Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-05 14:57:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/etcd] Add param auth.token.enabled to disable etcd auth (#14273)

Browse Source 
* Add param auth.token.enabled for etcd chart to disable etcd auth

Signed-off-by: Sam Xie <sam@samxie.me>

* Bump chart version to 8.7.0

Signed-off-by: Sam Xie <sam@samxie.me>

* Update README

Signed-off-by: Sam Xie <sam@samxie.me>

Signed-off-by: Sam Xie <sam@samxie.me>
Co-authored-by: Fran Mulero <fmulero@vmware.com>
This commit is contained in:
Sam Xie
2023-01-14 01:11:48 +08:00
committed by GitHub
parent 0a287df2c5
commit 210f917579
5 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/etcd/Chart.yaml
View File

@@ -26,4 +26,4 @@ name: etcd
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/etcd
- https://coreos.com/etcd/
version: 8.6.0
version: 8.7.0

1
bitnami/etcd/README.md
View File

@@ -93,6 +93,7 @@ The command removes all the Kubernetes components associated with the chart and
| `auth.rbac.rootPassword` | Root user password. The root user is always `root` | `""` |
| `auth.rbac.existingSecret` | Name of the existing secret containing credentials for the root user | `""` |
| `auth.rbac.existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` |
| `auth.token.enabled` | Enables token authentication | `true` |
| `auth.token.type` | Authentication token type. Allowed values: 'simple' or 'jwt' | `jwt` |
| `auth.token.privateKey.filename` | Name of the file containing the private key for signing the JWT token | `jwt-token.pem` |
| `auth.token.privateKey.existingSecret` | Name of the existing secret containing the private key for signing the JWT token | `""` |

2
bitnami/etcd/templates/_helpers.tpl
View File

@@ -110,7 +110,7 @@ Get the secret password key to be retrieved from etcd secret.
Return true if a secret object should be created for the etcd token private key
*/}}
{{- define "etcd.token.createSecret" -}}
{{- if and (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }}
{{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }}
{{- true -}}
{{- end -}}
{{- end -}}

2
bitnami/etcd/templates/statefulset.yaml
View File

@@ -162,12 +162,14 @@ spec:
name: {{ include "etcd.secretName" . }}
key: {{ include "etcd.secretPasswordKey" . }}
{{- end }}
{{- if .Values.auth.token.enabled }}
- name: ETCD_AUTH_TOKEN
{{- if eq .Values.auth.token.type "jwt" }}
value: {{ printf "jwt,priv-key=/opt/bitnami/etcd/certs/token/%s,sign-method=%s,ttl=%s" .Values.auth.token.privateKey.filename .Values.auth.token.signMethod .Values.auth.token.ttl | quote }}
{{- else if eq .Values.auth.token.type "simple" }}
value: "simple"
{{- end }}
{{- end }}
- name: ETCD_ADVERTISE_CLIENT_URLS
value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.client }},{{ $etcdClientProtocol }}://{{ $etcdFullname }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}"
- name: ETCD_LISTEN_CLIENT_URLS

3
bitnami/etcd/values.yaml
View File

@@ -117,6 +117,9 @@ auth:
## ref: https://etcd.io/docs/latest/learning/design-auth-v3/#two-types-of-tokens-simple-and-jwt
##
token:
## @param auth.token.enabled Enables token authentication
##
enabled: true
## @param auth.token.type Authentication token type. Allowed values: 'simple' or 'jwt'
## ref: https://etcd.io/docs/latest/op-guide/configuration/#--auth-token
##