diff --git a/bitnami/milvus/CHANGELOG.md b/bitnami/milvus/CHANGELOG.md
index dbb86df4a7976c..db7a6a92038846 100644
--- a/bitnami/milvus/CHANGELOG.md
+++ b/bitnami/milvus/CHANGELOG.md
@@ -1,8 +1,12 @@
# Changelog
-## 8.1.2 (2024-06-05)
+## 8.2.0 (2024-06-06)
-* [bitnami/milvus] Bump chart version ([#26847](https://github.com/bitnami/charts/pull/26847))
+* [bitnami/milvus] feat: config external kafka tls client certs setting… ([#26118](https://github.com/bitnami/charts/pull/26118))
+
+## 8.1.2 (2024-06-05)
+
+* [bitnami/milvus] Bump chart version (#26847) ([8f68730](https://github.com/bitnami/charts/commit/8f687301d02eaa93e9420f7bbcf5b47e25b6bf97)), closes [#26847](https://github.com/bitnami/charts/issues/26847)
## 8.1.1 (2024-06-05)
diff --git a/bitnami/milvus/Chart.yaml b/bitnami/milvus/Chart.yaml
index bd7f9941bca650..da70910fadc7aa 100644
--- a/bitnami/milvus/Chart.yaml
+++ b/bitnami/milvus/Chart.yaml
@@ -48,4 +48,4 @@ maintainers:
name: milvus
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/milvus
-version: 8.1.2
+version: 8.2.0
diff --git a/bitnami/milvus/README.md b/bitnami/milvus/README.md
index d11485f7427ea7..ea46aa1c75eab0 100644
--- a/bitnami/milvus/README.md
+++ b/bitnami/milvus/README.md
@@ -1752,6 +1752,12 @@ wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
| `externalKafka.sasl.existingSecret` | Name of the existing secret containing a password for SASL authentication (under the key named "client-passwords") | `""` |
| `externalKafka.sasl.existingSecretPasswordKey` | Name of the secret key containing the Kafka client user password | `kafka-root-password` |
| `externalKafka.sasl.enabledMechanisms` | Kafka enabled SASL mechanisms | `PLAIN` |
+| `externalKafka.tls.enabled` | Enable TLS for kafka client connections. | `false` |
+| `externalKafka.tls.existingSecret` | Name of the existing secret containing the TLS certificates for external kafka client communications. | `""` |
+| `externalKafka.tls.cert` | The secret key from the existingSecret if 'cert' key different from the default (tls.crt) | `tls.crt` |
+| `externalKafka.tls.key` | The secret key from the existingSecret if 'key' key different from the default (tls.key) | `tls.key` |
+| `externalKafka.tls.caCert` | The secret key from the existingSecret if 'caCert' key different from the default (ca.crt) | `ca.crt` |
+| `externalKafka.tls.keyPassword` | Password to access the password-protected PEM key if necessary. | `""` |
### etcd sub-chart parameters
diff --git a/bitnami/milvus/templates/_helpers.tpl b/bitnami/milvus/templates/_helpers.tpl
index 4614bdd21598d4..a1f0ea3f881f44 100644
--- a/bitnami/milvus/templates/_helpers.tpl
+++ b/bitnami/milvus/templates/_helpers.tpl
@@ -772,7 +772,7 @@ Init container definition for waiting for the database to be ready
echo "Connection success"
exit 0
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
volumeMounts:
- name: etcd-client-certs
mountPath: /bitnami/milvus/conf/cert/etcd/client
@@ -990,22 +990,41 @@ Init container definition for waiting for the database to be ready
cp -r /opt/bitnami/milvus/configs/. /bitnami/milvus/rendered-conf
# Build final milvus.yaml with the sections of the different files
find /bitnami/milvus/conf -type f -name *.yaml -print0 | sort -z | xargs -0 yq eval-all '. as $item ireduce ({}; . * $item )' /bitnami/milvus/rendered-conf/milvus.yaml > /bitnami/milvus/rendered-conf/pre-render-config_00.yaml
+
+ # Kafka settings
{{- if (include "milvus.kafka.deployed" .context) }}
# HACK: In order to enable Kafka we need to remove all Pulsar settings from the configuration file
# https://github.com/milvus-io/milvus/blob/master/configs/milvus.yaml#L110
yq 'del(.pulsar)' /bitnami/milvus/rendered-conf/pre-render-config_00.yaml > /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
- yq e -i '.common.security.tlsMode = {{ .context.Values.proxy.tls.mode }}' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
- {{- if ne (int .context.Values.proxy.tls.mode) 0 }}
- yq e -i '.tls.serverPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
- yq e -i '.tls.serverKeyPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
- {{- if eq (int .context.Values.proxy.tls.mode) 2 }}
- yq e -i '.tls.caPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
+ # Kafka TLS settings
+ {{- if and (not .context.Values.kafka.enabled) .context.Values.externalKafka.tls.enabled .context.Values.externalKafka.tls.existingSecret }}
+ yq e -i '.kafka.ssl.enabled = true' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
