[bitnami/elasticsearch] Set usePasswordFiles=true by default (#32344)

* [bitnami/elasticsearch] Set `usePasswordFiles=true` by default Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Fix typo Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> --------- Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com>
2026-03-16 14:57:08 +08:00 · 2025-04-04 16:28:36 +02:00
parent 84a3fb444e
commit 3ab212e680
15 changed files with 109 additions and 23 deletions
--- a/bitnami/elasticsearch/CHANGELOG.md
+++ b/bitnami/elasticsearch/CHANGELOG.md
@@ -1,8 +1,13 @@
 # Changelog

-## 21.4.9 (2025-03-25)
+## 21.5.0 (2025-04-04)

-* [bitnami/elasticsearch] Release 21.4.9 ([#32601](https://github.com/bitnami/charts/pull/32601))
+* [bitnami/elasticsearch] Set `usePasswordFiles=true` by default ([#32344](https://github.com/bitnami/charts/pull/32344))
+
+## <small>21.4.9 (2025-03-25)</small>
+
+* [bitnami/*] Add tanzuCategory annotation (#32409) ([a8fba5c](https://github.com/bitnami/charts/commit/a8fba5cb01f6f4464ca7f69c50b0fbe97d837a95)), closes [#32409](https://github.com/bitnami/charts/issues/32409)
+* [bitnami/elasticsearch] Release 21.4.9 (#32601) ([2db1009](https://github.com/bitnami/charts/commit/2db10093cf6f47e959774f6c262b9314480a7bcb)), closes [#32601](https://github.com/bitnami/charts/issues/32601)

 ## <small>21.4.8 (2025-03-04)</small>

--- a/bitnami/elasticsearch/Chart.yaml
+++ b/bitnami/elasticsearch/Chart.yaml
@@ -35,4 +35,4 @@ maintainers:
 name: elasticsearch
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/elasticsearch
-version: 21.4.9
+version: 21.5.0
--- a/bitnami/elasticsearch/README.md
+++ b/bitnami/elasticsearch/README.md
@@ -297,6 +297,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
 | `clusterDomain`          | Kubernetes cluster domain name                                                          | `cluster.local` |
 | `extraDeploy`            | Array of extra objects to deploy with the release                                       | `[]`            |
 | `namespaceOverride`      | String to fully override common.names.namespace                                         | `""`            |
+| `usePasswordFiles`       | Mount credentials as files instead of using environment variables                       | `true`          |
 | `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false`         |
 | `diagnosticMode.command` | Command to override all containers in the deployment                                    | `["sleep"]`     |
 | `diagnosticMode.args`    | Args to override all containers in the deployment                                       | `["infinity"]`  |
--- a/bitnami/elasticsearch/templates/_helpers.tpl
+++ b/bitnami/elasticsearch/templates/_helpers.tpl
@@ -467,11 +467,16 @@ Add environment variables to configure database values
 {{- define "elasticsearch.configure.security" -}}
 - name: ELASTICSEARCH_ENABLE_SECURITY
  value: "true"
+{{- if .Values.usePasswordFiles }}
+- name: ELASTICSEARCH_PASSWORD_FILE
+  value: "/opt/bitnami/elasticsearch/secrets/elasticsearch-password"
+{{- else }}
 - name: ELASTICSEARCH_PASSWORD
  valueFrom:
    secretKeyRef:
        name: {{ include "elasticsearch.secretName" . }}
        key: elasticsearch-password
+{{- end }}
 - name: ELASTICSEARCH_ENABLE_FIPS_MODE
  value: {{ .Values.security.fipsMode | quote }}
 - name: ELASTICSEARCH_TLS_VERIFICATION_MODE
@@ -488,26 +493,41 @@ Add environment variables to configure database values
  value: "/opt/bitnami/elasticsearch/config/certs/{{ .Values.security.tls.truststoreFilename }}"
 {{- end }}
 {{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.keystorePassword .Values.security.tls.passwordsSecret) }}
+{{- if .Values.usePasswordFiles }}
+- name: ELASTICSEARCH_KEYSTORE_PASSWORD_FILE
+  value: {{ printf "/opt/bitnami/elasticsearch/secrets/%s" (include "elasticsearch.keystorePasswordKey" .) }}
+{{- else }}
 - name: ELASTICSEARCH_KEYSTORE_PASSWORD
  valueFrom:
    secretKeyRef:
      name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
      key: {{ include "elasticsearch.keystorePasswordKey" . | quote }}
 {{- end }}
+{{- end }}
 {{- if and (not .Values.security.tls.usePemCerts) (or .Values.security.tls.truststorePassword .Values.security.tls.passwordsSecret) }}
+{{- if .Values.usePasswordFiles }}
+- name: ELASTICSEARCH_TRUSTSTORE_PASSWORD_FILE
+  value: {{ printf "/opt/bitnami/elasticsearch/secrets/%s" (include "elasticsearch.truststorePasswordKey" .) }}
+{{- else }}
 - name: ELASTICSEARCH_TRUSTSTORE_PASSWORD
  valueFrom:
    secretKeyRef:
      name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
      key: {{ include "elasticsearch.truststorePasswordKey" . | quote }}
 {{- end }}
+{{- end }}
 {{- if and .Values.security.tls.usePemCerts (or .Values.security.tls.keyPassword .Values.security.tls.passwordsSecret) }}
+{{- if .Values.usePasswordFiles }}
+- name: ELASTICSEARCH_KEY_PASSWORD_FILE
+  value: {{ printf "/opt/bitnami/elasticsearch/secrets/%s" (include "elasticsearch.keyPasswordKey" .) }}
+{{- else }}
 - name: ELASTICSEARCH_KEY_PASSWORD
  valueFrom:
    secretKeyRef:
      name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
      key: {{ include "elasticsearch.keyPasswordKey" . | quote }}
 {{- end }}
+{{- end }}
 {{- end -}}

