itential · Nick-Andreano · Jan 14, 2026 · Jan 8, 2026 · Jan 14, 2026
diff --git a/charts/iag5/Chart.yaml b/charts/iag5/Chart.yaml
@@ -10,7 +10,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.4
+version: 1.0.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/iag5/templates/deployment-runner.yaml b/charts/iag5/templates/deployment-runner.yaml
@@ -146,7 +146,7 @@ spec:
               mountPath: /etc/ssl/gateway
               readOnly: true
           {{- end }}
-          {{- if $.Values.applicationSettings.etcdUseTLS }}
+          {{- if and (eq $.Values.applicationSettings.storeBackend "etcd") $.Values.applicationSettings.etcdUseTLS }}
             - name: etcd-client-certs
               mountPath: /etc/ssl/etcd
               readOnly: true
@@ -163,7 +163,7 @@ spec:
           secret:
             secretName: {{ include "iag5.fullname" $ }}-tls-secret
       {{- end }}
-      {{- if $.Values.applicationSettings.etcdUseTLS }}
+      {{- if and (eq $.Values.applicationSettings.storeBackend "etcd") $.Values.applicationSettings.etcdUseTLS }}
         - name: etcd-client-certs
           secret:
             secretName: etcd-client-certs

diff --git a/charts/iag5/templates/deployment-server.yaml b/charts/iag5/templates/deployment-server.yaml
@@ -152,7 +152,7 @@ spec:
               mountPath: /etc/ssl/gateway
               readOnly: true
           {{- end }}
-          {{- if .Values.applicationSettings.etcdUseTLS }}
+          {{- if and (eq .Values.applicationSettings.storeBackend "etcd") .Values.applicationSettings.etcdUseTLS }}
             - name: etcd-client-certs
               mountPath: /etc/ssl/etcd
               readOnly: true
@@ -169,7 +169,7 @@ spec:
           secret:
             secretName: {{ include "iag5.fullname" . }}-tls-secret
       {{- end }}
-      {{- if .Values.applicationSettings.etcdUseTLS }}
+      {{- if and (eq .Values.applicationSettings.storeBackend "etcd") .Values.applicationSettings.etcdUseTLS }}
         - name: etcd-client-certs
           secret:
             secretName: "etcd-client-certs"

diff --git a/charts/iag5/tests/deployment-runner_test.yaml b/charts/iag5/tests/deployment-runner_test.yaml
@@ -344,10 +344,12 @@ tests:
             secret:
               secretName: RELEASE-NAME-iag5-tls-secret
 
-  - it: should mount etcd TLS volumes when etcdUseTLS is true
+  - it: should mount etcd TLS volumes when storeBackend is etcd and etcdUseTLS is true
     set:
       runnerSettings.replicaCount: 1
-      applicationSettings.etcdUseTLS: true
+      applicationSettings:
+        storeBackend: "etcd"
+        etcdUseTLS: true
     asserts:
       - contains:
           path: spec.template.spec.containers[0].volumeMounts
@@ -362,6 +364,66 @@ tests:
             secret:
               secretName: etcd-client-certs
 
+  - it: should not mount etcd TLS volumes when storeBackend is not etcd even if etcdUseTLS is true
+    set:
+      runnerSettings.replicaCount: 1
+      applicationSettings:
+        storeBackend: "memory"
+        etcdUseTLS: true
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: etcd-client-certs
+            mountPath: /etc/ssl/etcd
+            readOnly: true
+      - notContains:
+          path: spec.template.spec.volumes
+          content:
+            name: etcd-client-certs
+            secret:
+              secretName: etcd-client-certs
+
+  - it: should not mount etcd TLS volumes when storeBackend is etcd but etcdUseTLS is false
+    set:
+      runnerSettings.replicaCount: 1
+      applicationSettings:
+        storeBackend: "etcd"
+        etcdUseTLS: false
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: etcd-client-certs
+            mountPath: /etc/ssl/etcd
+            readOnly: true
+      - notContains:
+          path: spec.template.spec.volumes
+          content:
+            name: etcd-client-certs
+            secret:
+              secretName: etcd-client-certs
+
+  - it: should not mount etcd TLS volumes when both storeBackend is not etcd and etcdUseTLS is false
+    set:
+      runnerSettings.replicaCount: 1
+      applicationSettings:
+        storeBackend: "memory"
+        etcdUseTLS: false
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: etcd-client-certs
+            mountPath: /etc/ssl/etcd
+            readOnly: true
+      - notContains:
+          path: spec.template.spec.volumes
+          content:
+            name: etcd-client-certs
+            secret:
+              secretName: etcd-client-certs
+
   - it: should include custom volumes and volumeMounts
     set:
       runnerSettings.replicaCount: 1

diff --git a/charts/iag5/tests/deployment-server_test.yaml b/charts/iag5/tests/deployment-server_test.yaml
@@ -323,10 +323,12 @@ tests:
             secret:
               secretName: RELEASE-NAME-iag5-tls-secret
 
-  - it: should mount etcd TLS volumes when etcdUseTLS is true
+  - it: should mount etcd TLS volumes when storeBackend is etcd and etcdUseTLS is true
     set:
       serverSettings.replicaCount: 1
-      applicationSettings.etcdUseTLS: true
+      applicationSettings:
+        storeBackend: "etcd"
+        etcdUseTLS: true
     asserts:
       - contains:
           path: spec.template.spec.containers[0].volumeMounts
@@ -341,6 +343,66 @@ tests:
             secret:
               secretName: "etcd-client-certs"
 
+  - it: should not mount etcd TLS volumes when storeBackend is not etcd even if etcdUseTLS is true
+    set:
+      serverSettings.replicaCount: 1
+      applicationSettings:
+        storeBackend: "memory"
+        etcdUseTLS: true
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: etcd-client-certs
+            mountPath: /etc/ssl/etcd
+            readOnly: true
+      - notContains:
+          path: spec.template.spec.volumes
+          content:
+            name: etcd-client-certs
+            secret:
+              secretName: "etcd-client-certs"
+
+  - it: should not mount etcd TLS volumes when storeBackend is etcd but etcdUseTLS is false
+    set:
+      serverSettings.replicaCount: 1
+      applicationSettings:
+        storeBackend: "etcd"
+        etcdUseTLS: false
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: etcd-client-certs
+            mountPath: /etc/ssl/etcd
+            readOnly: true
+      - notContains:
+          path: spec.template.spec.volumes
+          content:
+            name: etcd-client-certs
+            secret:
+              secretName: "etcd-client-certs"
+
+  - it: should not mount etcd TLS volumes when both storeBackend is not etcd and etcdUseTLS is false
+    set:
+      serverSettings.replicaCount: 1
+      applicationSettings:
+        storeBackend: "memory"
+        etcdUseTLS: false
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content:
+            name: etcd-client-certs
+            mountPath: /etc/ssl/etcd
+            readOnly: true
+      - notContains:
+          path: spec.template.spec.volumes
+          content:
+            name: etcd-client-certs
+            secret:
+              secretName: "etcd-client-certs"
+
   - it: should include custom volumes and volumeMounts
     set:
       serverSettings.replicaCount: 1