-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/mongodb] Configure mongodb hostname during initialization #34297
base: main
Are you sure you want to change the base?
Conversation
…e via the environment variable MONGODB_LOCALHOST_NAME Signed-off-by: Douglas Thomson <djt210@gmail.com>
f86f51b
to
3171d7a
Compare
Hello @dtrts, We are going to review this logic internally as we want to further investigate the behavior of the field that you propose to modify with a variable. We will notify you in this PR when there is any news. |
Thank you @corico44. There's more detail in the issue about why I have gone for this approach. I have just thought of another option where support is added for different Have a great weekend! |
Hello @corico44 I've been working with TLS and just wanted to highlight another sticking point. With TLS enabled the function During initialization I don't have this hostname IP Bound and so it reports an error. It could use the MONGODB_LOCALHOST_NAME by default, and we should create a separate check to ensure that the mongo server is accessible through the advertised hostname (i.e. through the internet) Just some thoughts! Hope you're having a great week. |
I fully agree with this PR as using the FQDN for a Replica Set that uses an X.509 certificate signed by a public CA is the proper way forward. For example, the Bitnami Helm chart will break currently with all of the connections it makes to |
This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution. |
Bump |
Signed-off-by: Douglas Thomson <36892985+dtrts@users.noreply.github.com>
We are still reviewing the case internally. We will try to give you all updates as soon as possible. |
Description of the change
This change enabled the hostname to be configured for the initialization of the server. These steps include:
Benefits
When TLS is enabled through the
*_EXTRA_FLAGS
options it is enabled during initialization and it is common for the certificate to not include127.0.0.1
in the IP list.This change allows us to provide a host which works with TLS.
Possible drawbacks
Misconfiguration could lead to configuring the wrong server.
If attempting to use a hostname which resolves to an external IP then the mongo server will have to bind to that IP before initialization. This puts the server at risk of attack during setup. (Most likely for only a few seconds?)
Applicable issues
This issue is for the
charts
repo but does describe the issue here and the workarounds taken to fix it.Additional information
Have a great day!