CLOUDP-392496: Add OpenShift e2e test for sharded Search with managed Envoy LB via OCP Routes#939
Closed
Julien-Ben wants to merge 58 commits intosearch/basefrom
Closed
CLOUDP-392496: Add OpenShift e2e test for sharded Search with managed Envoy LB via OCP Routes#939Julien-Ben wants to merge 58 commits intosearch/basefrom
Julien-Ben wants to merge 58 commits intosearch/basefrom
Conversation
<!-- start git-machete generated --> # Based on PR #806 ## Chain of upstream PRs as of 2026-03-03 * PR #806: `master` ← `search/base` * **PR #816 (THIS ONE)**: `search/base` ← `search/sharded-cluster` <!-- end git-machete generated --> # Summary MCK already supported deploying single instance of mongot process using MongoDBSearch resource, with the MongoDB replicaset as source. That meant the customers can run search queries/use search against a ReplicaSet deployment. In this PR, we are adding support to have sharded cluster as source to the MongoDBSearch resource. So that search can be used with sharded clusters as well. To achieve this we have added the new field in the `ExternalMongoDBSource` type that can be used to configure the details of the sharded cluster that is going to be used as source. ```go type ExternalMongoDBSource struct { // ShardedCluster contains configuration for external sharded MongoDB clusters. // Mutually exclusive with HostAndPorts. // +optional ShardedCluster *ExternalShardedClusterConfig `json:"shardedCluster,omitempty"` ``` The `ExternalShardedClusterConfig` is mainly used to generate the mongot config, so that mongot correctly knows how to talk to the mongod processes. Rest of the changes revolve around this. ## Proof of Work TBD --------- Co-authored-by: Vivek Singh <vsingh.ggits.2010@gmail.com> Co-authored-by: Julien-Ben <33035980+Julien-Ben@users.noreply.github.com> Co-authored-by: Julien Benhaim <julien.benhaim@mongodb.com> Co-authored-by: Vivek Singh <vivek.s@mongodb.com>
# Conflicts: # controllers/operator/mongodbshardedcluster_controller.go # controllers/searchcontroller/enterprise_search_source_test.go # Conflicts: # controllers/operator/mongodbsearch_controller.go # controllers/operator/mongodbshardedcluster_controller.go
Fixes to search with multiple-mongot # Conflicts: # controllers/searchcontroller/mongodbsearch_reconcile_helper.go
- Fix try_load() by removing the FIXME early-return that was causing get_ops_manager() to return unloaded resources (empty status), resulting in empty baseUrl in OpsManager connection ConfigMaps on om80 variant - Fix endpoint template in search-sharded-external-lb.yaml - Fix username mismatch in enterprise_tls sample_movies_helper - Fix CRD field name sharded→shardedCluster in sharded_enterprise_external_mongod - Fix CA configmap and mongodbResourceRef overrides in sharded_enterprise_managed_lb - Fix username mismatches in sharded_external_mongod_single_mongot
<!-- start git-machete generated --> # Based on PR #817 ## Chain of upstream PRs as of 2026-03-03 * PR #806: `master` ← `search/base` * PR #816: `search/base` ← `search/sharded-cluster` * PR #817: `search/sharded-cluster` ← `search/multiple-mongot` * **PR #853 (THIS ONE)**: `search/multiple-mongot` ← `search/lsierant/revert-rs-cluster-index` <!-- end git-machete generated -->
…ss tests (#863) # Summary <!-- Enter your PR summary here. Try to emphasize on WHY this change is needed, followed by what's being done in the PR. --> ## Proof of Work <!-- Enter your proof that it works here.--> ## Checklist - [ ] Have you linked a jira ticket and/or is the ticket in the title? - [ ] Have you checked whether your jira ticket required DOCSP changes? - [ ] Have you added changelog file? - use `skip-changelog` label if not needed - refer to [Changelog files and Release Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes) section in CONTRIBUTING.md for more details
# Summary Improve managed Envoy proxy: replace custom config types with go-control-plane, support external mongod sources, and add CRD configurability Replace hand-rolled Envoy config structs with the official envoyproxy/go-control-plane protobuf types for type-safe JSON config generation Refactor the Envoy controller to share database source resolution with the main search controller via getSearchSource, enabling managed LB support for external mongod sharded sources. Add CRD fields for Envoy image and resource requirements overrides, proper security contexts, and a new e2e test for sharded enterprise with external mongod managed LB.
