Updated release notes for search

lsierant · lsierant · commit acd404522167 · 2025-11-07T16:50:38.000+01:00
diff --git a/changelog/20251030_feature_update_mongodb_search_2nd_preview.md b/changelog/20251030_feature_update_mongodb_search_2nd_preview.md
@@ -0,0 +1,11 @@
+---
+kind: feature
+date: 2025-10-30
+---
+
+* **MongoDBSearch**:
+  * Switched to gRPC and mTLS for internal communication between mongod and mongot.
+    * Since MCK 1.4 the `mongod` and `mongot` processess communicated using the MongoDB Wire Protocol and used keyfile authentication. This release switches that to gRPC with mTLS authentication. gRPC will allow for load-balancing search queries against multiple `mongot` processes in the future, and mTLS decouples the internal cluster authentication mode and credentials among `mongod` processes from the connection to the `mongot` process. The Operator will automatically enable gRPC for existing and new workloads, and will enable mTLS authentication if both Database Server and `MongoDBSearch` resource are configured for TLS.
+  * Exposed configuration settings for mongot's prometheus metrics endpoint.
+    * By default, if `spec.prometheus` field is not provided then metrics endpoint in mongot is disabled. **This is a breaking change**. Previously the metrics endpoing was always enabled on port 9946.
+    * To enable prometheus metrics endpoint specify empty `spec.prometheus:` field. It will enable metrics endpoint on a default port (9946). To change the port, set it in `spec.prometheus.port` field.
diff --git a/changelog/20251030_feature_update_mongodb_search_to_use_grpc_and_mtls_for.md b/changelog/20251030_feature_update_mongodb_search_to_use_grpc_and_mtls_for.md
diff --git a/controllers/searchcontroller/mongodbsearch_reconcile_helper_test.go b/controllers/searchcontroller/mongodbsearch_reconcile_helper_test.go
@@ -3,15 +3,15 @@ package searchcontroller
 import (
 	"context"
 	"fmt"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
 	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	searchv1 "github.com/mongodb/mongodb-kubernetes/api/v1/search"
diff --git a/docker/mongodb-kubernetes-tests/tests/search/search_enterprise_tls.py b/docker/mongodb-kubernetes-tests/tests/search/search_enterprise_tls.py
@@ -1,5 +1,11 @@
 import yaml
-from kubetester import create_or_update_secret, run_periodically, try_load, get_service, kubetester
+from kubetester import (
+    create_or_update_secret,
+    get_service,
+    kubetester,
+    run_periodically,
+    try_load,
+)
 from kubetester.certs import create_mongodb_tls_certs, create_tls_certs
 from kubetester.kubetester import KubernetesTester
 from kubetester.kubetester import fixture as yaml_fixture
@@ -291,7 +297,9 @@ def assert_search_service_prometheus_port(mdbs: MongoDBSearch, should_exist: boo
 
     if should_exist:
         assert "prometheus" in ports, "Prometheus port should be in service when prometheus is enabled"
-        assert ports["prometheus"] == expected_port, f"Prometheus port should be {expected_port} but was {ports['prometheus']}"
+        assert (
+            ports["prometheus"] == expected_port
+        ), f"Prometheus port should be {expected_port} but was {ports['prometheus']}"
     else:
         assert "prometheus" not in ports, "Prometheus port should not be in service when prometheus is disabled"
 
@@ -302,20 +310,16 @@ def assert_search_pod_prometheus_endpoint(mdbs: MongoDBSearch, should_be_accessi
 
     if should_be_accessible:
         result = KubernetesTester.run_command_in_pod_container(
-            pod_name,
-            mdbs.namespace,
-            ["curl", "-f", url],
-            container="mongot"
+            pod_name, mdbs.namespace, ["curl", "-f", url], container="mongot"
         )
-        assert "# HELP" in result or "# TYPE" in result, f"Prometheus metrics endpoint should return valid metrics, got: {result[:200]}"
+        assert (
+            "# HELP" in result or "# TYPE" in result
+        ), f"Prometheus metrics endpoint should return valid metrics, got: {result[:200]}"
         logger.info(f"Prometheus endpoint is accessible and returning metrics")
     else:
         try:
             result = KubernetesTester.run_command_in_pod_container(
-                pod_name,
-                mdbs.namespace,
-                ["curl", "-f", url],
-                container_name="mongot"
+                pod_name, mdbs.namespace, ["curl", "-f", url], container_name="mongot"
             )
             assert False, f"Prometheus endpoint should not be accessible but got: {result}"
         except Exception as e:
diff --git a/main.go b/main.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	golog "log"
 	"os"
 	"runtime/debug"
 	"slices"
@@ -31,6 +30,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	golog "log"
 	localruntime "runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	runtime_cluster "sigs.k8s.io/controller-runtime/pkg/cluster"
