litmus icon indicating copy to clipboard operation
litmus copied to clipboard

Published 20 hours ago verified publisher icon litmuschaos

Request for MongoDB connection with TLS mode for the server

Open imrajdas opened this issue 3 years ago • 6 comments

Currently, the server can't connect to MongoDB with TLS mode.

Solution:

  1. We need an env to take the certificate as a configmap
  2. Modify the mongodb connection to add the TLS connection code.

imrajdas avatar Aug 17 '21 04:08 imrajdas

Hey I want to work on this . Can you help me where to get started as I am a new contributor

bishtsaurabh5 avatar Aug 21 '21 08:08 bishtsaurabh5

Description: The issue is to add the TLS mode for the MongoDB connection. Here - code, we are using non-TLS mode to connect with MongoDB.

With TLS, we need to store the certificate in a configmap and mount the config map with the litmusportal-server deployment and In the code base, we need to read that configmap and set up the MongoDB connection with TLS mode.

List of new environment variables

  • MONGO_DB_TLS (values=true/false)
  • MONGO_CERTIFICATE

If MONGO_DB_TLS is true then we need to connect the MongoDB with TLS mode else we can go with the current process

imrajdas avatar Aug 23 '21 08:08 imrajdas

Sure I have started working on this , Can you please assign this issue to me ?

bishtsaurabh5 avatar Aug 23 '21 11:08 bishtsaurabh5

Adding the discussion on the slack thread as to what needs to be done for this PR here

  1. We need to enable TLS on mongodb server as well
  2. Enabling TLS is done using a config file usually so either we can generate the config file and mount in a configmap using helm configurable params or we can give the user option to provide a custom file
  3. We have to add the TLS certs for client (which is intially requested in the PR) only if the user wants mTLS.
  4. Have to provide steps for the users to configure self signed certs if they want to do that

bishtsaurabh5 avatar Sep 02 '21 03:09 bishtsaurabh5

Hi, please assign this issue to me if it's open.

123vivekr avatar Oct 17 '21 08:10 123vivekr

According to this article in mongodb docs, a standalone Instance cannot be secured using TLS.

I know of two options:

  • Upgrade mongo from standalone instance to a replica set with a mongodb operator.
  • Modify the litmuschaos/mongo image to fetch the certificate from the ConfigMap and passing it to mongo via mongo's config file, as explained here.

The second one sounds like a hacky solution to me. Could you give me some pointers for the implementation?

123vivekr avatar Nov 12 '21 17:11 123vivekr