFile auth is enabled.
    e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos-tls-disabled-oc.yml:151
  • The some-name-mongodb-keyfile secret volume was removed even though mongos still references /etc/mongodb-secrets/mongodb-key. Re-add the keyfile secret volume for keyFile auth.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread e2e-tests/init-deploy/compare/statefulset_another-name-rs0.yml
Comment on lines 120 to 124
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: another-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/init-deploy/compare/statefulset_another-name-rs0-oc.yml
Comment on lines 119 to 123
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: another-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/init-deploy/compare/statefulset_another-name-rs0-4-oc.yml
Comment on lines 119 to 123
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: another-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0.yml
Comment on lines 130 to 134
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: mydb-custom-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0-oc.yml
Comment on lines 129 to 133
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: mydb-custom-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg-tls-disabled.yml
Comment on lines 122 to 126
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: some-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-cfg-tls-disabled-oc.yml
Comment on lines 121 to 125
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: some-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos-tls-disabled.yml
Comment on lines 113 to 117
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: some-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-mongos-tls-disabled-oc.yml
Comment on lines 112 to 116
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: some-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
Comment thread e2e-tests/pitr-physical/conf/restore-physical.yaml Outdated
Comment on lines +8 to +10
pitr:
pitrType: latest
backupSource:
Copilot AI review requested due to automatic review settings June 9, 2026 19:42
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 281 out of 281 changed files in this pull request and generated 6 comments.

Comment thread e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0-tls-disabled.yml
Comment on lines 118 to 122
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: some-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
readOnly: true
Comment thread e2e-tests/tls-issue-cert-manager/compare/statefulset_some-name-rs0-tls-disabled.yml
Comment on lines 163 to 165
volumes:
- name: some-name-mongodb-keyfile
secret:
defaultMode: 288
optional: false
secretName: some-name-mongodb-keyfile
- emptyDir: {}
name: bin
Comment thread e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0.yml
Comment on lines 131 to 135
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: mydb-custom-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
readOnly: true
Comment thread e2e-tests/serviceless-external-nodes/compare/statefulset_mydb-rs0.yml
Comment on lines 178 to 180
volumes:
- name: mydb-custom-mongodb-keyfile
secret:
defaultMode: 288
optional: false
secretName: mydb-custom-mongodb-keyfile
- emptyDir: {}
name: bin
Comment thread e2e-tests/init-deploy/compare/statefulset_another-name-rs0.yml
Comment on lines 121 to 125
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: another-name-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
readOnly: true
Comment thread e2e-tests/init-deploy/compare/statefulset_another-name-rs0.yml
Comment on lines 298 to 300
volumes:
- name: another-name-mongodb-keyfile
secret:
defaultMode: 288
optional: false
secretName: another-name-mongodb-keyfile
- emptyDir: {}
name: bin
@nmarukovich nmarukovich changed the title K8 spsmdb 1444 K8SPSMDB-1444 Jun 10, 2026
Copilot AI review requested due to automatic review settings June 10, 2026 17:00
Copilot AI reviewed Jun 10, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 299 out of 299 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

e2e-tests/version-service/compare/statefulset_minimal-cluster-rs0.yml:171

  • The keyfile secret volume was removed from spec.template.spec.volumes, but this manifest still references the keyfile in mongod args. Re-add the secret volume (or update args to stop using keyFile auth) so the pod spec is consistent.

Comment thread e2e-tests/version-service/compare/statefulset_minimal-cluster-rs0.yml
Comment on lines 127 to 131
volumeMounts:
- mountPath: /data/db
name: mongod-data
- mountPath: /etc/mongodb-secrets
name: minimal-cluster-mongodb-keyfile
readOnly: true
- mountPath: /etc/mongodb-ssl
name: ssl
@egegunes egegunes added this to the v1.23.0 milestone Jun 11, 2026
@nmarukovich nmarukovich changed the title K8SPSMDB-1444 K8SPSMDB-1444 Don't create keyfile secret when x509 auth is used Jun 11, 2026
Copilot AI review requested due to automatic review settings June 11, 2026 08:41
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 299 out of 299 changed files in this pull request and generated 3 comments.