# Summary Introduce Astral's [ty](https://docs.astral.sh/ty/) static type checker to avoid simple syntactic/type errors in e2e tests. ty check is applied only to search files for now and is part of precommit. <!-- start git-machete generated --> # Based on PR #817 ## Chain of upstream PRs as of 2026-03-16 * PR #806: `master` ← `search/base` * PR #817: `search/base` ← `search/multiple-mongot` * **PR #896 (THIS ONE)**: `search/multiple-mongot` ← `search/lsierant/mypy` <!-- end git-machete generated -->
…es (#886) <!-- start git-machete generated --> # Based on PR #817 ## Chain of upstream PRs as of 2026-03-13 * PR #806: `master` ← `search/base` * PR #817: `search/base` ← `search/multiple-mongot` * **PR #886 (THIS ONE)**: `search/multiple-mongot` ← `search/validate-shardname-tls-san` <!-- end git-machete generated --> # Summary Adds validation for `shardName` in MongoDBSearch sharded cluster configurations to ensure generated Kubernetes resource names comply with naming constraints. **Changes:** - Validate shardName as RFC 1123 DNS Label (lowercase, alphanumeric, hyphens, max 63 chars) - Validate uniqueness of shardNames across shards - Predictively validate generated resource names (StatefulSet, Service, ConfigMap, Secrets) against their respective Kubernetes naming standards - Provide actionable error messages with character counts when validation fails ## Proof of Work ``` $ go test -v ./api/v1/search/... ./controllers/searchcontroller/... --- PASS: TestValidateShardNames (0.00s) --- PASS: TestShardedExternalSearchSource_Validate (0.00s) PASS ``` ## Checklist - [x] Have you linked a jira ticket and/or is the ticket in the title? - [ ] Have you checked whether your jira ticket required DOCSP changes? - [ ] Have you added changelog file? ---------
… for auto-embedding (#899) ## Summary - Adds per-pod mongot config generation: when auto-embedding is configured, the ConfigMap contains separate `config-leader.yml` / `config-follower.yml` entries plus pod-name → role keys (e.g. `mdbc-rs-search-0` → `leader`) - Startup script reads `$HOSTNAME` (Kubernetes env var) to determine the pod's role and starts mongot with the appropriate config file — fixes `hostname: command not found` in the mongot container - Adds readiness probe support (`CLOUDP-386705`) - Adds `HasAutoEmbedding()` helper on `MongoDBSearch` - Passes `usePerPodConfig` flag through `CreateSearchStatefulSetFunc` and `ensureMongotConfig` for both non-sharded and sharded reconcile paths - Adds unit tests for the new config-building logic ## Test plan - [x] `go build ./...` passes - [x] `go test ./controllers/searchcontroller/...` passes - [ ] E2E: `e2e_search_community_basic`, `e2e_search_enterprise_basic` on `e2e_mdb_kind_ubi_cloudqa_large` Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Code <noreply@anthropic.com>
# Summary Small fix, see comment
# Summary Mongot started supporting x509 authentication from mongot to mongod, detailed are in [this TD](https://docs.google.com/document/d/11xdolqdUR2Ht107AbxO5VKW658ytl6rPoJlYYc36ufE/edit?tab=t.0). This PR adds that support in MCK by adding a new field `.spec.source.x509` in the `MongoDBSearch` resource. ToDo: Docs changes are needed. That will be separate PR. I will add RN in the same PR. ## Proof of Work Successful E2E https://spruce.corp.mongodb.com/version/69bc663932ca800007e45f5a/tasks?sorts=STATUS%3AASC%3BBASE_STATUS%3ADESC ## Checklist - [ ] Have you linked a jira ticket and/or is the ticket in the title? - [ ] Have you checked whether your jira ticket required DOCSP changes? - [ ] Have you added changelog file? - use `skip-changelog` label if not needed - refer to [Changelog files and Release Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes) section in CONTRIBUTING.md for more details
…922) # Summary Test steps: https://docs.google.com/document/d/1hyTQnvJQHOiKXtZZoMf8x0_h-CYsK8k9YUnC4YNeET8/edit?tab=t.hx0n5tq7mm10 ## Proof of Work <!-- Enter your proof that it works here.--> ## Checklist - [ ] Have you linked a jira ticket and/or is the ticket in the title? - [ ] Have you checked whether your jira ticket required DOCSP changes? - [ ] Have you added changelog file? - use `skip-changelog` label if not needed - refer to [Changelog files and Release Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes) section in CONTRIBUTING.md for more details
## Summary
Users may need to customize the Envoy load balancer Deployment with
settings that aren't exposed as first-class fields in the load balancer
CR. This PR adds a `deploymentConfiguration` field that lets users
provide a partial Deployment spec which gets merged into the
operator-built one. We use the same pattern already used for StatefulSet
overrides in other resources like MongoDB deployments.