 {{/*
--- a/bitnami/elasticsearch/templates/coordinating/serviceaccount.yaml
+++ b/bitnami/elasticsearch/templates/coordinating/serviceaccount.yaml
@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}

-{{- if and (include "elasticsearch.coordinating.enabled" .) .Values.coordinating.serviceAccount.create -}}
+{{- if and (include "elasticsearch.coordinating.enabled" .) .Values.coordinating.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -16,4 +16,4 @@ metadata:
  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.coordinating.serviceAccount.automountServiceAccountToken }}
-{{- end -}}
+{{- end }}
--- a/bitnami/elasticsearch/templates/coordinating/statefulset.yaml
+++ b/bitnami/elasticsearch/templates/coordinating/statefulset.yaml
@@ -123,7 +123,7 @@ spec:
                      echo "Copied $file to $dst_file"
                  fi
              done
-              echo "All files have been copied." 
+              echo "All files have been copied."
          volumeMounts:
            - name: elasticsearch-certificates
              mountPath: /certs
@@ -234,9 +234,6 @@ spec:
            - name: ELASTICSEARCH_HEAP_SIZE
              value: {{ .Values.coordinating.heapSize | quote }}
            {{- end }}
-            {{- if .Values.security.enabled }}
-            {{- include "elasticsearch.configure.security" . | nindent 12 }}
-            {{- end }}
            {{- if .Values.coordinating.extraEnvVars }}
            {{- include "common.tplvalues.render" ( dict "value" .Values.coordinating.extraEnvVars "context" $ ) | nindent 12 }}
            {{- end }}
@@ -317,6 +314,10 @@ spec:
              subPath: app-volume-dir
            - name: data
              mountPath: /bitnami/elasticsearch/data
+            {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+            - name: elasticsearch-secrets
+              mountPath: /opt/bitnami/elasticsearch/secrets
+            {{- end }}
            {{- if .Values.config }}
            - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
              name: config
@@ -361,6 +362,17 @@ spec:
          emptyDir: {}
        - name: "data"
          emptyDir: {}
+        {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+        - name: elasticsearch-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "elasticsearch.secretName" . }}
+              {{- if or .Values.security.tls.passwordsSecret .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword }}
+              - secret:
+                  name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
+              {{- end }}
+        {{- end }}
        {{- if or .Values.config .Values.extraConfig }}
        - name: config
          configMap:
--- a/bitnami/elasticsearch/templates/data/serviceaccount.yaml
+++ b/bitnami/elasticsearch/templates/data/serviceaccount.yaml
@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}

-{{- if and (include "elasticsearch.data.enabled" .) .Values.data.serviceAccount.create -}}
+{{- if and (include "elasticsearch.data.enabled" .) .Values.data.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -16,4 +16,4 @@ metadata:
  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.data.serviceAccount.automountServiceAccountToken }}
-{{- end -}}
+{{- end }}
--- a/bitnami/elasticsearch/templates/data/statefulset.yaml
+++ b/bitnami/elasticsearch/templates/data/statefulset.yaml
@@ -148,7 +148,7 @@ spec:
                      echo "Copied $file to $dst_file"
                  fi
              done
-              echo "All files have been copied." 
+              echo "All files have been copied."
          volumeMounts:
            - name: elasticsearch-certificates
              mountPath: /certs
@@ -346,6 +346,10 @@ spec:
              subPath: app-volume-dirs
            - name: data
              mountPath: /bitnami/elasticsearch/data
+            {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+            - name: elasticsearch-secrets
+              mountPath: /opt/bitnami/elasticsearch/secrets
+            {{- end }}
            {{- if .Values.config }}
            - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
              name: config
@@ -388,6 +392,17 @@ spec:
      volumes:
        - name: empty-dir
          emptyDir: {}
+        {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+        - name: elasticsearch-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "elasticsearch.secretName" . }}
+              {{- if or .Values.security.tls.passwordsSecret .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword }}
+              - secret:
+                  name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
+              {{- end }}
+        {{- end }}
        {{- if or .Values.config .Values.extraConfig }}
        - name: config
          configMap:
--- a/bitnami/elasticsearch/templates/ingest/serviceaccount.yaml
+++ b/bitnami/elasticsearch/templates/ingest/serviceaccount.yaml
@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}

-{{- if and (include "elasticsearch.ingest.enabled" .) .Values.ingest.serviceAccount.create -}}
+{{- if and (include "elasticsearch.ingest.enabled" .) .Values.ingest.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -16,4 +16,4 @@ metadata:
  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.ingest.serviceAccount.automountServiceAccountToken }}
-{{- end -}}
+{{- end }}
--- a/bitnami/elasticsearch/templates/ingest/statefulset.yaml
+++ b/bitnami/elasticsearch/templates/ingest/statefulset.yaml
@@ -123,7 +123,7 @@ spec:
                      echo "Copied $file to $dst_file"
                  fi
              done
-              echo "All files have been copied." 
+              echo "All files have been copied."
          volumeMounts:
            - name: elasticsearch-certificates
              mountPath: /certs
@@ -317,6 +317,10 @@ spec:
              subPath: app-volume-dir
            - name: data
              mountPath: /bitnami/elasticsearch/data
+            {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+            - name: elasticsearch-secrets
+              mountPath: /opt/bitnami/elasticsearch/secrets
+            {{- end }}
            {{- if .Values.config }}
            - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
              name: config
@@ -361,6 +365,17 @@ spec:
          emptyDir: {}
        - name: "data"
          emptyDir: {}
+        {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+        - name: elasticsearch-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "elasticsearch.secretName" . }}
+              {{- if or .Values.security.tls.passwordsSecret .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword }}
+              - secret:
+                  name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
+              {{- end }}
+        {{- end }}
        {{- if or .Values.config .Values.extraConfig }}
        - name: config
          configMap:
--- a/bitnami/elasticsearch/templates/initialization-configmap.yaml
+++ b/bitnami/elasticsearch/templates/initialization-configmap.yaml
@@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name:  {{ printf "%s-init-scripts" (include "common.names.fullname" .) }}
+  name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }}
  namespace: {{ include "common.names.namespace" . | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
  {{- if .Values.commonAnnotations }}
--- a/bitnami/elasticsearch/templates/master/serviceaccount.yaml
+++ b/bitnami/elasticsearch/templates/master/serviceaccount.yaml
@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}

