[bitnami/etcd] Release 3.5.10-debian-11-r2 (#53028)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2026-03-06 06:58:01 +08:00 · 2023-11-20 17:25:49 +01:00
parent bb8c4e9400
commit 216e5f5607
3 changed files with 27 additions and 18 deletions
--- a/bitnami/etcd/3.5/debian-11/Dockerfile
+++ b/bitnami/etcd/3.5/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH

 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-11-08T17:25:57Z" \
+      org.opencontainers.image.created="2023-11-20T15:54:45Z" \
      org.opencontainers.image.description="Application packaged by VMware, Inc" \
      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="3.5.10-debian-11-r1" \
+      org.opencontainers.image.ref.name="3.5.10-debian-11-r2" \
      org.opencontainers.image.title="etcd" \
      org.opencontainers.image.vendor="VMware, Inc." \
      org.opencontainers.image.version="3.5.10"
@@ -26,7 +26,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN install_packages ca-certificates curl procps
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
    COMPONENTS=( \
-      "yq-4.35.2-3-linux-${OS_ARCH}-debian-11" \
+      "yq-4.40.2-0-linux-${OS_ARCH}-debian-11" \
      "etcd-3.5.10-1-linux-${OS_ARCH}-debian-11" \
    ) && \
    for COMPONENT in "${COMPONENTS[@]}"; do \
--- a/bitnami/etcd/3.5/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/etcd/3.5/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -9,6 +9,6 @@
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "4.35.2-3"
+        "version": "4.40.2-0"
    }
 }
--- a/bitnami/etcd/3.5/debian-11/rootfs/opt/bitnami/scripts/libetcd.sh
+++ b/bitnami/etcd/3.5/debian-11/rootfs/opt/bitnami/scripts/libetcd.sh
@@ -341,16 +341,23 @@ etcd_store_member_id() {
 #   None
 ########################
 etcd_configure_rbac() {
-    info "Enabling etcd authentication"

    ! is_etcd_running && etcd_start_bg
    read -r -a extra_flags <<<"$(etcdctl_auth_flags)"

    is_boolean_yes "$ETCD_ON_K8S" && extra_flags+=("--endpoints=$(etcdctl_get_endpoints)")
    if retry_while "etcdctl ${extra_flags[*]} member list" >/dev/null 2>&1; then
-        debug_execute etcdctl "${extra_flags[@]}" user add root --interactive=false <<<"$ETCD_ROOT_PASSWORD"
-        debug_execute etcdctl "${extra_flags[@]}" user grant-role root root
-        debug_execute etcdctl "${extra_flags[@]}" auth enable
+        if retry_while "etcdctl ${extra_flags[*]} auth status" >/dev/null 2>&1; then
+            if etcdctl "${extra_flags[@]}" auth status | grep -q "Authentication Status: true"; then
+                info "Authentication already enabled"
+            else
+                info "Enabling etcd authentication"
+                extra_flags=("--endpoints=$(etcdctl_get_endpoints)")
+                etcdctl "${extra_flags[@]}" user add root --interactive=false <<<"$ETCD_ROOT_PASSWORD"
+                etcdctl "${extra_flags[@]}" user grant-role root root
+                etcdctl "${extra_flags[@]}" auth enable
+            fi
+        fi
    fi
    etcd_stop
 }
@@ -644,16 +651,6 @@ etcd_initialize() {
                exit 1
            fi
        else
-            if [[ ${#initial_members[@]} -gt 1 ]]; then
-                # When there's more than one etcd replica, RBAC should be only enabled in one member
-                if ! is_empty_value "$ETCD_ROOT_PASSWORD" && [[ "$ETCD_INITIAL_CLUSTER_STATE" = "new" ]] && [[ "${initial_members[0]}" = *"$ETCD_INITIAL_ADVERTISE_PEER_URLS"* ]]; then
-                    etcd_configure_rbac
-                else
-                    debug "Skipping RBAC configuration in member $ETCD_NAME"
-                fi
-            else
-                ! is_empty_value "$ETCD_ROOT_PASSWORD" && etcd_configure_rbac
-            fi
            etcd_store_member_id
        fi
    else
@@ -730,6 +727,18 @@ etcd_initialize() {
        fi
    fi

+    # For both existing and new deployments, configure RBAC if set
+    if [[ ${#initial_members[@]} -gt 1 ]]; then
+        # When there's more than one etcd replica, RBAC should be only enabled in one member
+        if ! is_empty_value "$ETCD_ROOT_PASSWORD" && [[ "${initial_members[0]}" = *"$ETCD_INITIAL_ADVERTISE_PEER_URLS"* ]]; then
+            etcd_configure_rbac
+        else
+            debug "Skipping RBAC configuration in member $ETCD_NAME"
+        fi
+    else
+        ! is_empty_value "$ETCD_ROOT_PASSWORD" && etcd_configure_rbac
+    fi
+
    # Avoid exit code of previous commands to affect the result of this function
    true
 }