[bitnami/etcd] Add param auth.token.enabled to disable etcd auth (bitnami#14273)

* Add param auth.token.enabled for etcd chart to disable etcd auth

Signed-off-by: Sam Xie <sam@samxie.me>

* Bump chart version to 8.7.0

Signed-off-by: Sam Xie <sam@samxie.me>

* Update README

Signed-off-by: Sam Xie <sam@samxie.me>

Signed-off-by: Sam Xie <sam@samxie.me>
Co-authored-by: Fran Mulero <fmulero@vmware.com>

Author: XSAM

bitnami/etcd/Chart.yaml

@@ -26,4 +26,4 @@ name: etcd
 sources:
   - https://github.com/bitnami/containers/tree/main/bitnami/etcd
   - https://coreos.com/etcd/
-version: 8.6.0
+version: 8.7.0

bitnami/etcd/README.md

@@ -93,6 +93,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `auth.rbac.rootPassword`               | Root user password. The root user is always `root`                                                          | `""`                  |
 | `auth.rbac.existingSecret`             | Name of the existing secret containing credentials for the root user                                        | `""`                  |
 | `auth.rbac.existingSecretPasswordKey`  | Name of key containing password to be retrieved from the existing secret                                    | `""`                  |
+| `auth.token.enabled`                   | Enables token authentication                                                                                | `true`                |
 | `auth.token.type`                      | Authentication token type. Allowed values: 'simple' or 'jwt'                                                | `jwt`                 |
 | `auth.token.privateKey.filename`       | Name of the file containing the private key for signing the JWT token                                       | `jwt-token.pem`       |
 | `auth.token.privateKey.existingSecret` | Name of the existing secret containing the private key for signing the JWT token                            | `""`                  |

bitnami/etcd/templates/_helpers.tpl

@@ -110,7 +110,7 @@ Get the secret password key to be retrieved from etcd secret.
 Return true if a secret object should be created for the etcd token private key
 */}}
 {{- define "etcd.token.createSecret" -}}
-{{- if and (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }}
+{{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") (empty .Values.auth.token.privateKey.existingSecret) }}
     {{- true -}}
 {{- end -}}
 {{- end -}}

bitnami/etcd/templates/statefulset.yaml

@@ -162,12 +162,14 @@ spec:
                   name: {{ include "etcd.secretName" . }}
                   key: {{ include "etcd.secretPasswordKey" . }}
             {{- end }}
+            {{- if .Values.auth.token.enabled }}
             - name: ETCD_AUTH_TOKEN
               {{- if eq .Values.auth.token.type "jwt" }}
               value: {{ printf "jwt,priv-key=/opt/bitnami/etcd/certs/token/%s,sign-method=%s,ttl=%s" .Values.auth.token.privateKey.filename .Values.auth.token.signMethod .Values.auth.token.ttl | quote }}
               {{- else if eq .Values.auth.token.type "simple" }}
               value: "simple"
               {{- end }}
+            {{- end }}
             - name: ETCD_ADVERTISE_CLIENT_URLS
               value: "{{ $etcdClientProtocol }}://$(MY_POD_NAME).{{ $etcdHeadlessServiceName }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ .Values.containerPorts.client }},{{ $etcdClientProtocol }}://{{ $etcdFullname }}.{{ .Release.Namespace }}.svc.{{ $clusterDomain }}:{{ coalesce .Values.service.ports.client .Values.service.port }}"
             - name: ETCD_LISTEN_CLIENT_URLS

bitnami/etcd/values.yaml

@@ -117,6 +117,9 @@ auth:
   ## ref: https://etcd.io/docs/latest/learning/design-auth-v3/#two-types-of-tokens-simple-and-jwt
   ##
   token:
+    ## @param auth.token.enabled Enables token authentication
+    ##
+    enabled: true
     ## @param auth.token.type Authentication token type. Allowed values: 'simple' or 'jwt'
     ## ref: https://etcd.io/docs/latest/op-guide/configuration/#--auth-token
     ##