Comment thread pkg/apis/psmdb/v1/psmdb_types.go
Comment on lines +1737 to +1739
if cr.TLSEnabled() {
return cr.Spec.TLS == nil || cr.Spec.TLS.Mode == TLSModeAllow
}
Comment thread pkg/apis/psmdb/v1/psmdb_types_test.go
Comment on lines +509 to +582
func TestKeyFileAuthEnabled(t *testing.T) {
tests := map[string]struct {
cr *PerconaServerMongoDB
expected bool
}{
"crVersion < 1.23 always true regardless of TLS mode": {
cr: &PerconaServerMongoDB{
Spec: PerconaServerMongoDBSpec{
CRVersion: "1.22.0",
TLS: &TLSSpec{Mode: TLSModePrefer},
Secrets: &SecretsSpec{},
},
},
expected: true,
},
"preferTLS → false": {
cr: &PerconaServerMongoDB{
Spec: PerconaServerMongoDBSpec{
CRVersion: version.Version(),
TLS: &TLSSpec{Mode: TLSModePrefer},
Secrets: &SecretsSpec{},
},
},
expected: false,
},
"requireTLS → false": {
cr: &PerconaServerMongoDB{
Spec: PerconaServerMongoDBSpec{
CRVersion: version.Version(),
TLS: &TLSSpec{Mode: TLSModeRequire},
Secrets: &SecretsSpec{},
},
},
expected: false,
},
"allowTLS → true": {
cr: &PerconaServerMongoDB{
Spec: PerconaServerMongoDBSpec{
CRVersion: version.Version(),
TLS: &TLSSpec{Mode: TLSModeAllow},
Secrets: &SecretsSpec{},
},
},
expected: true,
},
"TLS disabled + unsafe → true": {
cr: &PerconaServerMongoDB{
Spec: PerconaServerMongoDBSpec{
CRVersion: version.Version(),
TLS: &TLSSpec{Mode: TLSModeDisabled},
Unsafe: UnsafeFlags{TLS: true},
Secrets: &SecretsSpec{},
},
},
expected: true,
},
"InternalKey explicitly set → true": {
cr: &PerconaServerMongoDB{
Spec: PerconaServerMongoDBSpec{
CRVersion: version.Version(),
TLS: &TLSSpec{Mode: TLSModePrefer},
Secrets: &SecretsSpec{InternalKey: "my-custom-keyfile"},
},
},
expected: true,
},
}

for name, tt := range tests {
t.Run(name, func(t *testing.T) {
assert.Equal(t, tt.expected, tt.cr.KeyFileAuthEnabled())
})
}
}
Comment thread pkg/psmdb/mongos_test.go
Comment on lines +186 to 189
container, err := mongosContainer(cr, false, []string{"cfg-0.test-cr-cfg.test-ns.svc.cluster.local:27017"}, cr.KeyFileAuthEnabled())
assert.NoError(t, err)

// Basic container fields
Copilot AI review requested due to automatic review settings June 11, 2026 11:21
Copilot AI review requested due to automatic review settings June 15, 2026 08:03
Copilot AI reviewed Jun 15, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 234 out of 234 changed files in this pull request and generated 2 comments.

Comment thread pkg/psmdb/statefulset.go
Comment on lines 43 to 47
type StatefulSpecSecretParams struct {
UsersSecret *corev1.Secret
SSLSecret *corev1.Secret
UsersSecret *corev1.Secret
SSLSecret *corev1.Secret
KeyfileExists bool
}
Comment thread pkg/apis/psmdb/v1/psmdb_types.go
Comment on lines +1759 to +1762
if cr.TLSEnabled() {
return cr.Spec.TLS == nil || cr.Spec.TLS.Mode == TLSModeAllow
}
return cr.UnsafeTLSDisabled()
@nmarukovich nmarukovich marked this pull request as ready for review June 15, 2026 11:34
egegunes
egegunes requested changes Jun 16, 2026
View reviewed changes
Comment thread pkg/psmdb/container.go
Comment thread pkg/psmdb/mongos.go
@nmarukovich nmarukovich requested a review from egegunes June 16, 2026 13:24
Copilot AI review requested due to automatic review settings June 17, 2026 06:19
Copilot AI reviewed Jun 17, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 232 out of 232 changed files in this pull request and generated 1 comment.

