Updated release notes for search

Author: lsierant

changelog/20251015_other_remove_legacy_search_coordinator_polyfill.md

@@ -0,0 +1,14 @@
+---
+kind: feature
+date: 2025-10-30
+---
+
+* **MongoDBSearch**:
+  * Switched to gRPC and mTLS for internal communication between mongod and mongot.
+    * Since MCK 1.4 the `mongod` and `mongot` processess communicated using the MongoDB Wire Protocol and used keyfile authentication. This release switches that to gRPC with mTLS authentication. gRPC will allow for load-balancing search queries against multiple `mongot` processes in the future, and mTLS decouples the internal cluster authentication mode and credentials among `mongod` processes from the connection to the `mongot` process. The Operator will automatically enable gRPC for existing and new workloads, and will enable mTLS authentication if both Database Server and `MongoDBSearch` resource are configured for TLS.
+  * Exposed configuration settings for mongot's prometheus metrics endpoint.
+    * By default, if `spec.prometheus` field is not provided then metrics endpoint in mongot is disabled. **This is a breaking change**. Previously the metrics endpoing was always enabled on port 9946.
+    * To enable prometheus metrics endpoint specify empty `spec.prometheus:` field. It will enable metrics endpoint on a default port (9946). To change the port, set it in `spec.prometheus.port` field.
+  * Simplified MongoDB Search setup: Removed the custom Search Coordinator polyfill (a piece of compatibility code previously needed to add the required permissions), as MongoDB 8.2.0 and later now include the necessary permissions via the built-in searchCoordinator role.
+  * Updated the default `mongodb/mongodb-search` image version to 0.55.0. This is the version MCK uses if `.spec.version` is not specified.
+  * MongoDB deployments using X509 internal cluster authentication are now supported. Previously MongoDB Search required SCRAM authentication among members of a MongoDB replica set. Note: SCRAM client authentication is still required, this change merely relaxes the requirements on internal cluster authentication.

changelog/20251030_feature_update_mongodb_search_2nd_preview.md

@@ -2,5 +2,3 @@
 kind: feature
 date: 2025-11-06
 ---
-
-* **MongoDBSearch**: Updated the default `mongodb/mongodb-search` image version to 0.55.0. This is the version MCK uses if `.spec.version` is not specified.

changelog/20251030_feature_update_mongodb_search_to_use_grpc_and_mtls_for.md

@@ -3,15 +3,15 @@ package searchcontroller
 import (
 	"context"
 	"fmt"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
 	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"go.uber.org/zap"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	searchv1 "github.com/mongodb/mongodb-kubernetes/api/v1/search"

changelog/20251103_feature_mongodbsearch_mongodb_deployments_using_x509.md

@@ -1,5 +1,11 @@
 import yaml
-from kubetester import create_or_update_secret, run_periodically, try_load, get_service, kubetester
+from kubetester import (
+    create_or_update_secret,
+    get_service,
+    kubetester,
+    run_periodically,
+    try_load,
+)
 from kubetester.certs import create_mongodb_tls_certs, create_tls_certs
 from kubetester.kubetester import KubernetesTester
 from kubetester.kubetester import fixture as yaml_fixture
@@ -291,7 +297,9 @@ def assert_search_service_prometheus_port(mdbs: MongoDBSearch, should_exist: boo
 
     if should_exist:
         assert "prometheus" in ports, "Prometheus port should be in service when prometheus is enabled"
-        assert ports["prometheus"] == expected_port, f"Prometheus port should be {expected_port} but was {ports['prometheus']}"
+        assert (
+            ports["prometheus"] == expected_port
+        ), f"Prometheus port should be {expected_port} but was {ports['prometheus']}"
     else:
         assert "prometheus" not in ports, "Prometheus port should not be in service when prometheus is disabled"
 
@@ -302,20 +310,16 @@ def assert_search_pod_prometheus_endpoint(mdbs: MongoDBSearch, should_be_accessi
 
     if should_be_accessible:
         result = KubernetesTester.run_command_in_pod_container(
-            pod_name,
-            mdbs.namespace,
-            ["curl", "-f", url],
-            container="mongot"
+            pod_name, mdbs.namespace, ["curl", "-f", url], container="mongot"
         )
-        assert "# HELP" in result or "# TYPE" in result, f"Prometheus metrics endpoint should return valid metrics, got: {result[:200]}"
+        assert (
+            "# HELP" in result or "# TYPE" in result
+        ), f"Prometheus metrics endpoint should return valid metrics, got: {result[:200]}"
         logger.info(f"Prometheus endpoint is accessible and returning metrics")
     else:
         try:
             result = KubernetesTester.run_command_in_pod_container(
-                pod_name,
-                mdbs.namespace,
-                ["curl", "-f", url],
-                container_name="mongot"
+                pod_name, mdbs.namespace, ["curl", "-f", url], container_name="mongot"
             )
             assert False, f"Prometheus endpoint should not be accessible but got: {result}"
         except Exception as e:

changelog/20251106_feature_mongodbsearch_updated_the_default_mongodbmongodb.md

@@ -4,7 +4,6 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	golog "log"
 	"os"
 	"runtime/debug"
 	"slices"
@@ -31,6 +30,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	golog "log"
 	localruntime "runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	runtime_cluster "sigs.k8s.io/controller-runtime/pkg/cluster"