[action] Bump setup-go ver; omit dirs in zip

2020-05-13 09:07:52 +02:00
11 changed files with 130 additions and 102 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,7 +16,7 @@ jobs:

    steps:
    - name: Set up Go ${{ matrix.go }}
-      uses: actions/setup-go@v2-beta
+      uses: actions/setup-go@v2
      with:
        go-version: ${{ matrix.go }}

@@ -35,7 +35,7 @@ jobs:

    steps:
    - name: Set up Go 1.13
-      uses: actions/setup-go@v2-beta
+      uses: actions/setup-go@v2
      with:
        go-version: 1.13

--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,7 +12,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Set up Go 1.13
-      uses: actions/setup-go@v2-beta
+      uses: actions/setup-go@v2
      with:
        go-version: 1.13

--- a/2
+++ b/2
@@ -78,7 +78,7 @@ $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT):
 	GOOS=$(CLIENT_PLATFORM) GOARCH=$(CLIENT_ARCH) $(XBUILD) -o $@ ./cmd/$(MIXIN)

 ifeq ($(CLIENT_PLATFORM),windows)
-	zip $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH).zip $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT)
+	zip -j $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH).zip $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT)
 else
 	tar -czvf $(BINDIR)/$(VERSION)/$(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH).tar.gz -C $(BINDIR)/$(VERSION)/ $(MIXIN)-$(CLIENT_PLATFORM)-$(CLIENT_ARCH)$(FILE_EXT)
 endif
--- a/cmd/qliksense/preflight.go
+++ b/cmd/qliksense/preflight.go
@@ -136,7 +136,12 @@ func pfAllChecksCmd(q *qliksense.Qliksense) *cobra.Command {
 	f := preflightAllChecksCmd.Flags()
 	f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
 	f.StringVarP(&preflightOpts.MongoOptions.MongodbUrl, "mongodb-url", "", "", "mongodbUrl to try connecting to")
+	f.StringVarP(&preflightOpts.MongoOptions.Username, "mongodb-username", "", "", "username to connect to mongodb")
+	f.StringVarP(&preflightOpts.MongoOptions.Password, "mongodb-password", "", "", "password to connect to mongodb")
 	f.StringVarP(&preflightOpts.MongoOptions.CaCertFile, "mongodb-ca-cert", "", "", "certificate to use for mongodb check")
+	f.StringVarP(&preflightOpts.MongoOptions.ClientCertFile, "mongodb-client-cert", "", "", "client-certificate to use for mongodb check")
+	f.BoolVar(&preflightOpts.MongoOptions.Tls, "mongodb-tls", false, "enable tls?")
+
 	return preflightAllChecksCmd
 }

@@ -147,7 +152,7 @@ func pfDeploymentCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 	}
 	var pfDeploymentCheckCmd = &cobra.Command{
 		Use:     "deployment",
-		Short:   "perform preflight deployment check",
+		Short:   "perform preflight deploymwnt check",
 		Long:    `perform preflight deployment check to ensure that we can create deployments in the cluster`,
 		Example: `qliksense preflight deployment`,
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -332,7 +337,7 @@ func pfCreateServiceAccountCheckCmd(q *qliksense.Qliksense) *cobra.Command {

 	var preflightServiceAccountCmd = &cobra.Command{
 		Use:     "serviceaccount",
-		Short:   "preflight create serviceaccount check",
+		Short:   "preflight create ServiceAccount check",
 		Long:    `perform preflight serviceaccount check to ensure we are able to create a service account in the cluster`,
 		Example: `qliksense preflight serviceaccount`,
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -429,7 +434,11 @@ func pfMongoCheckCmd(q *qliksense.Qliksense) *cobra.Command {
 	f := preflightMongoCmd.Flags()
 	f.BoolVarP(&preflightOpts.Verbose, "verbose", "v", false, "verbose mode")
 	f.StringVarP(&preflightOpts.MongoOptions.MongodbUrl, "url", "", "", "mongodbUrl to try connecting to")
+	f.StringVarP(&preflightOpts.MongoOptions.Username, "username", "", "", "username to connect to mongodb")
+	f.StringVarP(&preflightOpts.MongoOptions.Password, "password", "", "", "password to connect to mongodb")
 	f.StringVarP(&preflightOpts.MongoOptions.CaCertFile, "ca-cert", "", "", "ca certificate to use for mongodb check")
+	f.StringVarP(&preflightOpts.MongoOptions.ClientCertFile, "client-cert", "", "", "client-certificate to use for mongodb check")
+	f.BoolVar(&preflightOpts.MongoOptions.Tls, "tls", false, "enable tls?")
