From 88e865c9be657eebb9cd68b1120456d877fbcaac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Sierant?= Date: Tue, 8 Jul 2025 13:33:43 +0200 Subject: [PATCH 1/4] Handle new mongot schema in unit tests --- .../operator/mongodbsearch_controller_test.go | 46 +++++++++++++------ 1 file changed, 33 insertions(+), 13 deletions(-) diff --git a/controllers/operator/mongodbsearch_controller_test.go b/controllers/operator/mongodbsearch_controller_test.go index 3c4cfb556..685f00a8a 100644 --- a/controllers/operator/mongodbsearch_controller_test.go +++ b/controllers/operator/mongodbsearch_controller_test.go @@ -73,21 +73,41 @@ func newSearchReconciler( } func buildExpectedMongotConfig(search *searchv1.MongoDBSearch, mdbc *mdbcv1.MongoDBCommunity) mongot.Config { - return mongot.Config{CommunityPrivatePreview: mongot.CommunityPrivatePreview{ - MongodHostAndPort: fmt.Sprintf( - "%s.%s.svc.cluster.local:%d", - mdbc.ServiceName(), mdbc.Namespace, - mdbc.GetMongodConfiguration().GetDBPort(), - ), - QueryServerAddress: fmt.Sprintf("localhost:%d", search.GetMongotPort()), - KeyFilePath: "/mongot/keyfile/keyfile", - DataPath: "/mongot/data/config.yml", - Metrics: mongot.Metrics{ + return mongot.Config{ + SyncSource: mongot.ConfigSyncSource{ + ReplicaSet: mongot.ConfigReplicaSet{ + HostAndPort: fmt.Sprintf("%s.%s.svc.cluster.local:%d", mdbc.Name+"-svc", search.Namespace, 27017), + Username: "__system", + PasswordFile: "/tmp/keyfile", + TLS: false, + ReadPreference: "secondaryPreferred", + }, + }, + Storage: mongot.ConfigStorage{ + DataPath: "/mongot/data/config.yml", + }, + Server: mongot.ConfigServer{ + Wireproto: mongot.ConfigWireproto{ + Address: "0.0.0.0:27027", + Authentication: mongot.ConfigAuthentication{ + Mode: "keyfile", + KeyFile: "/tmp/keyfile", + }, + TLS: mongot.ConfigTLS{Mode: "disabled"}, + }, + }, + Metrics: mongot.ConfigMetrics{ Enabled: true, - Address: fmt.Sprintf("localhost:%d", search.GetMongotMetricsPort()), + Address: fmt.Sprintf("localhost:%d", searchv1.MongotDefaultMetricsPort), + }, + HealthCheck: mongot.ConfigHealthCheck{ + Address: "0.0.0.0:8080", }, - Logging: mongot.Logging{Verbosity: "DEBUG"}, - }} + Logging: mongot.ConfigLogging{ + Verbosity: "DEBUG", + LogPath: nil, + }, + } } func TestMongoDBSearchReconcile_NotFound(t *testing.T) { From 19bc20d1c0d488a7940684ede7a8da0aec3f7f70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Sierant?= Date: Fri, 4 Jul 2025 17:23:47 +0200 Subject: [PATCH 2/4] Handle new mongot config schema --- config/manager/manager.yaml | 4 +- .../mongodbsearch_reconcile_helper.go | 39 ++++++++--- .../search_controller/search_construction.go | 7 +- helm_chart/values.yaml | 6 +- .../pkg/mongot/mongot_config.go | 66 ++++++++++++------- public/mongodb-kubernetes-multi-cluster.yaml | 2 +- public/mongodb-kubernetes-openshift.yaml | 4 +- public/mongodb-kubernetes.yaml | 2 +- scripts/dev/contexts/e2e_mdb_community | 5 ++ 9 files changed, 95 insertions(+), 40 deletions(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 3e4f72934..ce5ce623d 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -392,9 +392,9 @@ spec: - name: RELATED_IMAGE_MONGODB_IMAGE_8_0_0_ubi9 value: "quay.io/mongodb/mongodb-enterprise-server:8.0.0-ubi9" - name: RELATED_IMAGE_MDB_SEARCH_IMAGE_1_47_0 - value: "quay.io/mongodb/mongodb-search-community:1.47.0" + value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-search-community:1.47.0" - name: