Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/milvus] Do not expose externalKafka.tls.keyPassword #27145

Merged
merged 7 commits into from
Jun 17, 2024
Merged

[bitnami/milvus] Do not expose externalKafka.tls.keyPassword #27145

merged 7 commits into from
Jun 17, 2024

Conversation

migruiz4
Copy link
Member

Description of the change

Fixes the Milvus chart to not expose the externalKafka.tls.keyPassword in the init-container.

Applicable issues

Additional information

Pod root-coordinator no longer exposes the password in its init-container command:

     ...
      # Kafka TLS settings
      yq e -i '.kafka.ssl.enabled = true' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
      yq e -i '.kafka.ssl.tlsCert = "/opt/bitnami/milvus/configs/cert/kafka/client/tls.crt"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
      yq e -i '.kafka.ssl.tlsKey = "/opt/bitnami/milvus/configs/cert/kafka/client/tls.key"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
      yq e -i '.kafka.ssl.tlsCaCert = "/opt/bitnami/milvus/configs/cert/kafka/client/ca.crt"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
      yq e -i '.kafka.ssl.tlsKeyPassword = "{{ MILVUS_KAFKA_TLS_KEY_PASSWORD }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml

Content of milvus.yaml:

# Kafka configuration
kafka:
  brokerList:
    - localhost:9092
  securityProtocol: PLAINTEXT
  ssl:
    enabled: true
    tlsCert: /opt/bitnami/milvus/configs/cert/kafka/client/tls.crt
    tlsKey: /opt/bitnami/milvus/configs/cert/kafka/client/tls.key
    tlsCaCert: /opt/bitnami/milvus/configs/cert/kafka/client/ca.crt
    tlsKeyPassword: 'my-pass'

Checklist

  • Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
  • Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
  • Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
  • All commits signed off and in agreement of Developer Certificate of Origin (DCO)

@migruiz4 migruiz4 requested a review from javsalgar June 13, 2024 08:40
@bitnami-bot bitnami-bot added the verify Execute verification workflow for these changes label Jun 13, 2024
@github-actions github-actions bot requested a review from dgomezleon June 13, 2024 08:40
@javsalgar
fix: 🔀 Undo rebase
d7172f6 
Signed-off-by: Javier Salmeron Garcia <[email protected]>
@javsalgar javsalgar force-pushed the milvus-protect-key-pass branch from daea469 to d7172f6 Compare June 13, 2024 08:58
bitnami-bot and others added 3 commits June 13, 2024 09:03
@bitnami-bot
Update CHANGELOG.md
6b257d7 
Signed-off-by: Bitnami Containers <[email protected]>
@javsalgar
Merge branch 'main' into milvus-protect-key-pass
78b1a46 
Signed-off-by: Javier Salmeron Garcia <[email protected]>
@bitnami-bot
Update CHANGELOG.md
a38c6d7 
Signed-off-by: Bitnami Containers <[email protected]>
@javsalgar javsalgar changed the title [bitnami/milvus] Do not expose externalKafka.tls.keyPassword [bitnami/milvus] Do not expose externalKafka.tls.keyPassword Jun 13, 2024
@bitnami-bot
Update CHANGELOG.md
4f82578 
Signed-off-by: Bitnami Containers <[email protected]>
@javsalgar javsalgar changed the title [bitnami/milvus] Do not expose externalKafka.tls.keyPassword [bitnami/milvus] Do not expose externalKafka.tls.keyPassword Jun 17, 2024
javsalgar and others added 2 commits June 17, 2024 10:38
@javsalgar
Merge branch 'main' into milvus-protect-key-pass
3245ba4 
Signed-off-by: Javier J. Salmerón-García <[email protected]>
@bitnami-bot
Update CHANGELOG.md
a0a0ab6 
Signed-off-by: Bitnami Containers <[email protected]>
@migruiz4 migruiz4 merged commit c16f98a into main Jun 17, 2024
8 checks passed
@migruiz4 migruiz4 deleted the milvus-protect-key-pass branch June 17, 2024 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@javsalgar javsalgar javsalgar approved these changes

@dgomezleon dgomezleon Awaiting requested review from dgomezleon

Assignees

@javsalgar javsalgar

@dgomezleon dgomezleon

Labels
bitnami milvus solved verify Execute verification workflow for these changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@migruiz4 @javsalgar @dgomezleon @bitnami-bot