From fcda99e0c41a95ebb560161de0f6dc822089e9c7 Mon Sep 17 00:00:00 2001
From: Andrii Dema <a.dema@jazzserve.com>
Date: Thu, 8 May 2025 07:48:01 +0300
Subject: [PATCH 1/4] K8SPSMDB-1154: disable encryption by default for inMemory

https://perconadev.atlassian.net/browse/K8SPSMDB-1154
---
 pkg/apis/psmdb/v1/psmdb_defaults.go | 10 ++++++++++
 pkg/psmdb/statefulset.go            |  4 ++++
 2 files changed, 14 insertions(+)

diff --git a/pkg/apis/psmdb/v1/psmdb_defaults.go b/pkg/apis/psmdb/v1/psmdb_defaults.go
index 4e41f089c..f3f8f6c48 100644
--- a/pkg/apis/psmdb/v1/psmdb_defaults.go
+++ b/pkg/apis/psmdb/v1/psmdb_defaults.go
@@ -727,6 +727,16 @@ func (rs *ReplsetSpec) SetDefaults(platform version.Platform, cr *PerconaServerM
 		}
 	}
 
+	if rs.Storage.Engine == StorageEngineInMemory {
+		encryptionEnabled, err := rs.Configuration.IsEncryptionEnabled()
+		if err != nil {
+			return errors.Wrap(err, "failed to parse replset configuration")
+		}
+		if encryptionEnabled != nil && *encryptionEnabled {
+			return errors.New("inMemory storage engine doesn't support encryption")
+		}
+	}
+
 	return nil
 }
 
diff --git a/pkg/psmdb/statefulset.go b/pkg/psmdb/statefulset.go
index c4aab9968..dfdbe6bc9 100644
--- a/pkg/psmdb/statefulset.go
+++ b/pkg/psmdb/statefulset.go
@@ -584,7 +584,11 @@ func isEncryptionEnabled(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec)
 	if err != nil {
 		return false, errors.Wrap(err, "failed to parse replset configuration")
 	}
+
 	if enabled == nil {
+		if replset.Storage.Engine == api.StorageEngineInMemory {
+			return false, nil // disabled for inMemory engine by default
+		}
 		return true, nil // true by default
 	}
 	return *enabled, nil

From 8f992ab167635e312f451543319a73cc09529740 Mon Sep 17 00:00:00 2001
From: Andrii Dema <a.dema@jazzserve.com>
Date: Thu, 8 May 2025 11:55:10 +0300
Subject: [PATCH 2/4] fix

---
 pkg/apis/psmdb/v1/psmdb_defaults.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/apis/psmdb/v1/psmdb_defaults.go b/pkg/apis/psmdb/v1/psmdb_defaults.go
index f3f8f6c48..a24fe7a65 100644
--- a/pkg/apis/psmdb/v1/psmdb_defaults.go
+++ b/pkg/apis/psmdb/v1/psmdb_defaults.go
@@ -727,7 +727,7 @@ func (rs *ReplsetSpec) SetDefaults(platform version.Platform, cr *PerconaServerM
 		}
 	}
 
-	if rs.Storage.Engine == StorageEngineInMemory {
+	if rs.Storage != nil && rs.Storage.Engine == StorageEngineInMemory {
 		encryptionEnabled, err := rs.Configuration.IsEncryptionEnabled()
 		if err != nil {
 			return errors.Wrap(err, "failed to parse replset configuration")

From 23d9ce0543250918a883de73d66e335ab71ef2ee Mon Sep 17 00:00:00 2001
From: Andrii Dema <a.dema@jazzserve.com>
Date: Wed, 21 May 2025 13:17:37 +0300
Subject: [PATCH 3/4] small improvement