-{{- if and (include "elasticsearch.master.enabled" .) .Values.master.serviceAccount.create -}}
+{{- if and (include "elasticsearch.master.enabled" .) .Values.master.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -16,4 +16,4 @@ metadata:
  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.master.serviceAccount.automountServiceAccountToken }}
-{{- end -}}
+{{- end }}
--- a/bitnami/elasticsearch/templates/master/statefulset.yaml
+++ b/bitnami/elasticsearch/templates/master/statefulset.yaml
@@ -123,7 +123,7 @@ spec:
                      echo "Copied $file to $dst_file"
                  fi
              done
-              echo "All files have been copied." 
+              echo "All files have been copied."
          volumeMounts:
            - name: elasticsearch-certificates
              mountPath: /certs
@@ -345,6 +345,10 @@ spec:
              subPath: app-volume-dir
            - name: data
              mountPath: /bitnami/elasticsearch/data
+            {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+            - name: elasticsearch-secrets
+              mountPath: /opt/bitnami/elasticsearch/secrets
+            {{- end }}
            {{- if .Values.config }}
            - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
              name: config
@@ -386,6 +390,17 @@ spec:
      volumes:
        - name: empty-dir
          emptyDir: {}
+        {{- if and .Values.usePasswordFiles .Values.security.enabled }}
+        - name: elasticsearch-secrets
+          projected:
+            sources:
+              - secret:
+                  name: {{ include "elasticsearch.secretName" . }}
+              {{- if or .Values.security.tls.passwordsSecret .Values.security.tls.keystorePassword .Values.security.tls.truststorePassword .Values.security.tls.keyPassword }}
+              - secret:
+                  name: {{ include "elasticsearch.tlsPasswordsSecret" . }}
+              {{- end }}
+        {{- end }}
        {{- if or .Values.config .Values.extraConfig }}
        - name: config
          configMap:
--- a/bitnami/elasticsearch/templates/metrics/serviceaccount.yaml
+++ b/bitnami/elasticsearch/templates/metrics/serviceaccount.yaml
@@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}

-{{- if and .Values.metrics.enabled .Values.metrics.serviceAccount.create -}}
+{{- if and .Values.metrics.enabled .Values.metrics.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -16,4 +16,4 @@ metadata:
  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.metrics.serviceAccount.automountServiceAccountToken }}
-{{- end -}}
+{{- end }}
--- a/bitnami/elasticsearch/values.yaml
+++ b/bitnami/elasticsearch/values.yaml
@@ -69,6 +69,9 @@ extraDeploy: []
 ## @param namespaceOverride String to fully override common.names.namespace
 ##
 namespaceOverride: ""
+## @param usePasswordFiles Mount credentials as files instead of using environment variables
+##
+usePasswordFiles: true
 ## Enable diagnostic mode in the deployment
 ##
 diagnosticMode:
@@ -850,7 +853,7 @@ master:
    whenScaled: Retain
    ## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
    ##
-    whenDeleted: Retain   
+    whenDeleted: Retain
  ## Pods Service Account
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  ## @param master.serviceAccount.create Specifies whether a ServiceAccount should be created
@@ -1258,7 +1261,7 @@ data:
    ##
    whenDeleted: Retain

-    
+
  ## Pods Service Account
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  ## @param data.serviceAccount.create Specifies whether a ServiceAccount should be created