MDB_SEARCH_COMMUNITY_REPO_URL - value: "quay.io/mongodb" + value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev" - name: MDB_SEARCH_COMMUNITY_NAME value: "mongodb-search-community" - name: MDB_SEARCH_COMMUNITY_VERSION diff --git a/controllers/search_controller/mongodbsearch_reconcile_helper.go b/controllers/search_controller/mongodbsearch_reconcile_helper.go index 59523ce8e..3dfd1c57f 100644 --- a/controllers/search_controller/mongodbsearch_reconcile_helper.go +++ b/controllers/search_controller/mongodbsearch_reconcile_helper.go @@ -207,19 +207,42 @@ func buildSearchHeadlessService(search *searchv1.MongoDBSearch) corev1.Service { } func createMongotConfig(search *searchv1.MongoDBSearch, db SearchSourceDBResource) mongot.Config { - return mongot.Config{CommunityPrivatePreview: mongot.CommunityPrivatePreview{ - MongodHostAndPort: fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()), - QueryServerAddress: fmt.Sprintf("localhost:%d", search.GetMongotPort()), - KeyFilePath: "/mongot/keyfile/keyfile", - DataPath: "/mongot/data/config.yml", - Metrics: mongot.Metrics{ + return mongot.Config{ + SyncSource: mongot.ConfigSyncSource{ + ReplicaSet: mongot.ConfigReplicaSet{ + HostAndPort: fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()), + Username: "__system", + PasswordFile: "/tmp/keyfile", + TLS: false, + // TODO check + ReadPreference: "secondaryPreferred", + }, + }, + Storage: mongot.ConfigStorage{ + DataPath: "/mongot/data/config.yml", + }, + Server: mongot.ConfigServer{ + Wireproto: mongot.ConfigWireproto{ + Address: "0.0.0.0:27027", + Authentication: mongot.ConfigAuthentication{ + Mode: "keyfile", + KeyFile: "/tmp/keyfile", + }, + TLS: mongot.ConfigTLS{Mode: "disabled"}, + }, + }, + Metrics: mongot.ConfigMetrics{ Enabled: true, Address: fmt.Sprintf("localhost:%d", search.GetMongotMetricsPort()), }, - Logging: mongot.Logging{ + HealthCheck: mongot.ConfigHealthCheck{ + Address: "0.0.0.0:8080", + }, + Logging: mongot.ConfigLogging{ Verbosity: "DEBUG", + LogPath: nil, }, - }} + } } func GetMongodConfigParameters(search *searchv1.MongoDBSearch) map[string]interface{} { diff --git a/controllers/search_controller/search_construction.go b/controllers/search_controller/search_construction.go index ea169339d..2d755b5ce 100644 --- a/controllers/search_controller/search_construction.go +++ b/controllers/search_controller/search_construction.go @@ -180,7 +180,12 @@ func mongodbSearchContainer(mdbSearch *searchv1.MongoDBSearch, volumeMounts []co container.WithCommand([]string{"sh"}), container.WithArgs([]string{ "-c", - "/mongot-community/mongot --config /mongot/config/config.yml", + ` +cp /mongot/keyfile/keyfile /tmp/keyfile +chown 2000:2000 /tmp/keyfile +chmod 0600 /tmp/keyfile +/mongot-community/mongot --config /mongot/config/config.yml +`, }), containerSecurityContext, ) diff --git a/helm_chart/values.yaml b/helm_chart/values.yaml index ed940930f..b96b9291f 100644 --- a/helm_chart/values.yaml +++ b/helm_chart/values.yaml @@ -225,7 +225,11 @@ community: search: community: # Full Search container image url used for the MongoDB Community Search container will be constructed as {search.community.repo}/{search.community.name}:{search.community.version} - repo: quay.io/mongodb +# repo: quay.io/mongodb +# name: mongodb-search-community +# # default MongoDB Search version used; can be overridden by setting MongoDBSearch.spec.version field. +# version: 1.47.0 + repo: 