I'm using MongoDB enterprise operator. Created mongodb opsmanager.
Created MongoDB Resource with Mongodb CRD. Given below
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: mongo-dev
namespace: mongodb-workspace
spec:
credentials: my-org-apikey
members: 3
opsManager:
configMapRef:
name: my-org-id
type: ReplicaSet
podSpec:
cpu: '4'
memory: '6G'
version: 5.0.18-ent
security:
tls:
enabled: true
ca: custom-ca
authentication:
enabled: true
modes: ["SCRAM"]
Here are the steps I followed to create a self signed certificate.
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN=*.svc.cluster.local" -days 3650 -reqexts v3_req -extensions v3_ca -out ca.crt
oc create secret tls ca-key-pair --cert=ca.crt --key=ca.key
oc apply -f cert-manager.yaml
oc apply -f issuers.yaml
oc apply -f certificates.yaml
oc get secret mongo-dev-0 -o jsonpath='{.data.tls.crt}{.data.tls.key}' | base64 --decode > mongo-dev-0-pem && \
oc get secret mongo-dev-1 -o jsonpath='{.data.tls.crt}{.data.tls.key}' | base64 --decode > mongo-dev-1-pem && \
oc get secret mongo-dev-2 -o jsonpath='{.data.tls.crt}{.data.tls.key}' | base64 --decode > mongo-dev-2-pem
oc create secret generic mongo-dev-cert --from-file=mongo-dev-0-pem --from-file=mongo-dev-1-pem --from-file=mongo-dev-2-pem
cat ca.crt > ca-pem
oc create configmap custom-ca --from-file=ca-pem
oc apply -f mongodb-rs.yaml
After mongodb replicaset reconilation, I'm getting error like.
Agent logs message is giving error
Failed to apply action. Result = : [15:07:48.267] Error starting mongod : [15:07:48.267] Error running start command. cmd=[Args=[/var/lib/mongodb-mms-automation/mongodb-linux-x86_64-5.0.18-ent/bin/mongod -f /data/automation-mongod.conf]], stip=[args={"net":{"bindIp":"0.0.0.0","port":27017,"tls":{"CAFile":"/mongodb-automation/tls/ca/ca-pem","allowConnectionsWithoutCertificates":true,"certificateKeyFile":"/mongodb-automation/tls/","mode":"preferTLS"}},"replication":{"replSetName":"mongodb-dev"},"storage":{"dbPath":"/data"},"systemLog":{"destination":"file","path":"/var/log/mongodb-mms-automation/mongodb.log"}}[],confPath=/data/automation-mongod.conf,version=5.0.18-ent-796abe56bfdbca6968ff570311bf72d93632825b(enterprise),isKmipRotateMasterKey=false,useOldConfFile=false]
And I checked the pod terminal log, it shows.
sh-4.4$ cat /var/log/mongodb-mms-automation/mongodb.log
{"t":{"$date":"2023-09-06T14:27:24.939+00:00"},"s":"E", "c":"NETWORK", "id":23248, "ctx":"-","msg":"Cannot read certificate file","attr":{"keyFile":"/mongodb-automation/tls/","error":"error:0909006C:PEM routines:get_name:no start line"}} {"t":{"$date":"2023-09-06T14:27:24.941+00:00"},"s":"F", "c":"CONTROL", "id":20574, "ctx":"-","msg":"Error during global initialization","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"Can not set up PEM key file."}}}
For reference I followed this blog https://developer.ibm.com/tutorials/secure-mongo-db-enterprise-on-red-hat-openshift/#5-Generate-Certificates-and-enable-TLS
Can anyone help on this