+ {{- if and .context.Values.externalKafka.tls.cert .context.Values.externalKafka.tls.key }}
+ yq e -i '.kafka.ssl.tlsCert = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
+ yq e -i '.kafka.ssl.tlsKey = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
+ {{- end }}
+ {{- if .context.Values.externalKafka.tls.caCert }}
+ yq e -i '.kafka.ssl.tlsCaCert = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
+ {{- end }}
+ {{- if .context.Values.externalKafka.tls.keyPassword }}
+ yq e -i '.kafka.ssl.tlsKeyPassword = "{{ .context.Values.externalKafka.tls.keyPassword }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
{{- end }}
{{- end }}
{{- else }}
mv /bitnami/milvus/rendered-conf/pre-render-config_00.yaml /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
{{- end }}
- render-template /bitnami/milvus/rendered-conf/pre-render-config_01.yaml > /bitnami/milvus/rendered-conf/milvus.yaml
+
+ # Milvus server TLS settings
+ yq e '.common.security.tlsMode = {{ .context.Values.proxy.tls.mode }}' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml > /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ {{- if ne (int .context.Values.proxy.tls.mode) 0 }}
+ yq e -i '.tls.serverPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ yq e -i '.tls.serverKeyPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ {{- if eq (int .context.Values.proxy.tls.mode) 2 }}
+ yq e -i '.tls.caPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ {{- end }}
+ {{- end }}
+
+ render-template /bitnami/milvus/rendered-conf/pre-render-config_02.yaml > /bitnami/milvus/rendered-conf/milvus.yaml
rm /bitnami/milvus/rendered-conf/pre-render-config*
chmod 644 /bitnami/milvus/rendered-conf/milvus.yaml
env:
diff --git a/bitnami/milvus/templates/data-coordinator/deployment.yaml b/bitnami/milvus/templates/data-coordinator/deployment.yaml
index 4f7e8f7b143be3..df3cb63ef94846 100644
--- a/bitnami/milvus/templates/data-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/data-coordinator/deployment.yaml
@@ -175,11 +175,16 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
{{- if .Values.dataCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -205,12 +210,18 @@ spec:
configMap:
name: {{ template "milvus.data-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.dataCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/data-node/deployment.yaml b/bitnami/milvus/templates/data-node/deployment.yaml
index ac88c02dc36ca6..9966c39c5f0c4f 100644
--- a/bitnami/milvus/templates/data-node/deployment.yaml
+++ b/bitnami/milvus/templates/data-node/deployment.yaml
@@ -175,11 +175,16 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
{{- if .Values.dataNode.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataNode.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -205,12 +210,18 @@ spec:
configMap:
name: {{ template "milvus.data-node.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.dataNode.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataNode.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/index-coordinator/deployment.yaml b/bitnami/milvus/templates/index-coordinator/deployment.yaml
index 0f19b5913b7a39..95c6edac4e7fbe 100644
--- a/bitnami/milvus/templates/index-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/index-coordinator/deployment.yaml
@@ -175,11 +175,16 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
{{- if .Values.indexCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -205,12 +210,18 @@ spec:
configMap:
name: {{ template "milvus.index-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.indexCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/index-node/deployment.yaml b/bitnami/milvus/templates/index-node/deployment.yaml
index df160ec56110b8..86a48be9383553 100644
--- a/bitnami/milvus/templates/index-node/deployment.yaml
+++ b/bitnami/milvus/templates/index-node/deployment.yaml
@@ -175,11 +175,16 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
{{- if .Values.indexNode.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexNode.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -205,12 +210,18 @@ spec:
configMap:
name: {{ template "milvus.index-node.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.indexNode.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexNode.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/proxy/deployment.yaml b/bitnami/milvus/templates/proxy/deployment.yaml
index eb24c8e9dfc3a9..7f6f29a38cf2d4 100644
