From 123d050dca2433dc64e9146ea48a1111bbcb1f5a Mon Sep 17 00:00:00 2001 From: Nick Andreano Date: Thu, 8 Jan 2026 16:33:43 -0500 Subject: [PATCH 1/2] removed etcd ssl mounts when not using etcd --- charts/iag5/Chart.yaml | 2 +- charts/iag5/templates/deployment-runner.yaml | 4 ++-- charts/iag5/templates/deployment-server.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/iag5/Chart.yaml b/charts/iag5/Chart.yaml index 6ca3c50..acd66d9 100644 --- a/charts/iag5/Chart.yaml +++ b/charts/iag5/Chart.yaml @@ -10,7 +10,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.4 +version: 1.0.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/iag5/templates/deployment-runner.yaml b/charts/iag5/templates/deployment-runner.yaml index 2602f58..261d6f2 100644 --- a/charts/iag5/templates/deployment-runner.yaml +++ b/charts/iag5/templates/deployment-runner.yaml @@ -146,7 +146,7 @@ spec: mountPath: /etc/ssl/gateway readOnly: true {{- end }} - {{- if $.Values.applicationSettings.etcdUseTLS }} + {{- if and (eq $.Values.applicationSettings.storeBackend "etcd") $.Values.applicationSettings.etcdUseTLS }} - name: etcd-client-certs mountPath: /etc/ssl/etcd readOnly: true @@ -163,7 +163,7 @@ spec: secret: secretName: {{ include "iag5.fullname" $ }}-tls-secret {{- end }} - {{- if $.Values.applicationSettings.etcdUseTLS }} + {{- if and (eq $.Values.applicationSettings.storeBackend "etcd") $.Values.applicationSettings.etcdUseTLS }} - name: etcd-client-certs secret: secretName: etcd-client-certs diff --git a/charts/iag5/templates/deployment-server.yaml b/charts/iag5/templates/deployment-server.yaml index 7880e29..6a63ae7 100644 --- a/charts/iag5/templates/deployment-server.yaml +++ b/charts/iag5/templates/deployment-server.yaml @@ -152,7 +152,7 @@ spec: mountPath: /etc/ssl/gateway readOnly: true {{- end }} - {{- if .Values.applicationSettings.etcdUseTLS }} + {{- if and (eq .Values.applicationSettings.storeBackend "etcd") .Values.applicationSettings.etcdUseTLS }} - name: etcd-client-certs mountPath: /etc/ssl/etcd readOnly: true @@ -169,7 +169,7 @@ spec: secret: secretName: {{ include "iag5.fullname" . }}-tls-secret {{- end }} - {{- if .Values.applicationSettings.etcdUseTLS }} + {{- if and (eq .Values.applicationSettings.storeBackend "etcd") .Values.applicationSettings.etcdUseTLS }} - name: etcd-client-certs secret: secretName: "etcd-client-certs" From 705c4f1587ee7fbe5da351f2f7a12aec8cca650e Mon Sep 17 00:00:00 2001 From: Nick Andreano Date: Wed, 14 Jan 2026 15:13:04 -0500 Subject: [PATCH 2/2] added unit tests --- charts/iag5/tests/deployment-runner_test.yaml | 66 ++++++++++++++++++- charts/iag5/tests/deployment-server_test.yaml | 66 ++++++++++++++++++- 2 files changed, 128 insertions(+), 4 deletions(-) diff --git a/charts/iag5/tests/deployment-runner_test.yaml b/charts/iag5/tests/deployment-runner_test.yaml index 443bf6c..de9aa39 100644 --- a/charts/iag5/tests/deployment-runner_test.yaml +++ b/charts/iag5/tests/deployment-runner_test.yaml @@ -344,10 +344,12 @@ tests: secret: secretName: RELEASE-NAME-iag5-tls-secret - - it: should mount etcd TLS volumes when etcdUseTLS is true + - it: should mount etcd TLS volumes when storeBackend is etcd and etcdUseTLS is true set: runnerSettings.replicaCount: 1 - applicationSettings.etcdUseTLS: true + applicationSettings: + storeBackend: "etcd" + etcdUseTLS: true asserts: - contains: path: spec.template.spec.containers[0].volumeMounts @@ -362,6 +364,66 @@ tests: secret: secretName: etcd-client-certs + - it: should not mount etcd TLS volumes when storeBackend is not etcd even if etcdUseTLS is true + set: + runnerSettings.replicaCount: 1 + applicationSettings: + storeBackend: "memory" + etcdUseTLS: true + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: etcd-client-certs + mountPath: /etc/ssl/etcd + readOnly: true + - notContains: + path: spec.template.spec.volumes + content: + name: etcd-client-certs + secret: + secretName: etcd-client-certs + + - it: should not mount etcd TLS volumes when storeBackend is etcd but etcdUseTLS is false + set: + runnerSettings.replicaCount: 1 + applicationSettings: + storeBackend: "etcd" + etcdUseTLS: false + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: etcd-client-certs + mountPath: /etc/ssl/etcd + readOnly: true + - notContains: + path: spec.template.spec.volumes + content: + name: etcd-client-certs + secret: + secretName: etcd-client-certs + + - it: should not mount etcd TLS volumes when both storeBackend is not etcd and etcdUseTLS is false + set: + runnerSettings.replicaCount: 1 + applicationSettings: + storeBackend: "memory" + etcdUseTLS: false + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: etcd-client-certs + mountPath: /etc/ssl/etcd + readOnly: true + - notContains: + path: spec.template.spec.volumes + content: + name: etcd-client-certs + secret: + secretName: etcd-client-certs + - it: should include custom volumes and volumeMounts set: runnerSettings.replicaCount: 1 diff --git a/charts/iag5/tests/deployment-server_test.yaml b/charts/iag5/tests/deployment-server_test.yaml index 7e19cad..0bc715c 100644 --- a/charts/iag5/tests/deployment-server_test.yaml +++ b/charts/iag5/tests/deployment-server_test.yaml @@ -323,10 +323,12 @@ tests: secret: secretName: RELEASE-NAME-iag5-tls-secret - - it: should mount etcd TLS volumes when etcdUseTLS is true + - it: should mount etcd TLS volumes when storeBackend is etcd and etcdUseTLS is true set: serverSettings.replicaCount: 1 - applicationSettings.etcdUseTLS: true + applicationSettings: + storeBackend: "etcd" + etcdUseTLS: true asserts: - contains: path: spec.template.spec.containers[0].volumeMounts @@ -341,6 +343,66 @@ tests: secret: secretName: "etcd-client-certs" + - it: should not mount etcd TLS volumes when storeBackend is not etcd even if etcdUseTLS is true + set: + serverSettings.replicaCount: 1 + applicationSettings: + storeBackend: "memory" + etcdUseTLS: true + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: etcd-client-certs + mountPath: /etc/ssl/etcd + readOnly: true + - notContains: + path: spec.template.spec.volumes + content: + name: etcd-client-certs + secret: + secretName: "etcd-client-certs" + + - it: should not mount etcd TLS volumes when storeBackend is etcd but etcdUseTLS is false + set: + serverSettings.replicaCount: 1 + applicationSettings: + storeBackend: "etcd" + etcdUseTLS: false + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: etcd-client-certs + mountPath: /etc/ssl/etcd + readOnly: true + - notContains: + path: spec.template.spec.volumes + content: + name: etcd-client-certs + secret: + secretName: "etcd-client-certs" + + - it: should not mount etcd TLS volumes when both storeBackend is not etcd and etcdUseTLS is false + set: + serverSettings.replicaCount: 1 + applicationSettings: + storeBackend: "memory" + etcdUseTLS: false + asserts: + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + name: etcd-client-certs + mountPath: /etc/ssl/etcd + readOnly: true + - notContains: + path: spec.template.spec.volumes + content: + name: etcd-client-certs + secret: + secretName: "etcd-client-certs" + - it: should include custom volumes and volumeMounts set: serverSettings.replicaCount: 1