Fix provisioning with bundle CA (#16032)

When using bundle CA in provisioning job container it complains "unable to find valid certification path". Setting cert file locations in the client config file fixes this issue. Signed-off-by: Tom Shen <sjiagc@gmail.com>
2026-03-12 14:57:18 +08:00 · 2023-04-20 16:15:25 +08:00
parent ff9c638427
commit 31eb38325b
3 changed files with 10 additions and 2 deletions
--- a/bitnami/kafka/Chart.yaml
+++ b/bitnami/kafka/Chart.yaml
@@ -29,4 +29,4 @@ name: kafka
 sources:
  - https://github.com/bitnami/containers/tree/main/bitnami/kafka
  - https://kafka.apache.org/
-version: 21.4.5
+version: 21.4.6
--- a/bitnami/kafka/templates/kafka-provisioning.yaml
+++ b/bitnami/kafka/templates/kafka-provisioning.yaml
@@ -108,12 +108,17 @@ spec:
                kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.type {{ upper .Values.provisioning.auth.tls.type | quote }}
                ! is_empty_value "$KAFKA_CLIENT_KEY_PASSWORD" && kafka_common_conf_set "$CLIENT_CONF" ssl.key.password "$KAFKA_CLIENT_KEY_PASSWORD"
                {{- if eq (upper .Values.provisioning.auth.tls.type) "PEM" }}
+                {{- if .Values.provisioning.auth.tls.caCert }}
                file_to_multiline_property() {
                    awk 'NR > 1{print line" \\"}{line=$0;}END{print $0" "}' <"${1:?missing file}"
                }
                kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.key "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.key }}")"
                kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.certificate.chain "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.cert }}")"
                kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.certificates "$(file_to_multiline_property "/certs/{{ .Values.provisioning.auth.tls.caCert }}")"
+                {{- else }}
+                kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}"
+                kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}"
+                {{- end }}
                {{- else if eq (upper .Values.provisioning.auth.tls.type) "JKS" }}
                kafka_common_conf_set "$CLIENT_CONF" ssl.keystore.location "/certs/{{ .Values.provisioning.auth.tls.keystore }}"
                kafka_common_conf_set "$CLIENT_CONF" ssl.truststore.location "/certs/{{ .Values.provisioning.auth.tls.truststore }}"
--- a/bitnami/kafka/values.yaml
+++ b/bitnami/kafka/values.yaml
@@ -1568,7 +1568,10 @@ provisioning:
      type: jks
      ## @param provisioning.auth.tls.certificatesSecret Existing secret containing the TLS certificates for the Kafka provisioning Job.
      ## When using 'jks' format for certificates, the secret should contain a truststore and a keystore.
-      ## When using 'pem' format for certificates, the secret should contain a public CA certificate, a public certificate and one private key.
+      ## When using 'pem' format for certificates, the secret should contain one of the following:
+      ## 1. A public CA certificate, a public certificate and one private key.
+      ## 2. A truststore and a keystore in PEM format
+      ## If caCert is set, option 1 will be taken, otherwise option 2.
      ##
      certificatesSecret: ""
      ## @param provisioning.auth.tls.cert The secret key from the certificatesSecret if 'cert' key different from the default (tls.crt)