--- a/bitnami/milvus/templates/proxy/deployment.yaml
+++ b/bitnami/milvus/templates/proxy/deployment.yaml
@@ -177,12 +177,17 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
- {{- if and (ne (int .Values.proxy.tls.mode) 0) (not (empty .Values.proxy.tls.existingSecret)) }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
+ {{- if and (ne (int .Values.proxy.tls.mode) 0) .Values.proxy.tls.existingSecret }}
- name: milvus-certs
mountPath: /opt/bitnami/milvus/configs/cert/milvus
readOnly: true
@@ -212,18 +217,24 @@ spec:
configMap:
name: {{ template "milvus.proxy.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
- {{- if and (ne (int .Values.proxy.tls.mode) 0) (not (empty .Values.proxy.tls.existingSecret)) }}
+ {{- if and (ne (int .Values.proxy.tls.mode) 0) .Values.proxy.tls.existingSecret }}
- name: milvus-certs
secret:
secretName: {{ .Values.proxy.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.proxy.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.proxy.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/query-coordinator/deployment.yaml b/bitnami/milvus/templates/query-coordinator/deployment.yaml
index 847c2cb1d539f4..3d1a9532cbe4eb 100644
--- a/bitnami/milvus/templates/query-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/query-coordinator/deployment.yaml
@@ -175,11 +175,16 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
{{- if .Values.queryCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -205,12 +210,18 @@ spec:
configMap:
name: {{ template "milvus.query-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.queryCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/query-node/deployment.yaml b/bitnami/milvus/templates/query-node/deployment.yaml
index 98c8a8b241bc8c..c81c544240e0e0 100644
--- a/bitnami/milvus/templates/query-node/deployment.yaml
+++ b/bitnami/milvus/templates/query-node/deployment.yaml
@@ -175,11 +175,16 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
{{- if .Values.queryNode.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryNode.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -205,12 +210,18 @@ spec:
configMap:
name: {{ template "milvus.query-node.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.queryNode.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryNode.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/root-coordinator/deployment.yaml b/bitnami/milvus/templates/root-coordinator/deployment.yaml
index 2f1cf79ebfc7c3..d55eb1ca3261d4 100644
--- a/bitnami/milvus/templates/root-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/root-coordinator/deployment.yaml
@@ -175,11 +175,16 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
+ readOnly: true
+ {{- end }}
{{- if .Values.rootCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.rootCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -205,12 +210,18 @@ spec:
configMap:
name: {{ template "milvus.root-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }}
+ {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
+ - name: kafka-client-certs
+ secret:
+ secretName: {{ .Values.externalKafka.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.rootCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.rootCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/values.yaml b/bitnami/milvus/values.yaml
index 29749e1e4a9e6a..3a2166418660a7 100644
--- a/bitnami/milvus/values.yaml
+++ b/bitnami/milvus/values.yaml
@@ -5318,6 +5318,29 @@ externalKafka:
existingSecret: ""
existingSecretPasswordKey: "kafka-root-password"
enabledMechanisms: "PLAIN"
+ ## External kafka TLS connection configuration
+ ##
+ tls:
+ ## @param externalKafka.tls.enabled Enable TLS for kafka client connections.
+ ##
+ enabled: false
+ ## @param externalKafka.tls.existingSecret Name of the existing secret containing the TLS certificates for external kafka client communications.
+ ##
+ existingSecret: ""
+ ## @param externalKafka.tls.cert The secret key from the existingSecret if 'cert' key different from the default (tls.crt)
+ ##
+ cert: tls.crt
+ ## @param externalKafka.tls.key The secret key from the existingSecret if 'key' key different from the default (tls.key)
+ ##
+ key: tls.key
+ ## @param externalKafka.tls.caCert The secret key from the existingSecret if 'caCert' key different from the default (ca.crt)
+ ##
+ caCert: ca.crt
+ ## @param externalKafka.tls.keyPassword Password to access the password-protected PEM key if necessary.
+ ##
+ keyPassword: ""
+
+
## @section etcd sub-chart parameters
##
etcd: