mongodb-container
mongodb-container copied to clipboard
sclorg
Having an external route for mongo
Using the openshift mongo template, has anyone found a way to expose an external route for mongo? We can set mongo to require authentication and bind to 0.0.0.0 so it accepts non-localhost connections, but I've not found a way to make it work with external routes.
https://github.com/openshift/origin/issues/3415#issuecomment-137902453 suggests there might be a way if mongo support SNI, which if I understand it correctly, does: https://jira.mongodb.org/browse/DRIVERS-320
Any ideas?
i don't know enough about mongo to advise you about enabling sni (but if you do, you should be able to create a passthrough route to it), but another option would be configuring either an external ip service, or a nodeport for your mongodb pod.
Using SNI does not require using SSL/TLS on the server too?
Currently it is not possible to enable SSL for mongodb container - I plan to add this after s2i support is added (#239)
Using SNI does not require using SSL/TLS on the server too?
yes, it does. I figured that was implied when I said enabling SNI.
yes, it does. I figured that was implied when I said enabling SNI.
Not sure we talk about same "server" :-) I thought a mongod server... I was asking because I am not familiar with "Edge Termination" of OpenShift routes. And if this can be somehow used.
edge termination of a route means the router terminates the SSL connection and then uses a non-encrypted connection to the backend. https://docs.openshift.org/latest/architecture/core_concepts/routes.html#secured-routes
@bparees So it is possible to connect to service port (different than 80/443) without encrypted connection?
@bparees So it is possible to connect to service port (different than 80/443) without encrypted connection?
services can be on any port you want and any protocol you want. but routes cannot.
Ok. So this issue is waiting for SSL support in mongodb-container. And that is blocked by s2i support - #239