Comment thread pkg/apis/psmdb/v1/psmdb_types.go
Comment on lines +1752 to +1762
func (cr *PerconaServerMongoDB) KeyFileAuthEnabled() bool {
if cr.CompareVersion("1.23.0") < 0 {
return true
}
if cr.Spec.Secrets.InternalKey != "" {
return true
}
if cr.TLSEnabled() {
return cr.Spec.TLS == nil || cr.Spec.TLS.Mode == TLSModeAllow
}
return cr.UnsafeTLSDisabled()
Copilot AI review requested due to automatic review settings June 17, 2026 14:02
Copilot AI reviewed Jun 17, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 232 out of 232 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (2)

e2e-tests/version-service/compare/statefulset_minimal-cluster-rs0.yml:135

  • This StatefulSet still runs mongod with keyFile auth (--clusterAuthMode=keyFile and --keyFile=/etc/mongodb-secrets/mongodb-key), but the /etc/mongodb-secrets volumeMount was removed. Without re-adding the mount, mongod will fail to start because the keyfile path won’t exist.
    e2e-tests/version-service/compare/statefulset_minimal-cluster-rs0.yml:169
  • The keyFile volume definition was removed from the pod spec, but the container still references it via a volumeMount and mongod is configured with --keyFile=/etc/mongodb-secrets/mongodb-key. Re-add the minimal-cluster-mongodb-keyfile secret volume so the pod spec is valid.

Comment thread pkg/apis/psmdb/v1/psmdb_types.go
Comment on lines +1755 to +1766
// keyFile auth is required when:
// - spec.secrets.keyFile is explicitly set (operator-managed override)
// - tls.mode is "allowTLS" – connections may be plain, x509 is unreliable
// - TLS is disabled (mode: disabled + unsafe.tls: true)
//
// For the default "preferTLS" and for "requireTLS", MongoDB uses
// --clusterAuthMode=x509 and no keyfile is needed.

func (cr *PerconaServerMongoDB) KeyFileAuthEnabled() bool {
if cr.CompareVersion("1.23.0") < 0 {
return true
}
@JNKPercona

