Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-07 16:17:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/zookeeper] customize secrets keys to use SSL with cert-manager (#9679)

Browse Source 
* [bitnami/zookeeper] customize secrets keys to use SSL with cert-manager

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] Fix some comments from review

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] Remove deprecated validations(from review)

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] Fixes from review 2

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* Fix last comment from review

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] customize secrets keys to use SSL with cert-manager

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] Fix some comments from review

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] Remove deprecated validations(from review)

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] Fixes from review 2

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* Fix last comment from review

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Apply suggestions from code review

Co-authored-by: Jose Antonio Carmona <joancafom@icloud.com>
Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* [bitnami/zookeeper] Update values from suggestions

Signed-off-by: Yohan Boyer <yohan.boyer@ioterop.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* [bitnami/zookeeper] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Bitnami Containers <containers@bitnami.com>
Co-authored-by: Jose Antonio Carmona <joancafom@icloud.com>
This commit is contained in:
Yohan Boyer
2022-04-22 10:17:49 +02:00
committed by GitHub
parent 6751ed06a4
commit 86a0784ad6
6 changed files with 173 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/zookeeper/Chart.yaml
View File

@@ -21,4 +21,4 @@ name: zookeeper
sources:
- https://github.com/bitnami/bitnami-docker-zookeeper
- https://zookeeper.apache.org/
version: 9.0.6
version: 9.1.0

54
bitnami/zookeeper/README.md
View File

@@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `image.registry` | ZooKeeper image registry | `docker.io` |
| `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.7.0-debian-10-r265` |
| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-10-r34` |
| `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Specify if debug values should be set | `false` |
@@ -244,7 +244,7 @@ The command removes all the Kubernetes components associated with the chart and
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r312` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r400` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
@@ -279,26 +279,36 @@ The command removes all the Kubernetes components associated with the chart and
### TLS/SSL parameters
| Name | Description | Value |
| -------------------------------- | ----------------------------------------------------------------------------------------------- | --------------------------------------------------------------------- |
| `tls.client.enabled` | Enable TLS for client connections | `false` |
| `tls.client.autoGenerated` | Generate automatically self-signed TLS certificates for ZooKeeper client communications | `false` |
| `tls.client.existingSecret` | Name of the existing secret containing the TLS certificates for ZooKeeper client communications | `""` |
| `tls.client.keystorePath` | Location of the KeyStore file used for Client connections | `/opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks` |
| `tls.client.truststorePath` | Location of the TrustStore file used for Client connections | `/opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks` |
| `tls.client.passwordsSecretName` | Existing secret containing Keystore and truststore passwords | `""` |
| `tls.client.keystorePassword` | Password to access KeyStore if needed | `""` |
| `tls.client.truststorePassword` | Password to access TrustStore if needed | `""` |
| `tls.quorum.enabled` | Enable TLS for quorum protocol | `false` |
| `tls.quorum.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates. | `false` |
| `tls.quorum.existingSecret` | Name of the existing secret containing the TLS certificates for ZooKeeper quorum protocol | `""` |
