Authentication Problem with mongo-express when trying to connect with MongoDB Kubernetes Cluster (created with MongoDB Community Kubernetes Operator)
Asked Answered
D

1

9

I set up a Minikube-Cluster with the MongoDB Community Kubernetes Operator. To view the content i want to set up a mongo-express Instance which connects to the Mongo-Cluster/ReplicaSet. But if I apply the Deployment the Container always fails with:

mongo-express_1  | Waiting for localhost:27017...
mongo-express_1  | Welcome to mongo-express
mongo-express_1  | ------------------------
mongo-express_1  | 
mongo-express_1  | 
mongo-express_1  | Mongo Express server listening at http://0.0.0.0:8081
mongo-express_1  | Server is open to allow connections from anyone (0.0.0.0)
mongo-express_1  | basicAuth credentials are "admin:pass", it is recommended you change this in your config.js!
mongo-express_1  | Database connected
mongo-express_1  | Admin Database connected
mongo-express_1  | Error [MongoError]: Authentication failed.
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at Socket.emit (events.js:314:20)
mongo-express_1  |     at addChunk (_stream_readable.js:297:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:272:9)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:213:10)
mongo-express_1  |     at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
mongo-express_1  |   operationTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1611234788 },
mongo-express_1  |   ok: 0,
mongo-express_1  |   errmsg: 'Authentication failed.',
mongo-express_1  |   code: 18,
mongo-express_1  |   codeName: 'AuthenticationFailed',
mongo-express_1  |   '$clusterTime': {
mongo-express_1  |     clusterTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1611234788 },
mongo-express_1  |     signature: { hash: [Binary], keyId: [Long] }
mongo-express_1  |   }
mongo-express_1  | }
mongo-express_1  | unable to list databases
mongo-express_1  | Error [MongoError]: command listDatabases requires authentication
mongo-express_1  |     at Function.MongoError.create (/node_modules/mongodb-core/lib/error.js:31:11)
mongo-express_1  |     at /node_modules/mongodb-core/lib/connection/pool.js:483:72
mongo-express_1  |     at authenticateStragglers (/node_modules/mongodb-core/lib/connection/pool.js:429:16)
mongo-express_1  |     at Connection.messageHandler (/node_modules/mongodb-core/lib/connection/pool.js:463:5)
mongo-express_1  |     at Socket.<anonymous> (/node_modules/mongodb-core/lib/connection/connection.js:319:22)
mongo-express_1  |     at Socket.emit (events.js:314:20)
mongo-express_1  |     at addChunk (_stream_readable.js:297:12)
mongo-express_1  |     at readableAddChunk (_stream_readable.js:272:9)
mongo-express_1  |     at Socket.Readable.push (_stream_readable.js:213:10)
mongo-express_1  |     at TCP.onStreamRead (internal/stream_base_commons.js:188:23) {
mongo-express_1  |   operationTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1611234788 },
mongo-express_1  |   ok: 0,
mongo-express_1  |   errmsg: 'command listDatabases requires authentication',
mongo-express_1  |   code: 13,
mongo-express_1  |   codeName: 'Unauthorized',
mongo-express_1  |   '$clusterTime': {
mongo-express_1  |     clusterTime: Timestamp { _bsontype: 'Timestamp', low_: 1, high_: 1611234788 },
mongo-express_1  |     signature: { hash: [Binary], keyId: [Long] }
mongo-express_1  |   }
mongo-express_1  | }

For the ease of testing I used docker-compose to start mango-express and created a Port-Forwarding to access the cluster.

Versions:

  • MongoDB Cluster: tried 4.2.6 and 4.4.3
  • mongo-express: 0.54.0

Here the Deployment/Service I use for MongoDB Cluster creation:

---
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
  name: example-mongodb
spec:
  members: 3
  type: ReplicaSet
  version: "4.4.3"
  security:
    authentication:
      modes: ["SCRAM"]
  users:
    - name: mongoadmin
      db: admin
      passwordSecretRef: # a reference to the secret that will be used to generate the user's password
        name: mongoadmin-password
      roles:
        - name: root
          db: admin
      scramCredentialsSecretName: my-scram

# the user credentials will be generated from this secret
# once the credentials are generated, this secret is no longer required
---
apiVersion: v1
kind: Secret
metadata:
  name: mongoadmin-password
type: Opaque
stringData:
  password: mongoadmin                                 

And here the compose-file i use for mongo-express:

version: '3.8'

services:
  mongo-express:
    image: mongo-express
    restart: on-failure
    ports:
      - 8081:8081
    network_mode: host
    environment:
      ME_CONFIG_MONGODB_SERVER: localhost
      ME_CONFIG_MONGODB_ADMINUSERNAME: mongoadmin
      ME_CONFIG_MONGODB_ADMINPASSWORD: mongoadmin

The thing is, that if I setup up a mongo (4.4.3) container with mongo-express via docker-compose everything works fine...

Does anybody have a clue whats going on?

Dulcie answered 21/1, 2021 at 13:42 Comment(5)
Coudl you share more info how did you deploy mongodb in the kubernetes?Protective
I used the mongodb kubernetes community operator. All I did after that is deploy the yaml file for kubernetes above using kubectl apply -f <filename>. What i found out is that if I use Port-Forwarding from my Host-Network to the Pods mongo-express works the problem seems only to occur when i use the mongo-express instance inside kubernetesDulcie
Ran into the same thing, seems to be a problem with authentication method, found this in server logs: "BadValue: SCRAM-SHA-1 authentication is disabled", see: github.com/mongo-express/mongo-express/issues/672Calpac
I have the same problem. I've tried to create the user with SCRAM-SHA-1 but is not supported in mongo version 4.x.Decern
Can you also share the yaml for the mongo-express pod that you deploy into your k8s cluster ? Remember to double check as if you have the right IP address to the MongoDB service and set it correct with your ME_CONFIG_MONGODB_SERVERElastic
P
0

I have build the docker image from the alpha version of mongo-express https://github.com/mongo-express/mongo-express/tree/v1.0.0-alpha.1

Here is the image uncl3mar1k/mongo-express:v1.0.0-alpha.1

It seems to work well with authentication, but I noticed that it has an issue with pagening. (if you have a lot of collections and try to go through pages, you will notice that data about collections did not changes)

Update: there is a newer version v1.0.0-alpha.3 looks like all issues was fixed here. Please take a look to new image: staslb/mongo-express:v1.0.0-alpha.3

Pesticide answered 4/6, 2021 at 8:4 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.