 	return preflightMongoCmd
 }

--- a/docs/preflight_checks.md
+++ b/docs/preflight_checks.md
@@ -16,18 +16,9 @@ Examples:
 qliksense preflight <preflight_check_to_run>

 Available Commands:
-  all            perform all checks
-  authcheck      preflight authcheck
-  clean          perform preflight clean
-  deployment     perform preflight deployment check
-  dns            perform preflight dns check
-  kube-version   check kubernetes version
-  mongo          preflight mongo OR preflight mongo --url=<url>
-  pod            perform preflight pod check
-  role           preflight create role check
-  rolebinding    preflight create rolebinding check
-  service        perform preflight service check
-  serviceaccount preflight create ServiceAccount check
+  all         perform all checks
+  dns         perform preflight dns check
+  k8s-version check k8s version

 Flags:
  -h, --help   help for preflight
@@ -209,8 +200,8 @@ We can check if we are able to connect to an instance of mongodb on the cluster
 qliksense preflight mongo --url=<url> -v OR
 qliksense preflight mongo -v
 qliksense preflight mongo --url=<mongo-server url> --ca-cert=<path to ca-cert file> -v
-```
-```shell
+
+
 Preflight mongo check
 ---------------------
 Preflight mongodb check: 
@@ -226,29 +217,7 @@ Deleted pod: pf-mongo-pod
 Completed preflight mongodb check
 ```

-#### Mongodb check with mutual tls
-In order to perform mutual tls with mongo we need to:
- append client certificate to the beginning/end of CA certificate. Make sure to include the beginning and end tags on each certificate. 
-The CA certificate file should look like this in the end:
-```shell
-<existing contents of CA cert>
-...
-----BEGIN RSA PRIVATE KEY-----
-<private key>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-<public key>
-----END CERTIFICATE-----
-```
- Run the command below to set the ca certificate into the CR
-```shell
-cat <path_to_ca.crt> | base64 | qliksense config set-secrets qliksense.caCertificates --base64
-```

-Next, run: 
-```shell
-qliksense preflight mongo -v
-```

 ### Running all checks
 Run the command shown below to execute all preflight checks.
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ replace (
 	k8s.io/client-go => k8s.io/client-go v0.17.0
 	k8s.io/kubectl => k8s.io/kubectl v0.0.0-20191219154910-1528d4eea6dd

-	sigs.k8s.io/kustomize/api => github.com/qlik-oss/kustomize/api v0.3.3-0.20200514233516-4ac83864b7bd
+	sigs.k8s.io/kustomize/api => github.com/qlik-oss/kustomize/api v0.3.3-0.20200424070349-b0312eb71568
 )

 require (
--- a/go.sum
+++ b/go.sum
@@ -883,10 +883,12 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/qlik-oss/k-apis v0.1.1 h1:aZ4eTMB3mSn03Kuj7+RI0eFLkjK9+0qxADBioRb3qVA=
+github.com/qlik-oss/k-apis v0.1.1/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
 github.com/qlik-oss/k-apis v0.1.2 h1:BBcrXl+NxdsvuRsZuJbvIFxMv5QIXqWBzhXOcr5KUX8=
 github.com/qlik-oss/k-apis v0.1.2/go.mod h1:yoYGgPJ/H0t9H3NSq64dWfyQY6QWi2L9c+hCJoVO03U=
-github.com/qlik-oss/kustomize/api v0.3.3-0.20200514233516-4ac83864b7bd h1:dYd6duTr54L7OqykGkd3Z+336frAvzsibWNYruYkYVc=
-github.com/qlik-oss/kustomize/api v0.3.3-0.20200514233516-4ac83864b7bd/go.mod h1:zh3yFgE5zFk1kreqzVyyj1eXyIxQJT53l4zSg8Wt4SA=
+github.com/qlik-oss/kustomize/api v0.3.3-0.20200424070349-b0312eb71568 h1:wHOUCGfnmgYqW3aCjuP3fXmB2T/uZXMvltO+F3us83E=
+github.com/qlik-oss/kustomize/api v0.3.3-0.20200424070349-b0312eb71568/go.mod h1:Yg8bqX8Mq/eSgXfcenxCxhZuSXg+NCsKq6NBdch/oUc=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
 github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be h1:ta7tUOvsPHVHGom5hKW5VXNc2xZIkfCKP8iaqOyYtUQ=
 github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be/go.mod h1:MIDFMn7db1kT65GmV94GzpX9Qdi7N/pQlwb+AN8wh+Q=
--- a/pkg/api/preflight_apis.go
+++ b/pkg/api/preflight_apis.go
@@ -133,6 +133,6 @@ func (p *PreflightConfig) Initialize() error {
 	p.AddMinMongoV("3.6")
 	p.AddImage("nginx", "nginx")
 	p.AddImage("netcat", "subfuzion/netcat")
-	p.AddImage("preflight-mongo", "qlik-docker-oss.bintray.io/preflight-mongo")
+	p.AddImage("mongo", "mongo")
 	return p.Write()
 }
--- a/pkg/preflight/mongo_check.go
+++ b/pkg/preflight/mongo_check.go
@@ -16,8 +16,7 @@ import (
 )

 const (
-	preflight_mongo = "preflight-mongo"
-	caCertMountPath = "/etc/ssl/certs/ca-certificates.crt"
+	mongo = "mongo"
 )

 func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace string, preflightOpts *PreflightOptions, cleanup bool) error {
@@ -25,37 +24,47 @@ func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace st
 		qp.P.LogVerboseMessage("Preflight mongodb check: \n")
 		qp.P.LogVerboseMessage("------------------------ \n")
 	}
-	var currentCR *qapi.QliksenseCR
-	var err error
-	qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
-	qConfig.SetNamespace(namespace)
-	currentCR, err = qConfig.GetCurrentCR()
-	if err != nil {
-		qp.P.LogVerboseMessage("Unable to retrieve current CR: %v\n", err)
-		return err
-	}
-	decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
-	if err != nil {
-		qp.P.LogVerboseMessage("An error occurred while retrieving mongodbUrl from current CR: %v\n", err)
-		return err
-	}
-	if preflightOpts.MongoOptions.MongodbUrl == "" && !cleanup {
+	if preflightOpts != nil && preflightOpts.MongoOptions.MongodbUrl == "" && !cleanup {
 		// infer mongoDbUrl from currentCR
 		qp.P.LogVerboseMessage("MongoDbUri is empty, infer from CR\n")
-		preflightOpts.MongoOptions.MongodbUrl = strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri"))
-	}
+		qConfig := qapi.NewQConfig(qp.Q.QliksenseHome)
+		var currentCR *qapi.QliksenseCR

-	if preflightOpts.MongoOptions.CaCertFile == "" && !cleanup {
-		caCertStr := decryptedCR.Spec.GetFromSecrets("qliksense", "caCertificates")
+		var err error
+		qConfig.SetNamespace(namespace)
+		currentCR, err = qConfig.GetCurrentCR()
+		if err != nil {
+			qp.P.LogVerboseMessage("Unable to retrieve current CR: %v\n", err)
+			return err
+		}
+		decryptedCR, err := qConfig.GetDecryptedCr(currentCR)
+		if err != nil {
+			qp.P.LogVerboseMessage("An error occurred while retrieving mongodbUrl from current CR: %v\n", err)
+			return err
+		}
+		preflightOpts.MongoOptions.MongodbUrl = strings.TrimSpace(decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbUri"))
 		tmpDir := os.TempDir()
 		caCrtFile := filepath.Join(tmpDir, "rootCA.crt")
-		api.LogDebugMessage("received ca crt: %s\n", caCertStr)
-		if err := ioutil.WriteFile(caCrtFile, []byte(caCertStr), 0644); err != nil {
-			return fmt.Errorf("unable to write CA crt to file: %v", err)
-		}
-		preflightOpts.MongoOptions.CaCertFile = caCrtFile
-	}
+		clientCrtFile := filepath.Join(tmpDir, "mongoClient.crt")
+		caCertStr := decryptedCR.Spec.GetFromSecrets("qliksense", "caCertificates")
+		clientCertStr := decryptedCR.Spec.GetFromSecrets("qliksense", "mongoDbClientCrt")

+		if preflightOpts.MongoOptions.CaCertFile == "" && caCertStr != "" {
+			api.LogDebugMessage("received ca crt: %s\n", caCertStr)
+			if err := ioutil.WriteFile(caCrtFile, []byte(caCertStr), 0644); err != nil {
+				return fmt.Errorf("unable to write CA crt to file: %v", err)
+			}
+			preflightOpts.MongoOptions.CaCertFile = caCrtFile
+		}
+
+		if preflightOpts.MongoOptions.ClientCertFile == "" && clientCertStr != "" {
+			api.LogDebugMessage("received client crt: %s\n", clientCertStr)
+			if err := ioutil.WriteFile(clientCrtFile, []byte(clientCertStr), 0644); err != nil {
+				return fmt.Errorf("unable to write client crt to file: %v", err)
+			}
+			preflightOpts.MongoOptions.ClientCertFile = clientCrtFile
+		}
+	}
 	if !cleanup {
 		qp.P.LogVerboseMessage("MongodbUrl: %s\n", preflightOpts.MongoOptions.MongodbUrl)

@@ -65,11 +74,9 @@ func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace st
 			return errors.New("MongoDbUrl is empty")
 		}
 	}
-
 	if err := qp.mongoConnCheck(kubeConfigContents, namespace, preflightOpts, cleanup); err != nil {
 		return err
 	}
-
 	if !cleanup {
 		qp.P.LogVerboseMessage("Completed preflight mongodb check\n")
 	}
@@ -77,7 +84,8 @@ func (qp *QliksensePreflight) CheckMongo(kubeConfigContents []byte, namespace st
 }

 func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespace string, preflightOpts *PreflightOptions, cleanup bool) error {
-	caCertSecretName := "ca-certificates-crt"
+	caCertSecretName := "preflight-mongo-test-cacert"
+	clientCertSecretName := "preflight-mongo-test-clientcert"
 	mongoPodName := "pf-mongo-pod"
 	clientset, _, err := getK8SClientSet(kubeConfigContents, "")
 	if err != nil {
@@ -86,11 +94,11 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 	}

 	// cleanup before starting check
-	qp.runMongoCleanup(clientset, namespace, mongoPodName, caCertSecretName)
+	qp.runMongoCleanup(clientset, namespace, mongoPodName, caCertSecretName, clientCertSecretName)
 	if cleanup {
 		return nil
 	}
-	secrets := map[string]string{}
+	var secrets []string
 	if preflightOpts.MongoOptions.CaCertFile != "" {
 		caCertSecret, err := qp.createSecret(clientset, namespace, preflightOpts.MongoOptions.CaCertFile, caCertSecretName)
 		if err != nil {
@@ -99,19 +107,52 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 		}

 		defer qp.deleteK8sSecret(clientset, namespace, caCertSecret.Name)
-		secrets[caCertSecretName] = caCertMountPath
+		secrets = append(secrets, caCertSecretName)
+	}
+	if preflightOpts.MongoOptions.ClientCertFile != "" {
+		clientCertSecret, err := qp.createSecret(clientset, namespace, preflightOpts.MongoOptions.ClientCertFile, clientCertSecretName)
+		if err != nil {
+			err = fmt.Errorf("unable to create a client cert kubernetes secret: %v\n", err)
+			return err
+		}
+
+		defer qp.deleteK8sSecret(clientset, namespace, clientCertSecret.Name)
+		secrets = append(secrets, clientCertSecretName)
 	}

-	commandToRun := []string{"./preflight-mongo", fmt.Sprintf(`-url="%s"`, preflightOpts.MongoOptions.MongodbUrl)}
+	mongoCommand := strings.Builder{}
+	mongoCommand.WriteString(fmt.Sprintf("sleep 10;mongo %s", preflightOpts.MongoOptions.MongodbUrl))
+	if preflightOpts.MongoOptions.Username != "" {
+		mongoCommand.WriteString(fmt.Sprintf(" --username %s", preflightOpts.MongoOptions.Username))
