Update Helm release etcd to v11

Signed-off-by: Renovate Bot <tech+renovate@vshn.ch>

Author: vshn-renovate

class/defaults.yml

@@ -23,7 +23,7 @@ parameters:
     charts:
       etcd:
         source: https://charts.bitnami.com/bitnami
-        version: "9.1.0"
+        version: "11.0.3"
 
     helm_release_name: ${_instance}
     helm_values:

tests/golden/defaults/etcd/etcd/10_chart/etcd/templates/networkpolicy.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    app.kubernetes.io/component: etcd
+    app.kubernetes.io/instance: etcd
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: etcd
+    app.kubernetes.io/version: 3.5.17
+    helm.sh/chart: etcd-11.0.3
+  name: etcd
+  namespace: syn-etcd
+spec:
+  egress:
+    - {}
+  ingress:
+    - ports:
+        - port: 2379
+        - port: 2380
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: etcd
+      app.kubernetes.io/instance: etcd
+      app.kubernetes.io/name: etcd
+  policyTypes:
+    - Ingress
+    - Egress

tests/golden/defaults/etcd/etcd/10_chart/etcd/templates/pdb.yaml

@@ -2,10 +2,12 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   labels:
+    app.kubernetes.io/component: etcd
     app.kubernetes.io/instance: etcd
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: etcd
-    helm.sh/chart: etcd-9.1.0
+    app.kubernetes.io/version: 3.5.17
+    helm.sh/chart: etcd-11.0.3
   name: etcd
   namespace: syn-etcd
 spec:

tests/golden/defaults/etcd/etcd/10_chart/etcd/templates/preupgrade-hook-job.yaml

@@ -0,0 +1,109 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    helm.sh/hook: pre-upgrade
+    helm.sh/hook-delete-policy: before-hook-creation
+  labels:
+    app.kubernetes.io/component: etcd-pre-upgrade-job
+    app.kubernetes.io/instance: etcd
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: etcd
+    app.kubernetes.io/version: 3.5.17
+    helm.sh/chart: etcd-11.0.3
+  name: etcd-pre-upgrade
+  namespace: syn-etcd
+spec:
+  template:
+    metadata:
+      annotations: null
+      labels:
+        app.kubernetes.io/component: etcd-pre-upgrade-job
+        app.kubernetes.io/instance: etcd
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: etcd
+        app.kubernetes.io/version: 3.5.17
+        helm.sh/chart: etcd-11.0.3
+    spec:
+      affinity:
+        nodeAffinity: null
+        podAffinity: null
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/component: etcd-pre-upgrade-job
+                    app.kubernetes.io/instance: etcd
+                    app.kubernetes.io/name: etcd
+                topologyKey: kubernetes.io/hostname
+              weight: 1
+      automountServiceAccountToken: false
+      containers:
+        - args:
+            - /opt/bitnami/scripts/etcd/preupgrade.sh
+          command:
+            - /opt/bitnami/scripts/etcd/entrypoint.sh
+          env:
+            - name: BITNAMI_DEBUG
+              value: 'false'
+            - name: ETCD_ON_K8S
+              value: 'yes'
+            - name: ETCD_DATA_DIR
+              value: /bitnami/etcd/data
+            - name: ETCD_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: etcd-etcd-root-auth
+            - name: ETCD_CERT_FILE
+              value: /opt/bitnami/etcd/certs/client/cert.pem
+            - name: ETCD_KEY_FILE
+              value: /opt/bitnami/etcd/certs/client/key.pem
+          envFrom: null
+          image: docker.io/bitnami/etcd:3.5.17-debian-12-r5
+          imagePullPolicy: IfNotPresent
+          name: pre-upgrade-job
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
+            runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: /opt/bitnami/etcd/conf/
+              name: empty-dir
+              subPath: app-conf-dir
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
+            - mountPath: /opt/bitnami/etcd/certs/token/
+              name: etcd-jwt-token
+              readOnly: true
+            - mountPath: /opt/bitnami/etcd/certs/client/
+              name: etcd-client-certs
+              readOnly: true
+      restartPolicy: Never
+      securityContext:
+        fsGroup: 1001
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      volumes:
+        - emptyDir: {}
+          name: empty-dir
+        - name: etcd-jwt-token
+          secret:
+            defaultMode: 256
+            secretName: etcd-etcd-token-private-key
+        - name: etcd-client-certs
+          secret:
+            defaultMode: 256
+            secretName: etcd-etcd-client-auth