| `tls.quorum.keystorePath` | Location of the KeyStore file used for Quorum protocol | `/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks` |
| `tls.quorum.truststorePath` | Location of the TrustStore file used for Quorum protocol | `/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks` |
| `tls.quorum.passwordsSecretName` | Existing secret containing Keystore and truststore passwords | `""` |
| `tls.quorum.keystorePassword` | Password to access KeyStore if needed | `""` |
| `tls.quorum.truststorePassword` | Password to access TrustStore if needed | `""` |
| `tls.resources.limits` | The resources limits for the TLS init container | `{}` |
| `tls.resources.requests` | The requested resources for the TLS init container | `{}` |
| Name | Description | Value |
| ----------------------------------------- | -------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------- |
| `tls.client.enabled` | Enable TLS for client connections | `false` |
| `tls.client.auth` | SSL Client auth. Can be "none", "want" or "need". | `none` |
| `tls.client.autoGenerated` | Generate automatically self-signed TLS certificates for ZooKeeper client communications | `false` |
| `tls.client.existingSecret` | Name of the existing secret containing the TLS certificates for ZooKeeper client communications | `""` |
| `tls.client.existingSecretKeystoreKey` | The secret key from the tls.client.existingSecret containing the Keystore. | `""` |
| `tls.client.existingSecretTruststoreKey` | The secret key from the tls.client.existingSecret containing the Truststore. | `""` |
| `tls.client.keystorePath` | Location of the KeyStore file used for Client connections | `/opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks` |
| `tls.client.truststorePath` | Location of the TrustStore file used for Client connections | `/opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks` |
| `tls.client.passwordsSecretName` | Existing secret containing Keystore and truststore passwords | `""` |
| `tls.client.passwordsSecretKeystoreKey` | The secret key from the tls.client.passwordsSecretName containing the password for the Keystore. | `""` |
| `tls.client.passwordsSecretTruststoreKey` | The secret key from the tls.client.passwordsSecretName containing the password for the Truststore. | `""` |
| `tls.client.keystorePassword` | Password to access KeyStore if needed | `""` |
| `tls.client.truststorePassword` | Password to access TrustStore if needed | `""` |
| `tls.quorum.enabled` | Enable TLS for quorum protocol | `false` |
| `tls.quorum.auth` | SSL Quorum Client auth. Can be "none", "want" or "need". | `none` |
| `tls.quorum.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates. | `false` |
| `tls.quorum.existingSecret` | Name of the existing secret containing the TLS certificates for ZooKeeper quorum protocol | `""` |
| `tls.quorum.existingSecretKeystoreKey` | The secret key from the tls.quorum.existingSecret containing the Keystore. | `""` |
| `tls.quorum.existingSecretTruststoreKey` | The secret key from the tls.quorum.existingSecret containing the Truststore. | `""` |
| `tls.quorum.keystorePath` | Location of the KeyStore file used for Quorum protocol | `/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks` |
| `tls.quorum.truststorePath` | Location of the TrustStore file used for Quorum protocol | `/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks` |
| `tls.quorum.passwordsSecretName` | Existing secret containing Keystore and truststore passwords | `""` |
| `tls.quorum.passwordsSecretKeystoreKey` | The secret key from the tls.quorum.passwordsSecretName containing the password for the Keystore. | `""` |
| `tls.quorum.passwordsSecretTruststoreKey` | The secret key from the tls.quorum.passwordsSecretName containing the password for the Truststore. | `""` |
| `tls.quorum.keystorePassword` | Password to access KeyStore if needed | `""` |
| `tls.quorum.truststorePassword` | Password to access TrustStore if needed | `""` |
| `tls.resources.limits` | The resources limits for the TLS init container | `{}` |
| `tls.resources.requests` | The requested resources for the TLS init container | `{}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