JNKPercona commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator
Test Name Result Time
arbiter passed 00:00:00
balancer passed 00:00:00
cert-management-policy passed 00:00:00
cross-site-sharded passed 00:00:00
custom-replset-name passed 00:00:00
custom-tls passed 00:00:00
custom-users-roles passed 00:00:00
custom-users-roles-sharded passed 00:00:00
data-at-rest-encryption passed 00:00:00
data-sharded passed 00:00:00
demand-backup passed 00:00:00
demand-backup-eks-credentials-irsa passed 00:00:00
demand-backup-fs passed 00:00:00
demand-backup-if-unhealthy passed 00:00:00
demand-backup-incremental-aws passed 00:00:00
demand-backup-incremental-azure passed 00:00:00
demand-backup-incremental-gcp-native passed 00:00:00
demand-backup-incremental-gcp-s3 passed 00:00:00
demand-backup-incremental-minio passed 00:00:00
demand-backup-incremental-sharded-aws passed 00:00:00
demand-backup-incremental-sharded-azure passed 00:00:00
demand-backup-incremental-sharded-gcp-native passed 00:00:00
demand-backup-incremental-sharded-gcp-s3 passed 00:00:00
demand-backup-incremental-sharded-minio passed 00:00:00
demand-backup-logical-minio-native-tls passed 00:00:00
demand-backup-physical-parallel passed 00:00:00
demand-backup-physical-aws passed 00:00:00
demand-backup-physical-azure passed 00:00:00
demand-backup-physical-gcp-s3 passed 00:00:00
demand-backup-physical-gcp-native passed 00:00:00
demand-backup-physical-minio passed 00:00:00
demand-backup-physical-minio-native passed 00:00:00
demand-backup-physical-minio-native-tls passed 00:00:00
demand-backup-physical-sharded-parallel passed 00:00:00
demand-backup-physical-sharded-aws passed 00:00:00
demand-backup-physical-sharded-azure passed 00:17:40
demand-backup-physical-sharded-gcp-native passed 00:00:00
demand-backup-physical-sharded-minio passed 00:00:00
demand-backup-physical-sharded-minio-native passed 00:00:00
demand-backup-sharded passed 00:00:00
demand-backup-snapshot passed 00:39:48
demand-backup-snapshot-vault passed 00:00:00
disabled-auth passed 00:00:00
expose-sharded passed 00:00:00
finalizer passed 00:00:00
ignore-labels-annotations passed 00:00:00
init-deploy passed 00:00:00
ldap passed 00:00:00
ldap-tls passed 00:00:00
limits passed 00:00:00
liveness passed 00:00:00
mongod-major-upgrade passed 00:00:00
mongod-major-upgrade-sharded passed 00:00:00
monitoring-2-0 passed 00:00:00
monitoring-pmm3 passed 00:00:00
multi-cluster-service passed 00:00:00
multi-storage passed 00:00:00
non-voting-and-hidden passed 00:00:00
one-pod passed 00:00:00
operator-self-healing-chaos passed 00:00:00
pitr passed 00:00:00
pitr-physical passed 00:00:00
pitr-sharded passed 00:00:00
pitr-to-new-cluster passed 00:00:00
pitr-physical-backup-source passed 00:00:00
preinit-updates passed 00:00:00
pvc-auto-resize passed 00:00:00
pvc-resize passed 00:00:00
recover-no-primary passed 00:00:00
replset-overrides passed 00:00:00
replset-remapping passed 00:00:00
replset-remapping-sharded passed 00:00:00
rs-shard-migration passed 00:00:00
scaling passed 00:00:00
scheduled-backup passed 00:00:00
security-context passed 00:00:00
self-healing-chaos passed 00:00:00
service-per-pod passed 00:00:00
serviceless-external-nodes passed 00:00:00
smart-update passed 00:00:00
split-horizon passed 00:00:00
split-horizon-manual-tls passed 00:00:00
stable-resource-version passed 00:00:00
storage passed 00:00:00
tls-issue-cert-manager passed 00:00:00
unsafe-psa passed 00:00:00
upgrade passed 00:00:00
upgrade-consistency passed 00:00:00
upgrade-consistency-sharded-tls passed 00:00:00
upgrade-sharded passed 00:00:00
upgrade-partial-backup passed 00:00:00
users passed 00:00:00
users-vault passed 00:00:00
vector-search passed 00:00:00
vector-search-sharded passed 00:00:00
version-service passed 00:00:00
Summary Value
Tests Run 96/96
Job Duration 01:02:14
Total Test Time 00:57:29

commit: cbf9fce
image: perconalab/percona-server-mongodb-operator:PR-2391-cbf9fce95

@nmarukovich nmarukovich merged commit bfded4c into main Jun 18, 2026
21 checks passed
@nmarukovich nmarukovich deleted the K8SPSMDB-1444 branch June 18, 2026 08:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@egegunes egegunes egegunes approved these changes
@gkech gkech gkech approved these changes
@jvpasinatto jvpasinatto Awaiting requested review from jvpasinatto jvpasinatto is a code owner
@eleo007 eleo007 Awaiting requested review from eleo007 eleo007 is a code owner
@valmiranogueira valmiranogueira Awaiting requested review from valmiranogueira valmiranogueira is a code owner
@hors hors Awaiting requested review from hors hors is a code owner
@pooknull pooknull Awaiting requested review from pooknull pooknull is a code owner
@mayankshah1607 mayankshah1607 Awaiting requested review from mayankshah1607 mayankshah1607 is a code owner
@oksana-grishchenko oksana-grishchenko Awaiting requested review from oksana-grishchenko oksana-grishchenko is a code owner

Assignees

No one assigned

Labels

size/XXL 1000+ lines tests

Projects

None yet

Milestone

v1.23.0

Development

Successfully merging this pull request may close these issues.

5 participants

@nmarukovich @JNKPercona @egegunes @gkech