From 464738be5cdc92f07559826c542a94c5d8340e56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?=
 <jsalmeron@vmware.com>
Date: Tue, 9 Apr 2024 10:08:46 +0200
Subject: [PATCH] [bitnami/cassandra] fix: :bug: :lock: Do not expose tls
 internode port unless encryption is set (#25045)

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
---
 bitnami/cassandra/Chart.yaml                 | 2 +-
 bitnami/cassandra/templates/service.yaml     | 3 +++
 bitnami/cassandra/templates/statefulset.yaml | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/bitnami/cassandra/Chart.yaml b/bitnami/cassandra/Chart.yaml
index 85371d320c..35a7236142 100644
--- a/bitnami/cassandra/Chart.yaml
+++ b/bitnami/cassandra/Chart.yaml
@@ -32,4 +32,4 @@ maintainers:
 name: cassandra
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/cassandra
-version: 11.0.2
+version: 11.0.3
diff --git a/bitnami/cassandra/templates/service.yaml b/bitnami/cassandra/templates/service.yaml
index 270a7917d4..780e441197 100644
--- a/bitnami/cassandra/templates/service.yaml
+++ b/bitnami/cassandra/templates/service.yaml
@@ -42,13 +42,16 @@ spec:
       {{- else if eq .Values.service.type "ClusterIP" }}
       nodePort: null
       {{- end }}
+    {{- if .Values.metrics.enabled }}
     - name: metrics
       port: {{ .Values.service.ports.metrics }}
+      targetPort: metrics
       {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }}
       nodePort: {{ .Values.service.nodePorts.metrics }}
       {{- else if eq .Values.service.type "ClusterIP" }}
       nodePort: null
       {{- end }}
+    {{- end }}
     {{- if .Values.service.extraPorts }}
     {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
     {{- end }}
diff --git a/bitnami/cassandra/templates/statefulset.yaml b/bitnami/cassandra/templates/statefulset.yaml
index 49d811393d..3e87c6d1db 100644
--- a/bitnami/cassandra/templates/statefulset.yaml
+++ b/bitnami/cassandra/templates/statefulset.yaml
@@ -423,6 +423,7 @@ spec:
               {{- else if .Values.hostPorts.intra }}
               hostPort: {{ .Values.hostPorts.intra }}
               {{- end }}
+            {{- if (ne (include "cassandra.internode.tlsEncryption" .) "none") }}
             - name: tls
               containerPort: {{ .Values.containerPorts.tls | default "7001" }}
               {{- if .Values.hostNetwork }}
@@ -430,6 +431,7 @@ spec:
               {{- else if .Values.hostPorts.tls }}
               hostPort: {{ .Values.hostPorts.tls }}
               {{- end }}
+            {{- end }}
             - name: jmx
               containerPort: {{ .Values.containerPorts.jmx | default "7199" }}
               {{- if .Values.hostNetwork }}