MONGODB_ROOT_PASSWORD variable not available on secondary replicas.

Hello Mongo Folks,

I am deploying a mongo-sharded cluster using the bitnami mongo-sharded helm chart for Kubernetes.

The configuration is the following:

2 configsrv
1 mongos
1 shard with 2 replicas

Mongo version: 6.0.4
Docker image: bitnami/mongodb-sharded:6.0.4-debian-11-r18

We’re trying to include a init script on each of the configsrv/shardsrv replicas that will run on initialization and setup the backup/restore scripts and directories needed on the replica.

Problem: Our init script uses the variable ${MONGODB_ROOT_PASSWORD} which only seems to be evaluated on the primary configsrv-0 and shardsrv-0 pods during initialization.

we append our script the end of the /opt/bitnami/scripts/mongodb-sharded/ which runs on replicas init.

here’s a snippet of our script. The ${MONGODB_ROOT_PASSWORD} only seems to get expaned to the value on the primary -0 replicas and not the secondaries.

    set -euxo pipefail

    export MONGODB_HOST=""
    export MONGODB_PORT="27017"
    export MAX_BACKUPS="${MAX_BACKUPS:-7}"
    export CRON_TIME="${CRON_TIME:-*/5 * * * *}"
    sudo mkdir -p /mongodb/mongo_backup/
    sudo chown -R 1001 /mongodb/mongo_backup/

    BACKUP_CMD="/tools/mongodump --host ${MONGODB_HOST} --port ${MONGODB_PORT} --username root --config=/tmp/.mdbcreds --archive=/mongodb/mongo_backup/"'${BACKUP_NAME}'" --gzip" 

    printf "password: ${MONGODB_ROOT_PASSWORD}" > /tmp/.mdbcreds


However, when the secondary pods are running, I can shell into them and do a ‘printenv’ and see the that the variable is there and if I manually re-run our init script it works just fine like it does on the primary replicas during init.

How/When do the secondary replicas get the ${MONGODB_ROOT_PASSWORD}? How can we get that mongo password during init on the replicas?