From cb5dd866d943dad9da6f8dce377daa31cec490ef Mon Sep 17 00:00:00 2001 From: Chen Rao Date: Fri, 24 May 2024 22:16:26 +0800 Subject: [PATCH 1/4] [bitnami/milvus] feat: config external kafka tls client certs settings (bitnami#26110) Signed-off-by: Chen Rao --- bitnami/milvus/CHANGELOG.md | 4 +++ bitnami/milvus/Chart.yaml | 2 +- bitnami/milvus/README.md | 6 ++++ bitnami/milvus/templates/_helpers.tpl | 35 ++++++++++++++----- .../data-coordinator/deployment.yaml | 15 ++++++-- .../templates/data-node/deployment.yaml | 15 ++++++-- .../index-coordinator/deployment.yaml | 15 ++++++-- .../templates/index-node/deployment.yaml | 15 ++++++-- .../milvus/templates/proxy/deployment.yaml | 19 +++++++--- .../query-coordinator/deployment.yaml | 15 ++++++-- .../templates/query-node/deployment.yaml | 15 ++++++-- .../root-coordinator/deployment.yaml | 15 ++++++-- bitnami/milvus/values.yaml | 23 ++++++++++++ 13 files changed, 167 insertions(+), 27 deletions(-) diff --git a/bitnami/milvus/CHANGELOG.md b/bitnami/milvus/CHANGELOG.md index 13e7a7261add72..ffc15155c67197 100644 --- a/bitnami/milvus/CHANGELOG.md +++ b/bitnami/milvus/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 8.2.0 (2024-06-03) + +* [bitnami/milvus] feat: config external kafka tls client certs setting ([#26118](https://github.com/bitnami/charts/pull/26118)) + ## 8.1.0 (2024-05-29) * [bitnami/milvus] PDB review ([#25983](https://github.com/bitnami/charts/pull/25983)) diff --git a/bitnami/milvus/Chart.yaml b/bitnami/milvus/Chart.yaml index 4a2fb1a096118c..abe1bd3f24a5ff 100644 --- a/bitnami/milvus/Chart.yaml +++ b/bitnami/milvus/Chart.yaml @@ -48,4 +48,4 @@ maintainers: name: milvus sources: - https://github.com/bitnami/charts/tree/main/bitnami/milvus -version: 8.1.0 +version: 8.2.0 diff --git a/bitnami/milvus/README.md b/bitnami/milvus/README.md index d11485f7427ea7..e3d0d5ad4f4e31 100644 --- a/bitnami/milvus/README.md +++ b/bitnami/milvus/README.md @@ -1752,6 +1752,12 @@ wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= | `externalKafka.sasl.existingSecret` | Name of the existing secret containing a password for SASL authentication (under the key named "client-passwords") | `""` | | `externalKafka.sasl.existingSecretPasswordKey` | Name of the secret key containing the Kafka client user password | `kafka-root-password` | | `externalKafka.sasl.enabledMechanisms` | Kafka enabled SASL mechanisms | `PLAIN` | +| `externalKafka.tls.enabled` | Enable TLS for external kafka client connections. | `false` | +| `externalKafka.tls.existingSecret` | Name of the existing secret containing the TLS certificates for external kafka client communications. | `""` | +| `externalKafka.tls.cert` | The secret key from the existingSecret if 'cert' key different from the default (tls.crt) | `tls.crt` | +| `externalKafka.tls.key` | The secret key from the existingSecret if 'key' key different from the default (tls.key) | `tls.key` | +| `externalKafka.tls.caCert` | The secret key from the existingSecret if 'caCert' key different from the default (ca.crt) | `ca.crt` | +| `externalKafka.tls.keyPassword` | Password to access the password-protected PEM key if necessary. | `""` | ### etcd sub-chart parameters diff --git a/bitnami/milvus/templates/_helpers.tpl b/bitnami/milvus/templates/_helpers.tpl index 4614bdd21598d4..a1f0ea3f881f44 100644 --- a/bitnami/milvus/templates/_helpers.tpl +++ b/bitnami/milvus/templates/_helpers.tpl @@ -772,7 +772,7 @@ Init container definition for waiting for the database to be ready echo "Connection success" exit 0 - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} volumeMounts: - name: etcd-client-certs mountPath: /bitnami/milvus/conf/cert/etcd/client @@ -990,22 +990,41 @@ Init container definition for waiting for the database to be ready cp -r /opt/bitnami/milvus/configs/. /bitnami/milvus/rendered-conf # Build final milvus.yaml with the sections of the different files find /bitnami/milvus/conf -type f -name *.yaml -print0 | sort -z | xargs -0 yq eval-all '. as $item ireduce ({}; . * $item )' /bitnami/milvus/rendered-conf/milvus.yaml > /bitnami/milvus/rendered-conf/pre-render-config_00.yaml + + # Kafka settings {{- if (include "milvus.kafka.deployed" .context) }} # HACK: In order to enable Kafka we need to remove all Pulsar settings from the configuration file # https://github.com/milvus-io/milvus/blob/master/configs/milvus.yaml#L110 yq 'del(.pulsar)' /bitnami/milvus/rendered-conf/pre-render-config_00.yaml > /bitnami/milvus/rendered-conf/pre-render-config_01.yaml - yq e -i '.common.security.tlsMode = {{ .context.Values.proxy.tls.mode }}' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml - {{- if ne (int .context.Values.proxy.tls.mode) 0 }} - yq e -i '.tls.serverPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml - yq e -i '.tls.serverKeyPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml - {{- if eq (int .context.Values.proxy.tls.mode) 2 }} - yq e -i '.tls.caPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml + # Kafka TLS settings + {{- if and (not .context.Values.kafka.enabled) .context.Values.externalKafka.tls.enabled .context.Values.externalKafka.tls.existingSecret }} + yq e -i '.kafka.ssl.enabled = true' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml + {{- if and .context.Values.externalKafka.tls.cert .context.Values.externalKafka.tls.key }} + yq e -i '.kafka.ssl.tlsCert = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml + yq e -i '.kafka.ssl.tlsKey = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml + {{- end }} + {{- if .context.Values.externalKafka.tls.caCert }} + yq e -i '.kafka.ssl.tlsCaCert = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml + {{- end }} + {{- if .context.Values.externalKafka.tls.keyPassword }} + yq e -i '.kafka.ssl.tlsKeyPassword = "{{ .context.Values.externalKafka.tls.keyPassword }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml {{- end }} {{- end }} {{- else }} mv /bitnami/milvus/rendered-conf/pre-render-config_00.yaml /bitnami/milvus/rendered-conf/pre-render-config_01.yaml {{- end }} - render-template /bitnami/milvus/rendered-conf/pre-render-config_01.yaml > /bitnami/milvus/rendered-conf/milvus.yaml + + # Milvus server TLS settings + yq e '.common.security.tlsMode = {{ .context.Values.proxy.tls.mode }}' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml > /bitnami/milvus/rendered-conf/pre-render-config_02.yaml + {{- if ne (int .context.Values.proxy.tls.mode) 0 }} + yq e -i '.tls.serverPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml + yq e -i '.tls.serverKeyPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml + {{- if eq (int .context.Values.proxy.tls.mode) 2 }} + yq e -i '.tls.caPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml + {{- end }} + {{- end }} + + render-template /bitnami/milvus/rendered-conf/pre-render-config_02.yaml > /bitnami/milvus/rendered-conf/milvus.yaml rm /bitnami/milvus/rendered-conf/pre-render-config* chmod 644 /bitnami/milvus/rendered-conf/milvus.yaml env: diff --git a/bitnami/milvus/templates/data-coordinator/deployment.yaml b/bitnami/milvus/templates/data-coordinator/deployment.yaml index 4f7e8f7b143be3..df3cb63ef94846 100644 --- a/bitnami/milvus/templates/data-coordinator/deployment.yaml +++ b/bitnami/milvus/templates/data-coordinator/deployment.yaml @@ -175,11 +175,16 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} {{- if .Values.dataCoord.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.dataCoord.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -205,12 +210,18 @@ spec: configMap: name: {{ template "milvus.data-coordinator.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.dataCoord.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.dataCoord.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/templates/data-node/deployment.yaml b/bitnami/milvus/templates/data-node/deployment.yaml index ac88c02dc36ca6..9966c39c5f0c4f 100644 --- a/bitnami/milvus/templates/data-node/deployment.yaml +++ b/bitnami/milvus/templates/data-node/deployment.yaml @@ -175,11 +175,16 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} {{- if .Values.dataNode.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.dataNode.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -205,12 +210,18 @@ spec: configMap: name: {{ template "milvus.data-node.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.dataNode.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.dataNode.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/templates/index-coordinator/deployment.yaml b/bitnami/milvus/templates/index-coordinator/deployment.yaml index 0f19b5913b7a39..95c6edac4e7fbe 100644 --- a/bitnami/milvus/templates/index-coordinator/deployment.yaml +++ b/bitnami/milvus/templates/index-coordinator/deployment.yaml @@ -175,11 +175,16 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} {{- if .Values.indexCoord.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.indexCoord.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -205,12 +210,18 @@ spec: configMap: name: {{ template "milvus.index-coordinator.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.indexCoord.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.indexCoord.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/templates/index-node/deployment.yaml b/bitnami/milvus/templates/index-node/deployment.yaml index df160ec56110b8..86a48be9383553 100644 --- a/bitnami/milvus/templates/index-node/deployment.yaml +++ b/bitnami/milvus/templates/index-node/deployment.yaml @@ -175,11 +175,16 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} {{- if .Values.indexNode.