How do we use external fqdn's with replicaset

I’m trying to automate deployment of mongodb, but i keep running around i cockles regarding replicasets.
If i deploy 3 instances using replicaset and and 3 nodes using localhostnames
I then expose those using traefic to add TLS and route 3 host names into each of the 3 internal host.
But no matter what i do it keep forcing my client to try and connect to the INTERAL host names
If i try and configure the replicaset using the external host names, it keeps failing with an error similar to “host not in host list” … I assume this id due to

.admin().command({ replSetReconfig: rsConfig, force: force }, {})

does not know how to connect using TLS

If i add the external domains to --bind_ip … mongodb crashes with an error similar to “refuses to listen to address” … From what i could understand it’s simply resolving the host name and try to listen to the external IP witch ofc will never work …
I then tried “hacking” it using the guide from by updating db.system.replset but then mongod goes into a weird state when it no longer things it’s part of the replica set, and data is not replicated.
So how do i make replicasets stop sending internal host names OR tell the replicaset to use TLS when validating the config ?
And no, assigning public IP’s to each host is not an option.
And only publishing “the master” is not an option, since ( as far as i know ) there is no way for kubernetes to know what host is the primary at any given moment

So i got a lot of things wrong here.
and most embarrassingly it turns out the main issue I was having issues in all my test of different things, was the fact i had all my IngressRouteTCP’s pointing to the headless service and not a dedicated service it was intended.
So when testing with external hostnames i would constantly get errors about host not being in config or host x1 and x0 being the same and so on.
So starting mongod with --replSet rs0 and --tlsMode preferTLS works as long as requests always go to the correct mongodb host *facepalm*
Key is using --tlsMode preferTLS this tells mongod to connect to other members using tls, but other clients can connect without.