**What changed:**
- Added `deploymentConfiguration` to `EnvoyConfig` in the MongoDBSearch
API types, CRDs, and deepcopy
- Added `DeploymentSpecWrapper`, `DeploymentConfiguration`, and
`DeploymentMetadataWrapper` types in `common/wrap.go`, mirroring the
existing StatefulSet wrappers
- For the rest of the code implementation, followed the patterns
established for statefulset overrides.
- E2E tests in both external and internal managed-LB suites
## Proof of Work
Unit tests, and E2E tests that patch the CR with a busybox sidecar and
verify the Envoy Deployment picks it up
## Checklist
- [x] Have you linked a jira ticket and/or is the ticket in the title?
- [x] Have you checked whether your jira ticket required DOCSP changes?
- [x] Have you added changelog file?
- use `skip-changelog` label if not needed
- refer to [Changelog files and Release
Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes)
section in CONTRIBUTING.md for more details
# Summary
Two problems with the managed Envoy LB:
1. The Envoy image had three sources: `spec.lb.envoy.image` CRD field,
`MDB_ENVOY_IMAGE` env var, and a hardcoded fallback in the controller.
This didn't match our configuration patterns for the other resources.
2. The main search controller reported Running even if Envoy failed to
deploy, we had no way of easily observe the load balancer status.
Changes:
**Image resolution**: Remove `spec.lb.envoy.image` from the CRD and the
hardcoded fallback from the controller. The Envoy image is now sourced
exclusively from `MDB_ENVOY_IMAGE`. If the env var isn't set, the envoy
controller fails at reconcile time with a clear error.
**LB status**: Add a `status.loadBalancer` substatus (phase + message)
to the MongoDBSearch CR. The envoy controller reports
Pending/Running/Failed into it independently from the main status. The
main controller checks `IsLoadBalancerReady()` before going Running, so
the search resource won't claim Running until Envoy is healthy. A new
`LoadBalancer` print column shows the phase in `kubectl get`.
The Envoy image bump from v1.31 to v1.37 is just for local development
defaults.
## Proof of Work
- Unit tests for `LoadBalancerStatus`, `SearchPartOption`,
`IsLoadBalancerReady`, and the LB status update path.
- `assert_lb_status()` added to all managed and unmanaged LB E2E tests
(RS and sharded) to verify the substatus is present+Running for managed,
absent for unmanaged.
## Checklist
- [x] Have you linked a jira ticket and/or is the ticket in the title?
- [x] Have you checked whether your jira ticket required DOCSP changes?
- [x] Have you added changelog file?
- use `skip-changelog` label if not needed
- refer to [Changelog files and Release
Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes)
section in CONTRIBUTING.md for more details
After 2768f83 switched no-LB deployments to use the headless pod FQDN (pod-0.svc) instead of the proxy service FQDN, three things broke: 1. search_enterprise_tls.py still expected the proxy service name - switch to mongot_pod_fqdn() like the other updated tests. 2. Snippet TLS certificates (community + enterprise) only covered the bare service name, not pod FQDNs through it. Add a wildcard SAN (*.search-svc) so mongod's TLS hostname verification passes when connecting to the headless pod address.
Julien-Ben
commented
Mar 26, 2026
| @@ -0,0 +1,400 @@ | |||
| """ | |||
| E2E test for sharded MongoDB Search on OpenShift with external source and managed Envoy LB. | |||
Collaborator
Author
There was a problem hiding this comment.
This shares a lot of code with search_sharded_enterprise_external_mongod_managed_lb, we could gate on the cluster type (openshift vs kind) and add the needed methods there as well.
Julien-Ben
commented
Mar 26, 2026
| - name: build_test_image | ||
| variant: init_test_run | ||
| run_on: | ||
| - ubuntu2404-large |
Collaborator
Author
There was a problem hiding this comment.
I created a dedicated variant because we need a -large machine. We could also bump the size for the existing one (but it costs more $$).
Collaborator
Author
|
Closed in favor of |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Proof of Work
Checklist
skip-changeloglabel if not needed