Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 23:47:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/kafka] Custom SANs for auto-generated TLS certificates (#27092)

Browse Source
This commit is contained in:
Dominik Matta
2024-06-12 14:05:02 +02:00
committed by GitHub
parent 26190763c1
commit 45409ffe15
6 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bitnami/kafka/CHANGELOG.md
View File

@@ -1,8 +1,12 @@
# Changelog
## 29.2.4 (2024-06-06)
## 29.3.0 (2024-06-12)
* [bitnami/kafka] Release 29.2.4 ([#26966](https://github.com/bitnami/charts/pull/26966))
* [bitnami/kafka] Custom SANs for auto-generated TLS certificates ([#27092](https://github.com/bitnami/charts/pull/27092))
## <small>29.2.4 (2024-06-06)</small>
* [bitnami/kafka] Release 29.2.4 (#26966) ([92b9deb](https://github.com/bitnami/charts/commit/92b9debcd39ec036754fb3e33d9c171b53ced39f)), closes [#26966](https://github.com/bitnami/charts/issues/26966)
## <small>29.2.3 (2024-06-06)</small>

8
bitnami/kafka/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: zookeeper
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.4.1
version: 13.4.3
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.20.0
digest: sha256:e0f4cff91ea41cda29982a361c322d630321afe0f2e2a43ef3086bd1a27db421
generated: "2024-06-06T12:10:41.152662537Z"
version: 2.20.2
digest: sha256:91abdda7ef45989afd2f128c57e4d4a885272b1745731028e950b29fa90e4a70
generated: "2024-06-11T13:21:49.365141048+02:00"

2
bitnami/kafka/Chart.yaml
View File

@@ -40,4 +40,4 @@ maintainers:
name: kafka
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 29.2.4
version: 29.3.0

1
bitnami/kafka/README.md
View File

@@ -509,6 +509,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
| `tls.pemChainIncluded` | Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert. | `false` |
| `tls.existingSecret` | Name of the existing secret containing the TLS certificates for the Kafka nodes. | `""` |
| `tls.autoGenerated` | Generate automatically self-signed TLS certificates for Kafka brokers. Currently only supported if `tls.type` is `PEM` | `false` |
| `tls.customAltNames` | Optionally specify extra list of additional subject alternative names (SANs) for the automatically generated TLS certificates. | `[]` |
| `tls.passwordsSecret` | Name of the secret containing the password to access the JKS files or PEM key when they are password-protected. (`key`: `password`) | `""` |
| `tls.passwordsSecretKeystoreKey` | The secret key from the tls.passwordsSecret containing the password for the Keystore. | `keystore-password` |
| `tls.passwordsSecretTruststoreKey` | The secret key from the tls.passwordsSecret containing the password for the Truststore. | `truststore-password` |

11
bitnami/kafka/templates/tls-secret.yaml
View File

@@ -16,6 +16,17 @@ SPDX-License-Identifier: APACHE-2.0
{{- $altNames = append $altNames (printf "%s.%s" $replicaHost $releaseNamespace) }}
{{- $altNames = append $altNames $replicaHost }}
{{- end }}
{{- if .Values.externalAccess.enabled -}}
{{- with .Values.externalAccess.broker.service.domain }}
{{- $altNames = append $altNames . }}
{{- end }}
{{- with .Values.externalAccess.controller.service.domain }}
{{- $altNames = append $altNames . }}
{{- end }}
{{- end }}
{{- with .Values.tls.customAltNames }}
{{- $altNames = concat $altNames . }}
{{- end }}
{{- $replicaCount := int .Values.controller.replicaCount }}
{{- range $i := until $replicaCount }}
{{- $replicaHost := printf "%s-controller-%d.%s-controller-headless" $fullname $i $fullname }}

3
bitnami/kafka/values.yaml
View File

@@ -321,6 +321,9 @@ tls:
## Note: ignored when using 'jks' format or `tls.existingSecret` is not empty
##
autoGenerated: false
## @param tls.customAltNames Optionally specify extra list of additional subject alternative names (SANs) for the automatically generated TLS certificates.
##
customAltNames: []
## @param tls.passwordsSecret Name of the secret containing the password to access the JKS files or PEM key when they are password-protected. (`key`: `password`)
##
passwordsSecret: ""