268558157000.dkr.ecr.us-east-1.amazonaws.com/dev name: mongodb-search-community # default MongoDB Search version used; can be overridden by setting MongoDBSearch.spec.version field. version: 1.47.0 diff --git a/mongodb-community-operator/pkg/mongot/mongot_config.go b/mongodb-community-operator/pkg/mongot/mongot_config.go index 80d4c1421..9cfb8b578 100644 --- a/mongodb-community-operator/pkg/mongot/mongot_config.go +++ b/mongodb-community-operator/pkg/mongot/mongot_config.go @@ -1,41 +1,59 @@ package mongot type Config struct { - CommunityPrivatePreview CommunityPrivatePreview `json:"communityPrivatePreview"` + SyncSource ConfigSyncSource `json:"syncSource"` + Storage ConfigStorage `json:"storage"` + Server ConfigServer `json:"server"` + Metrics ConfigMetrics `json:"metrics"` + HealthCheck ConfigHealthCheck `json:"healthCheck"` + Logging ConfigLogging `json:"logging"` } -// CommunityPrivatePreview structure reflects private preview configuration from mongot: -// https://github.com/10gen/mongot/blob/060ec179af062ac2639678f4a613b8ab02c21597/src/main/java/com/xgen/mongot/config/provider/community/CommunityConfig.java#L100 -// Comments are from the default config file: https://github.com/10gen/mongot/blob/375379e56a580916695a2f53e12fd4a99aa24f0b/deploy/community-resources/config.default.yml#L1-L0 -type CommunityPrivatePreview struct { - // Socket (IPv4/6) address of the sync source mongod - MongodHostAndPort string `json:"mongodHostAndPort"` - - // Socket (IPv4/6) address on which to listen for wire protocol connections - QueryServerAddress string `json:"queryServerAddress"` +type ConfigSyncSource struct { + ReplicaSet ConfigReplicaSet `json:"replicaSet"` +} - // Keyfile used for mongod -> mongot authentication - KeyFilePath string `json:"keyFilePath"` +type ConfigReplicaSet struct { + HostAndPort string `json:"hostAndPort"` + Username string `json:"username"` + PasswordFile string `json:"passwordFile"` + TLS bool `json:"tls"` + ReadPreference string `json:"readPreference"` +} - // Filesystem path that all mongot data will be stored at +type ConfigStorage struct { DataPath string `json:"dataPath"` +} - // Options for metrics - Metrics Metrics `json:"metrics,omitempty"` +type ConfigServer struct { + Wireproto ConfigWireproto `json:"wireproto"` +} - // Options for logging - Logging Logging `json:"logging,omitempty"` +type ConfigWireproto struct { + Address string `json:"address"` + Authentication ConfigAuthentication `json:"authentication"` + TLS ConfigTLS `json:"tls"` } -type Metrics struct { - // Whether to enable the Prometheus metrics endpoint - Enabled bool `json:"enabled"` +type ConfigAuthentication struct { + Mode string `json:"mode"` + KeyFile string `json:"keyFile"` +} + +type ConfigTLS struct { + Mode string `json:"mode"` +} + +type ConfigMetrics struct { + Enabled bool `json:"enabled"` + Address string `json:"address"` +} - // Socket address (IPv4/6) on which the Prometheus /metrics endpoint will be exposed +type ConfigHealthCheck struct { Address string `json:"address"` } -type Logging struct { - // Log level - Verbosity string `json:"verbosity"` +type ConfigLogging struct { + Verbosity string `json:"verbosity"` + LogPath *string `json:"logPath,omitempty"` } diff --git a/public/mongodb-kubernetes-multi-cluster.yaml b/public/mongodb-kubernetes-multi-cluster.yaml index fb3cc9ea2..a07d57d04 100644 --- a/public/mongodb-kubernetes-multi-cluster.yaml +++ b/public/mongodb-kubernetes-multi-cluster.yaml @@ -410,7 +410,7 @@ spec: value: "ubi8" # Community Env Vars End - name: MDB_SEARCH_COMMUNITY_REPO_URL - value: "quay.io/mongodb" + value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev" - name: MDB_SEARCH_COMMUNITY_NAME value: "mongodb-search-community" - name: MDB_SEARCH_COMMUNITY_VERSION diff --git a/public/mongodb-kubernetes-openshift.yaml b/public/mongodb-kubernetes-openshift.yaml index f5dbe1864..880bcae87 100644 --- a/public/mongodb-kubernetes-openshift.yaml +++ b/public/mongodb-kubernetes-openshift.yaml @@ -674,9 +674,9 @@ spec: - name: RELATED_IMAGE_MONGODB_IMAGE_8_0_0_ubi9 value: "quay.io/mongodb/mongodb-enterprise-server:8.0.0-ubi9" - name: RELATED_IMAGE_MDB_SEARCH_IMAGE_1_47_0 - value: "quay.io/mongodb/mongodb-search-community:1.47.0" + value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-search-community:1.47.0" - name: MDB_SEARCH_COMMUNITY_REPO_URL - value: "quay.io/mongodb" + value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev" - name: MDB_SEARCH_COMMUNITY_NAME value: "mongodb-search-community" - name: MDB_SEARCH_COMMUNITY_VERSION diff --git a/public/mongodb-kubernetes.yaml b/public/mongodb-kubernetes.yaml index 1f193b925..9299af0eb 100644 --- a/public/mongodb-kubernetes.yaml +++ b/public/mongodb-kubernetes.yaml @@ -406,7 +406,7 @@ spec: value: "ubi8" # Community Env Vars End - name: MDB_SEARCH_COMMUNITY_REPO_URL - value: "quay.io/mongodb" + value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev" - name: MDB_SEARCH_COMMUNITY_NAME value: "mongodb-search-community" - name: MDB_SEARCH_COMMUNITY_VERSION diff --git a/scripts/dev/contexts/e2e_mdb_community b/scripts/dev/contexts/e2e_mdb_community index 4f096c2d7..70203f32d 100644 --- a/scripts/dev/contexts/e2e_mdb_community +++ b/scripts/dev/contexts/e2e_mdb_community @@ -10,3 +10,8 @@ source "${script_dir}/variables/mongodb_latest" # This variable is needed otherwise the `fetch_om_information.sh` script is called and fails the test export OM_EXTERNALLY_CONFIGURED="true" + +# Temporary development images built from mongot master +export MDB_SEARCH_COMMUNITY_VERSION="776d43523d185b6b234289e17c191712a3e6569b" +export MDB_SEARCH_COMMUNITY_NAME="mongot/community" +export MDB_SEARCH_COMMUNITY_REPO_URL="268558157000.dkr.ecr.eu-west-1.amazonaws.com" From aeff4257e5570b57c057ff869396b21adae83bb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Sierant?= Date: Tue, 8 Jul 2025 14:52:43 +0200 Subject: [PATCH 3/4] Adjusted schema syntax for optionals --- .../operator/mongodbsearch_controller_test.go | 9 +++--- .../mongodbsearch_reconcile_helper.go | 16 +++++------ .../pkg/mongot/mongot_config.go | 28 ++++++++++++------- 3 files changed, 31 insertions(+), 22 deletions(-) diff --git a/controllers/operator/mongodbsearch_controller_test.go b/controllers/operator/mongodbsearch_controller_test.go index 685f00a8a..3e55385aa 100644 --- a/controllers/operator/mongodbsearch_controller_test.go +++ b/controllers/operator/mongodbsearch_controller_test.go @@ -3,6 +3,7 @@ package operator import ( "context" "fmt" + "k8s.io/utils/ptr" "testing" "github.com/ghodss/yaml" @@ -79,17 +80,17 @@ func buildExpectedMongotConfig(search *searchv1.MongoDBSearch, mdbc *mdbcv1.Mong HostAndPort: fmt.Sprintf("%s.