Kubernetes Enterprise Operator Release 1.32.0 (#304)

Author: mms-build-account

.evergreen.yml

@@ -2,7 +2,7 @@ variables:
   - &go_env
     XDG_CONFIG_HOME: ${go_base_path}${workdir}
     GO111MODULE: "on"
-    GOROOT: "/opt/golang/go1.23"
+    GOROOT: "/opt/golang/go1.24"
 functions:
   "clone":
     - command: subprocess.exec
@@ -34,7 +34,7 @@ functions:
           - notary_service_url
         script: |
           set -Eeu pipefail
-          
+
           curl "${notary_service_url}" --output macos-notary.zip
           unzip -u macos-notary.zip
           chmod 755 ./linux_amd64/macnotary
@@ -72,14 +72,14 @@ functions:
 
 tasks:
   - name: package_goreleaser
-    allowed_requesters: [ "patch", "github_tag" ]
+    allowed_requesters: ["patch", "github_tag"]
     tags: ["packaging"]
     commands:
       - func: "clone"
       - func: "install goreleaser"
       - func: "install macos notarization service"
       - func: "release"
-# add a noop task because if the only task in a variant is git_tag_only: true Evergreen doesn't start it at all
+  # add a noop task because if the only task in a variant is git_tag_only: true Evergreen doesn't start it at all
   - name: noop
     commands:
       - command: shell.exec
@@ -88,11 +88,11 @@ tasks:
           script: echo "this is the noop task"
 
 buildvariants:
-# This variant is run when a new tag is out similar to github actions.
-- name: release_mcli
-  display_name: Release Go multi-cluster binary
-  run_on:
-    - ubuntu2204-small
-  tasks:
-    - name: package_goreleaser
-    - name: noop
+  # This variant is run when a new tag is out similar to github actions.
+  - name: release_mcli
+    display_name: Release Go multi-cluster binary
+    run_on:
+      - ubuntu2204-small
+    tasks:
+      - name: package_goreleaser
+      - name: noop

architectures/mongodb-replicaset-multi-cluster/code_snippets/1050_generate_certs.sh

@@ -0,0 +1,18 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-cert
+  usages:
+  - server auth
+  - client auth
+EOF

architectures/mongodb-replicaset-multi-cluster/code_snippets/1100_mongodb_replicaset_multi_cluster.sh

@@ -0,0 +1,30 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: mongodb.com/v1
+kind: MongoDBMultiCluster
+metadata:
+  name: ${RESOURCE_NAME}
+spec:
+  type: ReplicaSet
+  version: 8.0.3
+  opsManager:
+    configMapRef:
+      name: mdb-org-project-config
+  credentials: mdb-org-owner-credentials
+  duplicateServiceObjects: false
+  persistent: true
+  externalAccess: {}
+  security:
+    certsSecretPrefix: cert-prefix
+    tls:
+      ca: ca-issuer
+    authentication:
+      enabled: true
+      modes: ["SCRAM"]
+  clusterSpecList:
+    - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+      members: 2
+    - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
+      members: 1
+    - clusterName: ${K8S_CLUSTER_2_CONTEXT_NAME}
+      members: 2
+EOF

architectures/mongodb-replicaset-multi-cluster/code_snippets/1110_mongodb_replicaset_multi_cluster_wait_for_running_state.sh

@@ -0,0 +1,8 @@
+echo; echo "Waiting for MongoDB to reach Running phase..."
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RESOURCE_NAME}" --timeout=900s
+echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_2_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods

architectures/mongodb-replicaset-multi-cluster/code_snippets/1200_create_mongodb_user.sh

@@ -0,0 +1,27 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rs-user-password
+type: Opaque
+stringData:
+  password: password
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBUser
+metadata:
+  name: rs-user
+spec:
+  passwordSecretKeyRef:
+    name: rs-user-password
+    key: password
+  username: "rs-user"
+  db: "admin"
+  mongodbResourceRef:
+    name: ${RESOURCE_NAME}
+  roles:
+  - db: "admin"
+    name: "root"
+EOF
+
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user

architectures/mongodb-replicaset-multi-cluster/code_snippets/1210_verify_mongosh_connection.sh

@@ -0,0 +1,12 @@
+# Load Balancers sometimes take longer to get an IP assigned, we need to retry
+while [ -z "$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")" ]
+do
+  sleep 5
+done
+
+external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
+
+mkdir -p certs
+kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt
+
+mongosh --host "${external_ip}" --username rs-user --password password --tls --tlsCAFile certs/ca.crt --tlsAllowInvalidHostnames --eval "db.runCommand({connectionStatus : 1})"

architectures/mongodb-replicaset-multi-cluster/env_variables.sh

@@ -0,0 +1,9 @@
+# This script builds on top of the environment configured in the setup guides.
+# It depends (uses) the following env variables defined there to work correctly.
+# If you don't use the setup guide to bootstrap the environment, then define them here.
+#  ${K8S_CLUSTER_0_CONTEXT_NAME}
+#  ${K8S_CLUSTER_1_CONTEXT_NAME}
+#  ${K8S_CLUSTER_2_CONTEXT_NAME}
+#  ${MDB_NAMESPACE}
+
+export RESOURCE_NAME=mdb

architectures/mongodb-replicaset-multi-cluster/output/1210_verify_mongosh_connection.out

@@ -0,0 +1,15 @@
+{
+  authInfo: {
+    authenticatedUsers: [ { user: 'rs-user', db: 'admin' } ],
+    authenticatedUserRoles: [ { role: 'root', db: 'admin' } ]
+  },
+  ok: 1,
+  '$clusterTime': {
+    clusterTime: Timestamp({ t: 1736786648, i: 9 }),
+    signature: {
+      hash: Binary.createFromBase64('oEXuV6w8Ct5J26i/Sqwr8oex8tI=', 0),
+      keyId: Long('7459441848994496517')
+    }
+  },
+  operationTime: Timestamp({ t: 1736786648, i: 9 })
+}

architectures/mongodb-replicaset-multi-cluster/test.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -eou pipefail
+
+script_name=$(readlink -f "${BASH_SOURCE[0]}")
+script_dir=$(dirname "${script_name}")
+
+source scripts/code_snippets/sample_test_runner.sh
+
+pushd "${script_dir}"
+
+prepare_snippets
+
+run 1050_generate_certs.sh
+run 1100_mongodb_replicaset_multi_cluster.sh
+run 1110_mongodb_replicaset_multi_cluster_wait_for_running_state.sh
+
+run 1200_create_mongodb_user.sh
+sleep 10
+run_for_output 1210_verify_mongosh_connection.sh
+
+popd

architectures/mongodb-sharded-multi-cluster/code_snippets/2050_generate_certs.sh

@@ -0,0 +1,103 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-0-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-0-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-1-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-1-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-2-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-2-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-config-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-config-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-mongos-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-mongos-cert
+  usages:
+  - server auth
+  - client auth
+EOF