Search: use ConfigMap instead of Secret for external TLS CA#909
Draft
lsierant wants to merge 2 commits intosearch/multiple-mongotfrom
Draft
Search: use ConfigMap instead of Secret for external TLS CA#909lsierant wants to merge 2 commits intosearch/multiple-mongotfrom
lsierant wants to merge 2 commits intosearch/multiple-mongotfrom
Conversation
lsierant
force-pushed
the
search/multiple-mongot
branch
from
a8147b6 to
4a1be64
Compare
lsierant
force-pushed
the
search/lsierant/ca-as-configmap
branch
from
87e1e48 to
9f99f28
Compare
lsierant
force-pushed
the
search/multiple-mongot
branch
from
e21bef7 to
7008937
Compare
The ExternalMongodTLS CA reference was incorrectly using a Secret volume and Secret watch. This changes it to use a ConfigMap, consistent with how enterprise and community search sources already handle CA certificates. Changes: - Update ExternalMongodTLS.CA comment and CRD descriptions - Switch CreateVolumeFromSecret to CreateVolumeFromConfigMap in both external_search_source.go and sharded_external_search_source.go - Update resource watches from watch.Secret to watch.ConfigMap - Update unit tests to assert ConfigMap volume source - Update e2e tests to create CA as ConfigMap with ca.crt key - Update doc snippets to reference ConfigMap instead of Secret # Conflicts: # docker/mongodb-kubernetes-tests/tests/common/search/sharded_search_helper.py
lsierant
force-pushed
the
search/lsierant/ca-as-configmap
branch
from
9f99f28 to
c490ded
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The ExternalMongodTLS CA reference was incorrectly using a Secret volume
and Secret watch. This changes it to use a ConfigMap, consistent with how
enterprise and community search sources already handle CA certificates.
Changes:
external_search_source.go and sharded_external_search_source.go
Based on PR #817
Chain of upstream PRs as of 2026-03-18
PR Search Sharded+LoadBalancing: base feature branch #806:
master←search/basePR Search: support multiple mongots #817:
search/base←search/multiple-mongotsearch/multiple-mongot←search/lsierant/ca-as-configmap