%s.svc.cluster.local:%d", mdbc.Name+"-svc", search.Namespace, 27017), Username: "__system", PasswordFile: "/tmp/keyfile", - TLS: false, - ReadPreference: "secondaryPreferred", + TLS: ptr.To(false), + ReadPreference: ptr.To("secondaryPreferred"), }, }, Storage: mongot.ConfigStorage{ DataPath: "/mongot/data/config.yml", }, Server: mongot.ConfigServer{ - Wireproto: mongot.ConfigWireproto{ + Wireproto: &mongot.ConfigWireproto{ Address: "0.0.0.0:27027", - Authentication: mongot.ConfigAuthentication{ + Authentication: &mongot.ConfigAuthentication{ Mode: "keyfile", KeyFile: "/tmp/keyfile", }, diff --git a/controllers/search_controller/mongodbsearch_reconcile_helper.go b/controllers/search_controller/mongodbsearch_reconcile_helper.go index 3dfd1c57f..583e02df8 100644 --- a/controllers/search_controller/mongodbsearch_reconcile_helper.go +++ b/controllers/search_controller/mongodbsearch_reconcile_helper.go @@ -5,6 +5,7 @@ import ( "crypto/sha256" "encoding/base32" "fmt" + "k8s.io/utils/ptr" "strings" "github.com/blang/semver" @@ -210,21 +211,20 @@ func createMongotConfig(search *searchv1.MongoDBSearch, db SearchSourceDBResourc return mongot.Config{ SyncSource: mongot.ConfigSyncSource{ ReplicaSet: mongot.ConfigReplicaSet{ - HostAndPort: fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()), - Username: "__system", - PasswordFile: "/tmp/keyfile", - TLS: false, - // TODO check - ReadPreference: "secondaryPreferred", + HostAndPort: fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()), + Username: "__system", + PasswordFile: "/tmp/keyfile", + TLS: ptr.To(false), + ReadPreference: ptr.To("secondaryPreferred"), }, }, Storage: mongot.ConfigStorage{ DataPath: "/mongot/data/config.yml", }, Server: mongot.ConfigServer{ - Wireproto: mongot.ConfigWireproto{ + Wireproto: &mongot.ConfigWireproto{ Address: "0.0.0.0:27027", - Authentication: mongot.ConfigAuthentication{ + Authentication: &mongot.ConfigAuthentication{ Mode: "keyfile", KeyFile: "/tmp/keyfile", }, diff --git a/mongodb-community-operator/pkg/mongot/mongot_config.go b/mongodb-community-operator/pkg/mongot/mongot_config.go index 9cfb8b578..8a6550416 100644 --- a/mongodb-community-operator/pkg/mongot/mongot_config.go +++ b/mongodb-community-operator/pkg/mongot/mongot_config.go @@ -14,11 +14,11 @@ type ConfigSyncSource struct { } type ConfigReplicaSet struct { - HostAndPort string `json:"hostAndPort"` - Username string `json:"username"` - PasswordFile string `json:"passwordFile"` - TLS bool `json:"tls"` - ReadPreference string `json:"readPreference"` + HostAndPort string `json:"hostAndPort"` + Username string `json:"username"` + PasswordFile string `json:"passwordFile"` + TLS *bool `json:"tls,omitempty"` + ReadPreference *string `json:"readPreference,omitempty"` } type ConfigStorage struct { @@ -26,13 +26,13 @@ type ConfigStorage struct { } type ConfigServer struct { - Wireproto ConfigWireproto `json:"wireproto"` + Wireproto *ConfigWireproto `json:"wireproto,omitempty"` } type ConfigWireproto struct { - Address string `json:"address"` - Authentication ConfigAuthentication `json:"authentication"` - TLS ConfigTLS `json:"tls"` + Address string `json:"address"` + Authentication *ConfigAuthentication `json:"authentication,omitempty"` + TLS ConfigTLS `json:"tls"` } type ConfigAuthentication struct { @@ -40,8 +40,16 @@ type ConfigAuthentication struct { KeyFile string `json:"keyFile"` } +type ConfigTLSMode string + +const ( + ConfigTLSModeTLS ConfigTLSMode = "TLS" + ConfigTLSModeDisabled ConfigTLSMode = "Disabled" +) + type ConfigTLS struct { - Mode string `json:"mode"` + Mode ConfigTLSMode `json:"mode"` + CertificateKeyFile *string `json:"certificateKeyFile,omitempty"` } type ConfigMetrics struct { From 4cc828fb3a79eb259ab39a18719760d91876bf96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Sierant?