From 29e8f437f0b70f636dc5d1ea5ac2bd68462c0684 Mon Sep 17 00:00:00 2001
From: chenfei <fei.chen@pingcap.com>
Date: Mon, 28 Oct 2024 17:46:27 +0800
Subject: [PATCH] Mount cluster client secret only if the clusterTLSSecretName
 is unset

---
 pkg/manager/member/ticdc_member_manager.go | 26 +++++++++++++---------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/pkg/manager/member/ticdc_member_manager.go b/pkg/manager/member/ticdc_member_manager.go
index 5a06f3006af..e5f3eb37678 100644
--- a/pkg/manager/member/ticdc_member_manager.go
+++ b/pkg/manager/member/ticdc_member_manager.go
@@ -396,10 +396,6 @@ func getNewTiCDCStatefulSet(tc *v1alpha1.TidbCluster, cm *corev1.ConfigMap) (*ap
 			Name:      ticdcCertVolumeMount,
 			ReadOnly:  true,
 			MountPath: constants.TiCDCCertPath,
-		}, corev1.VolumeMount{
-			Name:      util.ClusterClientVolName,
-			ReadOnly:  true,
-			MountPath: util.ClusterClientTLSPath,
 		})
 
 		vols = append(vols, corev1.Volume{
@@ -408,13 +404,23 @@ func getNewTiCDCStatefulSet(tc *v1alpha1.TidbCluster, cm *corev1.ConfigMap) (*ap
 					SecretName: getTiCDCClusterTLSCertSecretName(tc),
 				},
 			},
-		}, corev1.Volume{
-			Name: util.ClusterClientVolName, VolumeSource: corev1.VolumeSource{
-				Secret: &corev1.SecretVolumeSource{
-					SecretName: util.ClusterClientTLSSecretName(tc.Name),
-				},
-			},
 		})
+
+		// For compatibility, mount the cluster client TLS secret if the ClusterTLSSecretName is unset
+		if tc.Spec.TiCDC.ClusterTLSSecretName == "" {
+			volMounts = append(volMounts, corev1.VolumeMount{
+				Name:      util.ClusterClientVolName,
+				ReadOnly:  true,
+				MountPath: util.ClusterClientTLSPath,
+			})
+			vols = append(vols, corev1.Volume{
+				Name: util.ClusterClientVolName, VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName: util.ClusterClientTLSSecretName(tc.Name),
+					},
+				},
+			})
+		}
 	}
 
 	// handle StorageVolumes and AdditionalVolumeMounts in ComponentSpec