Skip to content

CLOUDP-351614 - Fix tls deactivation with monitoring #649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
nammn wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

CLOUDP-351614 - Fix tls deactivation with monitoring #649

nammn wants to merge 1 commit into from

Conversation

@nammn
Copy link
Collaborator

@nammn nammn commented Dec 16, 2025
edited
Loading

Summary

This pull request improves the handling of TLS parameters in monitoring configuration, ensuring that TLS-related settings are properly cleared when TLS is disabled. It also adds a dedicated test to verify this behavior.

TLS Parameter Handling Improvements:

  • In deployment.go, when TLS is disabled, the "additionalParams" key is now removed from the monitoring configuration to prevent monitoring agents from referencing non-existent certificate files.
  • In appdbreplicaset_controller.go, the code explicitly clears the AdditionalParams field for each monitoring version when TLS is disabled, further ensuring that leftover TLS settings are not retained.

Testing Enhancements:

  • A new test, TestAddMonitoringTLSDisable, was added to deployment_test.go to verify that enabling and then disabling TLS correctly adds and then removes TLS parameters from the monitoring configuration.

Proof of Work

  • green patch

Checklist

  • Have you linked a jira ticket and/or is the ticket in the title?
  • Have you checked whether your jira ticket required DOCSP changes?
  • Have you added changelog file?

@github-actions
Copy link

github-actions bot commented Dec 16, 2025

⚠️ (this preview might not be accurate if the PR is not rebased on current master branch)

MCK 1.6.2 Release Notes

Bug Fixes

  • Fixed an issue where monitoring agents would fail after disabling TLS on a MongoDB deployment.

nammn
nammn commented Dec 17, 2025
View reviewed changes
.evergreen.yml
tags: [ "pr_patch", "staging", "e2e_test_suite", "static" ]
run_on:
- ubuntu2404-large
<<: *base_om8_dependency
Copy link
Collaborator Author

@nammn nammn Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

revert me once the image build has been fixed for the database image

@nammn
CLOUDP-351614: Fix monitoring failure after disabling TLS on AppDB
d6d52a8 
When TLS is disabled on AppDB, the operator now correctly clears stale
TLS parameters (additionalParams) from the monitoring configuration.

Before this fix, stale TLS params like useSslForAllConnections and
sslClientCertificate would remain in the monitoring config after TLS
was disabled, causing monitoring agents to fail when trying to use
certificate files that are no longer valid for authentication.

Changes:
- deployment.go: Clear additionalParams when TLS is disabled
- appdbreplicaset_controller.go: Use correct TLS state for monitoring
- Added e2e test (e2e_om_appdb_tls_disable) that verifies:
  1. TLS params are present when TLS is enabled
  2. TLS params are cleared after TLS is disabled
  3. Monitoring continues to work after TLS disable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vinilage vinilage Awaiting requested review from vinilage vinilage will be requested when the pull request is marked ready for review vinilage is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nammn