= Date: Fri, 11 Jul 2025 07:42:49 +0200 Subject: [PATCH 4/4] wip --- .../om_appdb_scale_up_down.py | 4 ---- .../community-replicaset-sample-mflix.yaml | 19 +++++++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/docker/mongodb-kubernetes-tests/tests/opsmanager/withMonitoredAppDB/om_appdb_scale_up_down.py b/docker/mongodb-kubernetes-tests/tests/opsmanager/withMonitoredAppDB/om_appdb_scale_up_down.py index 9a0f64704..166f4ca5a 100644 --- a/docker/mongodb-kubernetes-tests/tests/opsmanager/withMonitoredAppDB/om_appdb_scale_up_down.py +++ b/docker/mongodb-kubernetes-tests/tests/opsmanager/withMonitoredAppDB/om_appdb_scale_up_down.py @@ -2,7 +2,6 @@ import pytest from kubetester.kubetester import fixture as yaml_fixture -from kubetester.kubetester import skip_if_local from kubetester.opsmanager import MongoDBOpsManager from kubetester.phase import Phase from pytest import fixture @@ -65,7 +64,6 @@ def test_appdb_monitoring_group_was_created(self, ops_manager: MongoDBOpsManager def test_admin_config_map(self, ops_manager: MongoDBOpsManager): ops_manager.get_automation_config_tester().reached_version(1) - @skip_if_local def test_om_connectivity(self, ops_manager: MongoDBOpsManager): ops_manager.get_om_tester().assert_healthiness() # todo check the backing db group, automation config and data integrity @@ -112,7 +110,6 @@ def test_appdb(self, ops_manager: MongoDBOpsManager, custom_appdb_version: str): def test_admin_config_map(self, ops_manager: MongoDBOpsManager): ops_manager.get_automation_config_tester().reached_version(2) - @skip_if_local def test_om_connectivity(self, ops_manager: MongoDBOpsManager): ops_manager.get_om_tester().assert_healthiness() @@ -139,6 +136,5 @@ def test_appdb(self, ops_manager: MongoDBOpsManager): def test_admin_config_map(self, ops_manager: MongoDBOpsManager): ops_manager.get_automation_config_tester().reached_version(3) - @skip_if_local def test_om_connectivity(self, ops_manager: MongoDBOpsManager): ops_manager.get_om_tester().assert_healthiness() diff --git a/docker/mongodb-kubernetes-tests/tests/search/fixtures/community-replicaset-sample-mflix.yaml b/docker/mongodb-kubernetes-tests/tests/search/fixtures/community-replicaset-sample-mflix.yaml index 4ba3d40b6..1295cc054 100644 --- a/docker/mongodb-kubernetes-tests/tests/search/fixtures/community-replicaset-sample-mflix.yaml +++ b/docker/mongodb-kubernetes-tests/tests/search/fixtures/community-replicaset-sample-mflix.yaml @@ -25,6 +25,25 @@ spec: - name: readWrite db: sample_mflix scramCredentialsSecretName: my-scram + - name: mongot-user + db: admin + passwordSecretRef: # a reference to the secret that will be used to generate the user's password + name: my-user-password + roles: + - new RoleName("readWriteAnyDatabase", RoleName.ADMIN_DB), + - new RoleName("clusterMonitor", RoleName.ADMIN_DB), + - new RoleName("readWrite", RoleName.LOCAL_DB), + - new RoleName("directShardOperations", RoleName.ADMIN_DB, "7.0"), + - new RoleName(NDSDBRole.BYPASS_DEFAULT_MAX_TIME_MS, RoleName.ADMIN_DB, "8.0")); + - name: readWriteAnyDatabase + db: admin + - name: clusterMonitor + db: admin + - name: readWrite + db: local + - name: readWrite + db: config + scramCredentialsSecretName: my-scram statefulSet: spec: template: