Enforcing TLS mode via Operators

Hi there,

I am trying to add requireTLS to force all connections to use TLS. It seems that for some reason, there is code in ps-entry.sh which is changing this to preferTLS.

I cannot find any document as to why this is happening, but it seems to be intentional. Is there a reason why this has been done in the operators or is this a bug?

2 Likes

in the line 411 of the ps-entry.sh, I found something about requireTLS, but unfortunately, I cannot set to requireTLS either

I have already set the net.tls.mode to requireTLS in cr.yml

  mongod:
    net:
      port: 27017
      hostPort: 0
      tls:
        mode: requireTLS

1 Like

Hello @wenjian and @kylem

thank you for submitting this. I will check with our eng team what can be done to set requireTLS.

1 Like

Seems it is not possible to set requireTLS now through the Operator.
I have raised an improvement in JIRA: https://jira.percona.com/browse/K8SPSMDB-515

I don’t have any confirmed ETA of when it is going to be resolved.
Please let me know if this is a hard blocker for you.

1 Like

Hi @spronin

That’s great, thanks for logging the improvement.

It is one of the blockers for using this Operator for my use case, so I will look at the operator once the feature set is further along.

Thank you

1 Like

same as @kylem , requireTLS is a mandatory security item to be follow.

1 Like