Skip to content

Commit

Permalink
[bitnami/etcd] Added back support for autoTLS
Browse files Browse the repository at this point in the history 
Signed-off-by: Khoi Pham <[email protected]>
  • Loading branch information
@pckhoi
pckhoi committed Jan 14, 2025
1 parent 154e2c3 commit d8a04ae
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 11 deletions.
1 change: 1 addition & 0 deletions bitnami/etcd/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -707,6 +707,7 @@ This version introduces the following breaking changes:

- Remove `initialClusterState` which was unreliable at detecting cluster state. From now on, each node will contact other members to determine cluster state. If no members are available and the data dir is empty, then it bootstraps a new cluster.
- Remove `removeMemberOnContainerTermination` which was unreliable at removing stale members during replica count updates. Instead, a pre-upgrade hook is added to check and remove stale members.
- Remove support for manual scaling with `kubectl` or autoscaler. Upgrading of any kind including increasing replica count must be done with `helm upgrade` exclusively. CD automation tools that respect Helm hooks such as ArgoCD can also be used.

### To 10.7.0

Expand Down
25 changes: 14 additions & 11 deletions bitnami/etcd/templates/preupgrade-hook-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ spec:
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: ETCD_ON_K8S
value: "yes"
- name: ETCD_DATA_DIR
value: "/bitnami/etcd/data"
{{- if or .Values.auth.rbac.create .Values.auth.rbac.enabled }}
- name: ETCD_ROOT_PASSWORD
valueFrom:
Expand All @@ -98,12 +100,24 @@ spec:
- name: ETCD_INITIAL_CLUSTER
value: {{ join "," $initialCluster | quote }}
{{- end }}
{{- if and .Values.auth.client.secureTransport .Values.auth.client.useAutoTLS }}
- name: ETCD_AUTO_TLS
value: "true"
{{- else if .Values.auth.client.secureTransport }}
- name: ETCD_CERT_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certFilename }}"
- name: ETCD_KEY_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.certKeyFilename }}"
{{- if .Values.auth.client.enableAuthentication }}
- name: ETCD_CLIENT_CERT_AUTH
value: "true"
- name: ETCD_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}"
{{- else if .Values.auth.client.caFilename }}
- name: ETCD_TRUSTED_CA_FILE
value: "/opt/bitnami/etcd/certs/client/{{ .Values.auth.client.caFilename | default "ca.crt" }}"
{{- end }}
{{- end }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
Expand Down Expand Up @@ -138,11 +152,6 @@ spec:
mountPath: /opt/bitnami/etcd/certs/client/
readOnly: true
{{- end }}
{{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }}
- name: etcd-peer-certs
mountPath: /opt/bitnami/etcd/certs/peer/
readOnly: true
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
Expand All @@ -166,12 +175,6 @@ spec:
secretName: {{ required "A secret containing the client certificates is required" (tpl .Values.auth.client.existingSecret .) }}
defaultMode: 256
{{- end }}
{{- if or .Values.auth.peer.enableAuthentication (and .Values.auth.peer.secureTransport (not .Values.auth.peer.useAutoTLS )) }}
- name: etcd-peer-certs
secret:
secretName: {{ required "A secret containing the peer certificates is required" (tpl .Values.auth.peer.existingSecret .) }}
defaultMode: 256
{{- end }}
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}

0 comments on commit d8a04ae

Please sign in to comment.