MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Planned
Created by Guest
Created on Mar 22, 2021

RELATED FEEDBACK

Use separate tls.crt and tls.key items in a kubernetes secret for certificates instead of a combined item named server.pem for a MondoDB rep

There should be a way to use separate `tls.crt` and `tls.key` items in a kubernetes secret for certificates instead of a combined item named `server.pem`. We request our certs using cert-manager which generates secrets from the cert CRD and will get auto renewed every so often. These secrets have 2 items, `tls.crt` and `tls.key`. So far the only way I have seen to enable tls is to combine these 2 items and rename it into a new secret in kubernetes as item called `server.pem`. This however means that when a cert auto renews that the wrong secret is being used. So our replicaSets would break on each renewal (every 90 days). If some flexibility was built in on how to provide certificates to the replicaSet, there would be no issue and auto renewing our certs would not break MongoDB in production every 90 days.
  • ADMIN RESPONSE
    Aug 1, 2025
    Support for Cert Manager as well as support for separate crt and key is on a roadmap. We will look into updating our docs to describe cert rotation.
  • Attach files
  • Guest
    Jun 16, 2021
    It would be good if the operator could follow the Kubernetes secrets default settings as defined in the Kubernetes documentation https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets This will not only cover the use-case of cert-manager, but also the other use-cases
    Reply