---
 pkg/apis/psmdb/v1/psmdb_defaults.go | 19 +++++++++++++++++--
 pkg/apis/psmdb/v1/psmdb_types.go    |  4 ++--
 pkg/psmdb/container.go              |  4 ++--
 pkg/psmdb/statefulset.go            | 17 +----------------
 4 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/pkg/apis/psmdb/v1/psmdb_defaults.go b/pkg/apis/psmdb/v1/psmdb_defaults.go
index f6c91246b..2d19c62bf 100644
--- a/pkg/apis/psmdb/v1/psmdb_defaults.go
+++ b/pkg/apis/psmdb/v1/psmdb_defaults.go
@@ -633,6 +633,21 @@ func (cr *PerconaServerMongoDB) CheckNSetDefaults(ctx context.Context, platform
 	return nil
 }
 
+func (rs *ReplsetSpec) IsEncryptionEnabled() (bool, error) {
+	enabled, err := rs.Configuration.isEncryptionEnabled()
+	if err != nil {
+		return false, errors.Wrap(err, "failed to parse replset configuration")
+	}
+
+	if enabled == nil {
+		if rs.Storage.Engine == StorageEngineInMemory {
+			return false, nil // disabled for inMemory engine by default
+		}
+		return true, nil // true by default
+	}
+	return *enabled, nil
+}
+
 // SetDefaults set default options for the replset
 func (rs *ReplsetSpec) SetDefaults(platform version.Platform, cr *PerconaServerMongoDB, log logr.Logger) error {
 	if rs.VolumeSpec == nil {
@@ -735,11 +750,11 @@ func (rs *ReplsetSpec) SetDefaults(platform version.Platform, cr *PerconaServerM
 	}
 
 	if rs.Storage != nil && rs.Storage.Engine == StorageEngineInMemory {
-		encryptionEnabled, err := rs.Configuration.IsEncryptionEnabled()
+		encryptionEnabled, err := rs.IsEncryptionEnabled()
 		if err != nil {
 			return errors.Wrap(err, "failed to parse replset configuration")
 		}
-		if encryptionEnabled != nil && *encryptionEnabled {
+		if encryptionEnabled {
 			return errors.New("inMemory storage engine doesn't support encryption")
 		}
 	}
diff --git a/pkg/apis/psmdb/v1/psmdb_types.go b/pkg/apis/psmdb/v1/psmdb_types.go
index 40374a811..779945b40 100644
--- a/pkg/apis/psmdb/v1/psmdb_types.go
+++ b/pkg/apis/psmdb/v1/psmdb_types.go
@@ -556,8 +556,8 @@ func (conf MongoConfiguration) GetTLSMode() (string, error) {
 	return mode, nil
 }
 
-// IsEncryptionEnabled returns nil if "enableEncryption" field is not specified or the pointer to the value of this field
-func (conf MongoConfiguration) IsEncryptionEnabled() (*bool, error) {
+// isEncryptionEnabled returns nil if "enableEncryption" field is not specified or the pointer to the value of this field
+func (conf MongoConfiguration) isEncryptionEnabled() (*bool, error) {
 	m, err := conf.GetOptions("security")
 	if err != nil || m == nil {
 		return nil, err
diff --git a/pkg/psmdb/container.go b/pkg/psmdb/container.go
index a5e3fbd08..4c7b829f4 100644
--- a/pkg/psmdb/container.go
+++ b/pkg/psmdb/container.go
@@ -65,7 +65,7 @@ func container(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.R
 		}...)
 	}
 
-	encryptionEnabled, err := isEncryptionEnabled(cr, replset)
+	encryptionEnabled, err := replset.IsEncryptionEnabled()
 	if err != nil {
 		return corev1.Container{}, err
 	}
@@ -213,7 +213,7 @@ func containerArgs(ctx context.Context, cr *api.PerconaServerMongoDB, replset *a
 		args = append(args, "--shardsvr")
 	}
 
