fix mongos

percona · Sep 26, 2024 · cf4e799 · cf4e799
1 parent 734662e
commit cf4e799
Showing 1 changed file with 12 additions and 17 deletions.
diff --git a/pkg/psmdb/mongos.go b/pkg/psmdb/mongos.go
@@ -245,30 +245,25 @@ func mongosContainerArgs(cr *api.PerconaServerMongoDB, useConfigFile bool, cfgIn
 		"mongos",
 		"--bind_ip_all",
 		"--port=" + strconv.Itoa(int(msSpec.Port)),
-		"--sslAllowInvalidCertificates",
-		"--configdb",
-		configDB,
 	}
-	if cr.CompareVersion("1.7.0") >= 0 {
-		args = append(args,
-			"--relaxPermChecks",
-		)
+	if !cr.TLSEnabled() || *cr.Spec.TLS.AllowInvalidCertificates {
+		args = append(args, "--sslAllowInvalidCertificates")
 	}
+	args = append(args, []string{
+		"--configdb",
+		configDB,
+		"--relaxPermChecks",
+	}...)
 
-	if cr.TLSEnabled() {
-		if !*cr.Spec.TLS.AllowInvalidCertificates {
-			// remove --sslAllowInvalidCertificates
-			args = append(args[:3], args[3+1:]...)
-		}
-
-		args = append(args,
-			"--clusterAuthMode=x509",
-		)
-	} else if (cr.CompareVersion("1.16.0") >= 0 && cr.Spec.Unsafe.TLS) || (cr.CompareVersion("1.16.0") < 0 && cr.Spec.UnsafeConf) {
+	if (cr.TLSEnabled() && cr.Spec.TLS.Mode == api.TLSModeAllow) || cr.UnsafeTLSDisabled() || cr.Spec.Secrets.InternalKey != "" {
 		args = append(args,
 			"--clusterAuthMode=keyFile",
 			"--keyFile="+mongodSecretsDir+"/mongodb-key",
 		)
+	} else if cr.TLSEnabled() {
+		args = append(args,
+			"--clusterAuthMode=x509",
+		)
 	}
 
 	if cr.CompareVersion("1.16.0") >= 0 {