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.indexNode.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -205,12 +210,18 @@ spec: configMap: name: {{ template "milvus.index-node.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.indexNode.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.indexNode.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/templates/proxy/deployment.yaml b/bitnami/milvus/templates/proxy/deployment.yaml index eb24c8e9dfc3a9..7f6f29a38cf2d4 100644 --- a/bitnami/milvus/templates/proxy/deployment.yaml +++ b/bitnami/milvus/templates/proxy/deployment.yaml @@ -177,12 +177,17 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} - {{- if and (ne (int .Values.proxy.tls.mode) 0) (not (empty .Values.proxy.tls.existingSecret)) }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} + {{- if and (ne (int .Values.proxy.tls.mode) 0) .Values.proxy.tls.existingSecret }} - name: milvus-certs mountPath: /opt/bitnami/milvus/configs/cert/milvus readOnly: true @@ -212,18 +217,24 @@ spec: configMap: name: {{ template "milvus.proxy.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} - {{- if and (ne (int .Values.proxy.tls.mode) 0) (not (empty .Values.proxy.tls.existingSecret)) }} + {{- if and (ne (int .Values.proxy.tls.mode) 0) .Values.proxy.tls.existingSecret }} - name: milvus-certs secret: secretName: {{ .Values.proxy.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.proxy.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.proxy.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/templates/query-coordinator/deployment.yaml b/bitnami/milvus/templates/query-coordinator/deployment.yaml index 847c2cb1d539f4..3d1a9532cbe4eb 100644 --- a/bitnami/milvus/templates/query-coordinator/deployment.yaml +++ b/bitnami/milvus/templates/query-coordinator/deployment.yaml @@ -175,11 +175,16 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} {{- if .Values.queryCoord.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.queryCoord.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -205,12 +210,18 @@ spec: configMap: name: {{ template "milvus.query-coordinator.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.queryCoord.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.queryCoord.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/templates/query-node/deployment.yaml b/bitnami/milvus/templates/query-node/deployment.yaml index 98c8a8b241bc8c..c81c544240e0e0 100644 --- a/bitnami/milvus/templates/query-node/deployment.yaml +++ b/bitnami/milvus/templates/query-node/deployment.yaml @@ -175,11 +175,16 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} {{- if .Values.queryNode.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.queryNode.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -205,12 +210,18 @@ spec: configMap: name: {{ template "milvus.query-node.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.queryNode.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.queryNode.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/templates/root-coordinator/deployment.yaml b/bitnami/milvus/templates/root-coordinator/deployment.yaml index 2f1cf79ebfc7c3..d55eb1ca3261d4 100644 --- a/bitnami/milvus/templates/root-coordinator/deployment.yaml +++ b/bitnami/milvus/templates/root-coordinator/deployment.yaml @@ -175,11 +175,16 @@ spec: - name: empty-dir mountPath: /bitnami/milvus/data subPath: app-data-dir - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs mountPath: /opt/bitnami/milvus/configs/cert/etcd/client readOnly: true {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + mountPath: /opt/bitnami/milvus/configs/cert/kafka/client + readOnly: true + {{- end }} {{- if .Values.rootCoord.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.rootCoord.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -205,12 +210,18 @@ spec: configMap: name: {{ template "milvus.root-coordinator.extraConfigmapName" . }} {{- end }} - {{- if and .Values.externalEtcd.tls.enabled (not (empty .Values.externalEtcd.tls.existingSecret)) }} + {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }} - name: etcd-client-certs secret: secretName: {{ .Values.externalEtcd.tls.existingSecret }} defaultMode: 256 {{- end }} + {{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }} + - name: kafka-client-certs + secret: + secretName: {{ .Values.externalKafka.tls.existingSecret }} + defaultMode: 256 + {{- end }} {{- if .Values.rootCoord.