[bitnami/etcd] Add existingSecretPasswordKey field in auth.rbac (#7212)

* Adding existingSecretPasswordKey auth rbac param To replicate redis-cluster behavior, an existingSecretPasswordKey was added. Defaults to etcd-root-password to use the secret generated (or provided) for default secret * Bump etcd chart version - add readme for auth.rbac.existingSecretPasswordKey Co-authored-by: Ayan Bikalapov <abikalapov@explorance.com> Co-authored-by: Javier J. Salmerón-García <jsalmeron@bitnami.com>
2026-03-01 06:58:20 +08:00 · 2021-08-17 03:37:02 -04:00
parent 2bfeaefbac
commit 5baf3cf20f
5 changed files with 17 additions and 2 deletions
--- a/bitnami/etcd/Chart.yaml
+++ b/bitnami/etcd/Chart.yaml
@@ -25,4 +25,4 @@ name: etcd
 sources:
  - https://github.com/bitnami/bitnami-docker-etcd
  - https://coreos.com/etcd/
-version: 6.3.4
+version: 6.4.0
--- a/bitnami/etcd/README.md
+++ b/bitnami/etcd/README.md
@@ -85,6 +85,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `auth.rbac.allowNoneAuthentication`  | Allow to use etcd without configuring RBAC authentication                                       | `true`                |
 | `auth.rbac.rootPassword`             | Root user password. The root user is always `root`                                              | `""`                  |
 | `auth.rbac.existingSecret`           | Name of the existing secret containing credentials for the root user                            | `""`                  |
+| `auth.rbac.existingSecretPasswordKey`| Name of key containing password to be retrieved from the existing secret                        | `""`                  |
 | `auth.client.secureTransport`        | Switch to encrypt client-to-server communications using TLS certificates                        | `false`               |
 | `auth.client.useAutoTLS`             | Switch to automatically create the TLS certificates                                             | `false`               |
 | `auth.client.existingSecret`         | Name of the existing secret containing the TLS certificates for client-to-server communications | `""`                  |
--- a/bitnami/etcd/templates/_helpers.tpl
+++ b/bitnami/etcd/templates/_helpers.tpl
@@ -95,6 +95,17 @@ Return the secret with etcd credentials
    {{- end -}}
 {{- end -}}

+{{/*
+Get the secret password key to be retrieved from etcd secret.
+*/}}
+{{- define "etcd.secretPasswordKey" -}}
+{{- if and .Values.auth.rbac.existingSecret .Values.auth.rbac.existingSecretPasswordKey -}}
+{{- printf "%s" .Values.auth.rbac.existingSecretPasswordKey -}}
+{{- else -}}
+{{- printf "etcd-root-password" -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return the proper Disaster Recovery PVC name
 */}}
--- a/bitnami/etcd/templates/statefulset.yaml
+++ b/bitnami/etcd/templates/statefulset.yaml
@@ -138,7 +138,7 @@ spec:
              valueFrom:
                secretKeyRef:
                  name: {{ include "etcd.secretName" . }}
-                  key: etcd-root-password
+                  key: {{ include "etcd.secretPasswordKey" . }}
            {{- end }}
            - name: ETCD_ADVERTISE_CLIENT_URLS
              value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.service.port }}"
--- a/bitnami/etcd/values.yaml
+++ b/bitnami/etcd/values.yaml
@@ -105,6 +105,9 @@ auth:
    ## @param auth.rbac.existingSecret Name of the existing secret containing credentials for the root user
    ##
    existingSecret: ""
+    ## @param auth.rbac.existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret
+    ##
+    existingSecretPasswordKey: ""
  ## TLS authentication for client-to-server communications
  ## ref: https://etcd.io/docs/current/op-guide/security/
  ##