tests/golden/defaults/etcd/etcd/10_chart/etcd/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: etcd
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: etcd
+    app.kubernetes.io/version: 3.5.17
+    helm.sh/chart: etcd-11.0.3
+  name: etcd
+  namespace: syn-etcd

tests/golden/defaults/etcd/etcd/10_chart/etcd/templates/statefulset.yaml

@@ -6,7 +6,8 @@ metadata:
     app.kubernetes.io/instance: etcd
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: etcd
-    helm.sh/chart: etcd-9.1.0
+    app.kubernetes.io/version: 3.5.17
+    helm.sh/chart: etcd-11.0.3
   name: etcd
   namespace: syn-etcd
 spec:
@@ -26,7 +27,8 @@ spec:
         app.kubernetes.io/instance: etcd
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: etcd
-        helm.sh/chart: etcd-9.1.0
+        app.kubernetes.io/version: 3.5.17
+        helm.sh/chart: etcd-11.0.3
     spec:
       affinity:
         nodeAffinity: null
@@ -36,10 +38,12 @@ spec:
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
+                    app.kubernetes.io/component: etcd
                     app.kubernetes.io/instance: etcd
                     app.kubernetes.io/name: etcd
                 topologyKey: kubernetes.io/hostname
               weight: 1
+      automountServiceAccountToken: false
       containers:
         - env:
             - name: BITNAMI_DEBUG
@@ -99,10 +103,11 @@ spec:
           image: docker.io/bitnami/etcd:3.5.17-debian-12-r5
           imagePullPolicy: IfNotPresent
           livenessProbe:
-            exec:
-              command:
-                - /opt/bitnami/scripts/etcd/healthcheck.sh
             failureThreshold: 5
+            httpGet:
+              path: /livez
+              port: 2379
+              scheme: HTTPS
             initialDelaySeconds: 60
             periodSeconds: 30
             successThreshold: 1
@@ -125,13 +130,34 @@ spec:
             successThreshold: 1
             timeoutSeconds: 5
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 375m
+              ephemeral-storage: 2Gi
+              memory: 384Mi
+            requests:
+              cpu: 250m
+              ephemeral-storage: 50Mi
+              memory: 256Mi
           securityContext:
             allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
             runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           volumeMounts:
+            - mountPath: /opt/bitnami/etcd/conf/
+              name: empty-dir
+              subPath: app-conf-dir
+            - mountPath: /tmp
+              name: empty-dir
+              subPath: tmp-dir
             - mountPath: /bitnami/etcd
               name: data
             - mountPath: /opt/bitnami/etcd/certs/token/
@@ -145,8 +171,13 @@ spec:
               readOnly: true
       securityContext:
         fsGroup: 1001
-      serviceAccountName: default
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: etcd
       volumes:
+        - emptyDir: {}
+          name: empty-dir
         - name: etcd-jwt-token
           secret:
             defaultMode: 256

tests/golden/defaults/etcd/etcd/10_chart/etcd/templates/svc-headless.yaml

@@ -4,10 +4,12 @@ metadata:
   annotations:
     service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
   labels:
+    app.kubernetes.io/component: etcd
     app.kubernetes.io/instance: etcd
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: etcd
-    helm.sh/chart: etcd-9.1.0
+    app.kubernetes.io/version: 3.5.17
+    helm.sh/chart: etcd-11.0.3
   name: etcd-headless
   namespace: syn-etcd
 spec:
@@ -21,6 +23,7 @@ spec:
       targetPort: peer
   publishNotReadyAddresses: true
   selector:
+    app.kubernetes.io/component: etcd
     app.kubernetes.io/instance: etcd
     app.kubernetes.io/name: etcd
   type: ClusterIP

tests/golden/defaults/etcd/etcd/10_chart/etcd/templates/svc.yaml

@@ -1,12 +1,13 @@
 apiVersion: v1
 kind: Service
 metadata:
-  annotations: null
   labels:
+    app.kubernetes.io/component: etcd
     app.kubernetes.io/instance: etcd
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: etcd
-    helm.sh/chart: etcd-9.1.0
+    app.kubernetes.io/version: 3.5.17
+    helm.sh/chart: etcd-11.0.3
   name: etcd
   namespace: syn-etcd
 spec:
@@ -20,6 +21,7 @@ spec:
       port: 2380
       targetPort: peer
   selector:
+    app.kubernetes.io/component: etcd
     app.kubernetes.io/instance: etcd
     app.kubernetes.io/name: etcd
   sessionAffinity: None