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.rootCoord.extraVolumes "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/milvus/values.yaml b/bitnami/milvus/values.yaml index 29749e1e4a9e6a..3a2166418660a7 100644 --- a/bitnami/milvus/values.yaml +++ b/bitnami/milvus/values.yaml @@ -5318,6 +5318,29 @@ externalKafka: existingSecret: "" existingSecretPasswordKey: "kafka-root-password" enabledMechanisms: "PLAIN" + ## External kafka TLS connection configuration + ## + tls: + ## @param externalKafka.tls.enabled Enable TLS for kafka client connections. + ## + enabled: false + ## @param externalKafka.tls.existingSecret Name of the existing secret containing the TLS certificates for external kafka client communications. + ## + existingSecret: "" + ## @param externalKafka.tls.cert The secret key from the existingSecret if 'cert' key different from the default (tls.crt) + ## + cert: tls.crt + ## @param externalKafka.tls.key The secret key from the existingSecret if 'key' key different from the default (tls.key) + ## + key: tls.key + ## @param externalKafka.tls.caCert The secret key from the existingSecret if 'caCert' key different from the default (ca.crt) + ## + caCert: ca.crt + ## @param externalKafka.tls.keyPassword Password to access the password-protected PEM key if necessary. + ## + keyPassword: "" + + ## @section etcd sub-chart parameters ## etcd: From ae262bc3245fb05430924ead5eaf6b6d1429c689 Mon Sep 17 00:00:00 2001 From: Bitnami Containers Date: Mon, 3 Jun 2024 09:08:42 +0000 Subject: [PATCH 2/4] Update CHANGELOG.md Signed-off-by: Bitnami Containers --- bitnami/milvus/CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bitnami/milvus/CHANGELOG.md b/bitnami/milvus/CHANGELOG.md index ffc15155c67197..81ff38fbe01695 100644 --- a/bitnami/milvus/CHANGELOG.md +++ b/bitnami/milvus/CHANGELOG.md @@ -2,11 +2,11 @@ ## 8.2.0 (2024-06-03) -* [bitnami/milvus] feat: config external kafka tls client certs setting ([#26118](https://github.com/bitnami/charts/pull/26118)) +* [bitnami/milvus] feat: config external kafka tls client certs setting… ([#26118](https://github.com/bitnami/charts/pull/26118)) -## 8.1.0 (2024-05-29) +## 8.1.0 (2024-05-30) -* [bitnami/milvus] PDB review ([#25983](https://github.com/bitnami/charts/pull/25983)) +* [bitnami/milvus] PDB review (#25983) ([4e80463](https://github.com/bitnami/charts/commit/4e804630c3af64934e79fcacc5e1962750a0355f)), closes [#25983](https://github.com/bitnami/charts/issues/25983) ## 8.0.0 (2024-05-27) From 2a6ed72d3ddf2dd29dcd4a6ad89ca1d52c2b2bbd Mon Sep 17 00:00:00 2001 From: Bitnami Containers Date: Mon, 3 Jun 2024 09:08:45 +0000 Subject: [PATCH 3/4] Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers --- bitnami/milvus/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitnami/milvus/README.md b/bitnami/milvus/README.md index e3d0d5ad4f4e31..ea46aa1c75eab0 100644 --- a/bitnami/milvus/README.md +++ b/bitnami/milvus/README.md @@ -1752,7 +1752,7 @@ wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= | `externalKafka.sasl.existingSecret` | Name of the existing secret containing a password for SASL authentication (under the key named "client-passwords") | `""` | | `externalKafka.sasl.existingSecretPasswordKey` | Name of the secret key containing the Kafka client user password | `kafka-root-password` | | `externalKafka.sasl.enabledMechanisms` | Kafka enabled SASL mechanisms | `PLAIN` | -| `externalKafka.tls.enabled` | Enable TLS for external kafka client connections. | `false` | +| `externalKafka.tls.enabled` | Enable TLS for kafka client connections. | `false` | | `externalKafka.tls.existingSecret` | Name of the existing secret containing the TLS certificates for external kafka client communications. | `""` | | `externalKafka.tls.cert` | The secret key from the existingSecret if 'cert' key different from the default (tls.crt) | `tls.crt` | | `externalKafka.tls.key` | The secret key from the existingSecret if 'key' key different from the default (tls.key) | `tls.key` | From cef95c08e0f2679fa71ca29b7d5149d7c82aba62 Mon Sep 17 00:00:00 2001 From: Bitnami Containers Date: Thu, 6 Jun 2024 07:17:03 +0000 Subject: [PATCH 4/4] Update CHANGELOG.md Signed-off-by: Bitnami Containers --- bitnami/milvus/CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bitnami/milvus/CHANGELOG.md b/bitnami/milvus/CHANGELOG.md index 1dca37c36d9116..db7a6a92038846 100644 --- a/bitnami/milvus/CHANGELOG.md +++ b/bitnami/milvus/CHANGELOG.md @@ -1,12 +1,12 @@ # Changelog -## 8.2.0 (2024-06-03) +## 8.2.0 (2024-06-06) * [bitnami/milvus] feat: config external kafka tls client certs setting… ([#26118](https://github.com/bitnami/charts/pull/26118)) -## 8.1.2 (2024-06-05) +## 8.1.2 (2024-06-05) -* [bitnami/milvus] Bump chart version ([#26847](https://github.com/bitnami/charts/pull/26847)) +* [bitnami/milvus] Bump chart version (#26847) ([8f68730](https://github.com/bitnami/charts/commit/8f687301d02eaa93e9420f7bbcf5b47e25b6bf97)), closes [#26847](https://github.com/bitnami/charts/issues/26847) ## 8.1.1 (2024-06-05)