+		api.LogDebugMessage("Adding username: Mongo command: %s\n", mongoCommand.String())
+	}
+	if preflightOpts.MongoOptions.Password != "" {
+		mongoCommand.WriteString(fmt.Sprintf(" --password %s", preflightOpts.MongoOptions.Password))
+		api.LogDebugMessage("Adding username and password\n")
+	}
+	if preflightOpts.MongoOptions.Tls || preflightOpts.MongoOptions.ClientCertFile != "" {
+		mongoCommand.WriteString(" --tls")
+		api.LogDebugMessage("Adding --tls: Mongo command: %s\n", mongoCommand.String())
+	}
+	if preflightOpts.MongoOptions.CaCertFile != "" {
+		mongoCommand.WriteString(fmt.Sprintf(" --tlsCAFile=/etc/ssl/%s/%[1]s", caCertSecretName))
+		api.LogDebugMessage("Adding caCertFile:  Mongo command: %s\n", mongoCommand.String())
+	}
+	if preflightOpts.MongoOptions.ClientCertFile != "" {
+		mongoCommand.WriteString(fmt.Sprintf(" --tlsCertificateKeyFile=/etc/ssl/%s/%[1]s", clientCertSecretName))
+		api.LogDebugMessage("Adding clientCertFile:  Mongo command: %s\n", mongoCommand.String())
+	}
+	mongoCommand.WriteString(` --eval "print(\"connected to mongo\")"`)
+
+	commandToRun := []string{"sh", "-c", mongoCommand.String()}
 	api.LogDebugMessage("Mongo command: %s\n", strings.Join(commandToRun, " "))

 	// create a pod
-	imageName, err := qp.GetPreflightConfigObj().GetImageName(preflight_mongo, true)
+	imageName, err := qp.GetPreflightConfigObj().GetImageName(mongo, true)
 	if err != nil {
 		err = fmt.Errorf("unable to retrieve image : %v\n", err)
 		return err
 	}
-	api.LogDebugMessage("image name to be used: %s\n", imageName)
 	mongoPod, err := qp.createPreflightTestPod(clientset, namespace, mongoPodName, imageName, secrets, commandToRun)
 	if err != nil {
 		err = fmt.Errorf("unable to create pod : %v\n", err)
@@ -140,7 +181,7 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 	}

 	// check if connection succeeded
-	stringToCheck := "qlik - connection succeeded!!"
+	stringToCheck := "Implicit session:"
 	if strings.Contains(logStr, stringToCheck) {
 		qp.P.LogVerboseMessage("Preflight mongo check: PASSED\n")
 	} else {
@@ -153,7 +194,7 @@ func (qp *QliksensePreflight) mongoConnCheck(kubeConfigContents []byte, namespac
 func (qp *QliksensePreflight) checkMongoVersion(logStr string) (bool, error) {
 	// check mongo server version
 	api.LogDebugMessage("Minimum required mongo version: %s\n", qp.GetPreflightConfigObj().GetMinMongoVersion())
-	mongoVersionStrToCheck := "qlik mongo server version:"
+	mongoVersionStrToCheck := "MongoDB server version:"
 	if strings.Contains(logStr, mongoVersionStrToCheck) {
 		logLines := strings.Split(logStr, "\n")
 		for _, eachline := range logLines {
@@ -162,7 +203,7 @@ func (qp *QliksensePreflight) checkMongoVersion(logStr string) (bool, error) {
 				if len(mongoVersionLog) < 2 {
 					continue
 				}
-				mongoVersionStr := strings.ReplaceAll(strings.TrimSpace(mongoVersionLog[1]), `"`, "")
+				mongoVersionStr := strings.TrimSpace(mongoVersionLog[1])
 				api.LogDebugMessage("Extracted mongo version from pod log: %s\n", mongoVersionStr)
 				currentMongoVersionSemver, err := semver.NewVersion(mongoVersionStr)
 				if err != nil {
@@ -201,7 +242,8 @@ func (qp *QliksensePreflight) createSecret(clientset *kubernetes.Clientset, name
 	return certSecret, nil
 }

-func (qp *QliksensePreflight) runMongoCleanup(clientset *kubernetes.Clientset, namespace, mongoPodName, caCertSecretName string) {
+func (qp *QliksensePreflight) runMongoCleanup(clientset *kubernetes.Clientset, namespace, mongoPodName, caCertSecretName, clientCertSecretName string) {
 	qp.deletePod(clientset, namespace, mongoPodName)
 	qp.deleteK8sSecret(clientset, namespace, caCertSecretName)
+	qp.deleteK8sSecret(clientset, namespace, clientCertSecretName)
 }
--- a/pkg/preflight/preflight_utils.go
+++ b/pkg/preflight/preflight_utils.go
@@ -12,6 +12,7 @@ import (
 	"time"

 	"github.com/mitchellh/go-homedir"
+	"github.com/pkg/errors"
 	"github.com/qlik-oss/sense-installer/pkg/api"
 	"github.com/qlik-oss/sense-installer/pkg/qliksense"
 	appsv1 "k8s.io/api/apps/v1"
@@ -39,8 +40,12 @@ func (p *PreflightOptions) LogVerboseMessage(strMessage string, args ...interfac
 }

 type MongoOptions struct {
-	MongodbUrl string
-	CaCertFile string
+	MongodbUrl     string
+	Username       string
+	Password       string
+	CaCertFile     string
+	ClientCertFile string
+	Tls            bool
 }

 var gracePeriod int64 = 0
@@ -110,13 +115,13 @@ func getK8SClientSet(kubeconfig []byte, contextName string) (*kubernetes.Clients
 	if len(kubeconfig) == 0 {
 		clientConfig, err = rest.InClusterConfig()
 		if err != nil {
-			err = fmt.Errorf("Unable to load in-cluster kubeconfig: %w", err)
+			err = errors.Wrap(err, "Unable to load in-cluster kubeconfig")
 			return nil, nil, err
 		}
 	} else {
 		config, err := clientcmd.Load(kubeconfig)
 		if err != nil {
-			err = fmt.Errorf("Unable to load kubeconfig: %w", err)
+			err = errors.Wrap(err, "Unable to load kubeconfig")
 			return nil, nil, err
 		}
 		if contextName != "" {
@@ -124,13 +129,13 @@ func getK8SClientSet(kubeconfig []byte, contextName string) (*kubernetes.Clients
 		}
 		clientConfig, err = clientcmd.NewDefaultClientConfig(*config, &clientcmd.ConfigOverrides{}).ClientConfig()
 		if err != nil {
-			err = fmt.Errorf("Unable to create client config from config: %w", err)
+			err = errors.Wrap(err, "Unable to create client config from config")
 			return nil, nil, err
 		}
 	}
 	clientset, err := kubernetes.NewForConfig(clientConfig)
 	if err != nil {
-		err = fmt.Errorf("Unable to create clientset: %w", err)
+		err = errors.Wrap(err, "Unable to create clientset")
 		return nil, nil, err
 	}
 	return clientset, clientConfig, nil
@@ -181,7 +186,7 @@ func (qp *QliksensePreflight) createPreflightTestDeployment(clientset *kubernete
 		result, err = deploymentsClient.Create(deployment)
 		return err
 	}); err != nil {
-		err = fmt.Errorf("unable to create deployments in the %s namespace: %w", namespace, err)
+		err = errors.Wrapf(err, "unable to create deployments in the %s namespace", namespace)
 		return nil, err
 	}
 	qp.P.LogVerboseMessage("Created deployment %q\n", result.GetObjectMeta().GetName())
@@ -196,7 +201,7 @@ func getDeployment(clientset *kubernetes.Clientset, namespace, depName string) (
 		deployment, err = deploymentsClient.Get(depName, v1.GetOptions{})
 		return err
 	}); err != nil {
-		err = fmt.Errorf("unable to get deployments in the %s namespace: %w", namespace, err)
+		err = errors.Wrapf(err, "unable to get deployments in the %s namespace", namespace)
 		api.LogDebugMessage("%v\n", err)
 		return nil, err
 	}
@@ -266,7 +271,7 @@ func getService(clientset *kubernetes.Clientset, namespace, svcName string) (*ap
 		svc, err = servicesClient.Get(svcName, v1.GetOptions{})
 		return err
 	}); err != nil {
-		err = fmt.Errorf("unable to get services in the %s namespace: %w", namespace, err)
+		err = errors.Wrapf(err, "unable to get services in the %s namespace", namespace)
 		return nil, err
 	}

@@ -309,7 +314,7 @@ func (qp *QliksensePreflight) deletePod(clientset *kubernetes.Clientset, namespa
 	return nil
 }

-func (qp *QliksensePreflight) createPreflightTestPod(clientset *kubernetes.Clientset, namespace, podName, imageName string, secretNames map[string]string, commandToRun []string) (*apiv1.Pod, error) {
+func (qp *QliksensePreflight) createPreflightTestPod(clientset *kubernetes.Clientset, namespace, podName, imageName string, secretNames []string, commandToRun []string) (*apiv1.Pod, error) {
 	// build the pod definition we want to deploy
 	pod := &apiv1.Pod{
 		ObjectMeta: v1.ObjectMeta{
@@ -332,7 +337,7 @@ func (qp *QliksensePreflight) createPreflightTestPod(clientset *kubernetes.Clien
 		},
 	}
 	if len(secretNames) > 0 {
-		for secretName, mountPath := range secretNames {
+		for _, secretName := range secretNames {
 			pod.Spec.Volumes = append(pod.Spec.Volumes, apiv1.Volume{
 				Name: secretName,
 				VolumeSource: apiv1.VolumeSource{
@@ -341,7 +346,7 @@ func (qp *QliksensePreflight) createPreflightTestPod(clientset *kubernetes.Clien
 						Items: []apiv1.KeyToPath{
 							{
 								Key:  secretName,
-								Path: filepath.Base(mountPath),
+								Path: secretName,
 							},
 						},
 					},
@@ -350,7 +355,7 @@ func (qp *QliksensePreflight) createPreflightTestPod(clientset *kubernetes.Clien
 			if len(pod.Spec.Containers) > 0 {
 				pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, apiv1.VolumeMount{
 					Name:      secretName,
-					MountPath: filepath.Dir(mountPath),
+					MountPath: "/etc/ssl/" + secretName,
 					ReadOnly:  true,
 				})
 			}
@@ -465,13 +470,13 @@ func waitForPod(clientset *kubernetes.Clientset, namespace string, pod *apiv1.Po
 	}
 	validateFunc := func(data interface{}) bool {
 		po := data.(*apiv1.Pod)
-		return po.Status.Phase == apiv1.PodRunning || po.Status.Phase == apiv1.PodSucceeded || po.Status.Phase == apiv1.PodFailed
+		return len(po.Status.ContainerStatuses) > 0 && po.Status.ContainerStatuses[0].Ready
 	}

 	if err := waitForResource(checkFunc, validateFunc); err != nil {
 		return err
 	}
-	if pod.Status.Phase != apiv1.PodRunning && pod.Status.Phase != apiv1.PodSucceeded && pod.Status.Phase != apiv1.PodFailed {
+	if len(pod.Status.ContainerStatuses) == 0 || !pod.Status.ContainerStatuses[0].Ready {
 		err = fmt.Errorf("container is taking much longer than expected")
 		return err
 	}
@@ -486,6 +491,7 @@ func waitForPodToDie(clientset *kubernetes.Clientset, namespace string, pod *api
 			err = fmt.Errorf("unable to retrieve %s pod by name", podName)
 			return nil, err
 		}
+		api.LogDebugMessage("pod status: %v\n", po.Status.Phase)
 		return po, nil
 	}
 	validateFunc := func(r interface{}) bool {
--- a/pkg/qliksense/docker_test.go
+++ b/pkg/qliksense/docker_test.go
@@ -245,7 +245,7 @@ spec:
 		t.Fatal("expected to find the netcat Preflight image in the list, but it wasn't there")
 	}
 	if !haveMatchingImage(func(image string) bool {
-		return image == "qlik-docker-oss.bintray.io/preflight-mongo"
+		return image == "mongo"
 	}) {
 		t.Fatal("expected to find the mongo Preflight image in the list, but it wasn't there")
 	}