-	encryptionEnabled, err := isEncryptionEnabled(cr, replset)
+	encryptionEnabled, err := replset.IsEncryptionEnabled()
 	if err != nil {
 		logf.FromContext(ctx).Error(err, "failed to check if mongo encryption enabled")
 	}
diff --git a/pkg/psmdb/statefulset.go b/pkg/psmdb/statefulset.go
index 48880343e..da4204589 100644
--- a/pkg/psmdb/statefulset.go
+++ b/pkg/psmdb/statefulset.go
@@ -114,7 +114,7 @@ func StatefulSpec(ctx context.Context, cr *api.PerconaServerMongoDB, replset *ap
 			VolumeSource: customConf.Type.VolumeSource(configName),
 		})
 	}
-	encryptionEnabled, err := isEncryptionEnabled(cr, replset)
+	encryptionEnabled, err := replset.IsEncryptionEnabled()
 	if err != nil {
 		return appsv1.StatefulSetSpec{}, errors.Wrap(err, "failed to check if encryption is enabled")
 	}
@@ -578,18 +578,3 @@ func PodTopologySpreadConstraints(cr *api.PerconaServerMongoDB, tscs []corev1.To
 	}
 	return result
 }
-
-func isEncryptionEnabled(cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec) (bool, error) {
-	enabled, err := replset.Configuration.IsEncryptionEnabled()
-	if err != nil {
-		return false, errors.Wrap(err, "failed to parse replset configuration")
-	}
-
-	if enabled == nil {
-		if replset.Storage.Engine == api.StorageEngineInMemory {
-			return false, nil // disabled for inMemory engine by default
-		}
-		return true, nil // true by default
-	}
-	return *enabled, nil
-}

From ab1be45a35452d5d20912637f506f22dd6dd4c33 Mon Sep 17 00:00:00 2001
From: Andrii Dema <a.dema@jazzserve.com>
Date: Wed, 21 May 2025 14:04:20 +0300
Subject: [PATCH 4/4] fix manifests

---
 deploy/bundle.yaml      | 2 +-
 deploy/cw-bundle.yaml   | 2 +-
 deploy/cw-operator.yaml | 2 +-
 deploy/operator.yaml    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml
index dda12eec1..9d863e068 100644
--- a/deploy/bundle.yaml
+++ b/deploy/bundle.yaml
@@ -19788,7 +19788,7 @@ spec:
       serviceAccountName: percona-server-mongodb-operator
       containers:
         - name: percona-server-mongodb-operator
-          image: percona/percona-server-mongodb-operator:1.20.0
+          image: perconalab/percona-server-mongodb-operator:main
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
diff --git a/deploy/cw-bundle.yaml b/deploy/cw-bundle.yaml
index 111834cb6..010ee9f9f 100644
--- a/deploy/cw-bundle.yaml
+++ b/deploy/cw-bundle.yaml
@@ -19809,7 +19809,7 @@ spec:
       serviceAccountName: percona-server-mongodb-operator
       containers:
         - name: percona-server-mongodb-operator
-          image: percona/percona-server-mongodb-operator:1.20.0
+          image: perconalab/percona-server-mongodb-operator:main
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
diff --git a/deploy/cw-operator.yaml b/deploy/cw-operator.yaml
index e1effb043..b8ec3d38e 100644
--- a/deploy/cw-operator.yaml
+++ b/deploy/cw-operator.yaml
@@ -15,7 +15,7 @@ spec:
       serviceAccountName: percona-server-mongodb-operator
       containers:
         - name: percona-server-mongodb-operator
-          image: percona/percona-server-mongodb-operator:1.20.0
+          image: perconalab/percona-server-mongodb-operator:main
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
diff --git a/deploy/operator.yaml b/deploy/operator.yaml
index db09479e9..90d4d04a5 100644
--- a/deploy/operator.yaml
+++ b/deploy/operator.yaml
@@ -15,7 +15,7 @@ spec:
       serviceAccountName: percona-server-mongodb-operator
       containers:
         - name: percona-server-mongodb-operator
-          image: percona/percona-server-mongodb-operator:1.20.0
+          image: perconalab/percona-server-mongodb-operator:main
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3