88
bitnami/zookeeper/templates/_helpers.tpl
View File

@@ -190,6 +190,50 @@ Return the secret containing ZooKeeper client TLS certificates
{{- end -}}
{{- end -}}
{{/*
Get the quorum keystore key to be retrieved from tls.quorum.existingSecret.
*/}}
{{- define "zookeeper.quorum.tlsKeystoreKey" -}}
{{- if and .Values.tls.quorum.existingSecret .Values.tls.quorum.existingSecretKeystoreKey -}}
{{- printf "%s" .Values.tls.quorum.existingSecretKeystoreKey -}}
{{- else -}}
{{- printf "zookeeper.keystore.jks" -}}
{{- end -}}
{{- end -}}
{{/*
Get the quorum truststore key to be retrieved from tls.quorum.existingSecret.
*/}}
{{- define "zookeeper.quorum.tlsTruststoreKey" -}}
{{- if and .Values.tls.quorum.existingSecret .Values.tls.quorum.existingSecretTruststoreKey -}}
{{- printf "%s" .Values.tls.quorum.existingSecretTruststoreKey -}}
{{- else -}}
{{- printf "zookeeper.truststore.jks" -}}
{{- end -}}
{{- end -}}
{{/*
Get the client keystore key to be retrieved from tls.client.existingSecret.
*/}}
{{- define "zookeeper.client.tlsKeystoreKey" -}}
{{- if and .Values.tls.client.existingSecret .Values.tls.client.existingSecretKeystoreKey -}}
{{- printf "%s" .Values.tls.client.existingSecretKeystoreKey -}}
{{- else -}}
{{- printf "zookeeper.keystore.jks" -}}
{{- end -}}
{{- end -}}
{{/*
Get the client truststore key to be retrieved from tls.client.existingSecret.
*/}}
{{- define "zookeeper.client.tlsTruststoreKey" -}}
{{- if and .Values.tls.client.existingSecret .Values.tls.client.existingSecretTruststoreKey -}}
{{- printf "%s" .Values.tls.client.existingSecretTruststoreKey -}}
{{- else -}}
{{- printf "zookeeper.truststore.jks" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a secret containing the Keystore and Truststore password should be created for ZooKeeper client
*/}}
@@ -211,6 +255,50 @@ Return the name of the secret containing the Keystore and Truststore password
{{- end -}}
{{- end -}}
{{/*
Get the quorum keystore password key to be retrieved from tls.quorum.passwordSecretName.
*/}}
{{- define "zookeeper.quorum.tlsPasswordKeystoreKey" -}}
{{- if and .Values.tls.quorum.passwordsSecretName .Values.tls.quorum.passwordsSecretKeystoreKey -}}
{{- printf "%s" .Values.tls.quorum.passwordsSecretKeystoreKey -}}
{{- else -}}
{{- printf "keystore-password" -}}
{{- end -}}
{{- end -}}
{{/*
Get the quorum truststore password key to be retrieved from tls.quorum.passwordSecretName.
*/}}
{{- define "zookeeper.quorum.tlsPasswordTruststoreKey" -}}
{{- if and .Values.tls.quorum.passwordsSecretName .Values.tls.quorum.passwordsSecretTruststoreKey -}}
{{- printf "%s" .Values.tls.quorum.passwordsSecretTruststoreKey -}}
{{- else -}}
{{- printf "truststore-password" -}}
{{- end -}}
{{- end -}}
{{/*
Get the client keystore password key to be retrieved from tls.client.passwordSecretName.
*/}}
{{- define "zookeeper.client.tlsPasswordKeystoreKey" -}}
{{- if and .Values.tls.client.passwordsSecretName .Values.tls.client.passwordsSecretKeystoreKey -}}
{{- printf "%s" .Values.tls.client.passwordsSecretKeystoreKey -}}
{{- else -}}
{{- printf "keystore-password" -}}
{{- end -}}
{{- end -}}
{{/*
Get the client truststore password key to be retrieved from tls.client.passwordSecretName.
*/}}
{{- define "zookeeper.client.tlsPasswordTruststoreKey" -}}
{{- if and .Values.tls.client.passwordsSecretName .Values.tls.client.passwordsSecretTruststoreKey -}}
{{- printf "%s" .Values.tls.client.passwordsSecretTruststoreKey -}}
{{- else -}}
{{- printf "truststore-password" -}}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message.
*/}}

12
bitnami/zookeeper/templates/scripts-configmap.yaml
View File

@@ -37,9 +37,9 @@ data:
exit 1
fi
{{- else }}
elif [[ -f "/certs/client/zookeeper.truststore.jks" ]] && [[ -f "/certs/client/zookeeper.keystore.jks" ]]; then
cp "/certs/client/zookeeper.truststore.jks" "/opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks"
cp "/certs/client/zookeeper.keystore.jks" "/opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks"
elif [[ -f {{ printf "/certs/client/%s" (include "zookeeper.client.tlsTruststoreKey" .) | quote }} ]] && [[ -f {{ printf "/certs/client/%s" (include "zookeeper.client.tlsKeystoreKey" .) | quote }} ]]; then
cp {{ printf "/certs/client/%s" (include "zookeeper.client.tlsTruststoreKey" .) | quote }} "/opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks"
cp {{ printf "/certs/client/%s" (include "zookeeper.client.tlsKeystoreKey" .) | quote }} "/opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks"
else
echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when Client encryption via TLS is enabled."
exit 1
@@ -68,9 +68,9 @@ data:
exit 1
fi
{{- else }}
elif [[ -f "/certs/quorum/zookeeper.truststore.jks" ]] && [[ -f "/certs/quorum/zookeeper.keystore.jks" ]]; then
cp "/certs/quorum/zookeeper.truststore.jks" "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks"
cp "/certs/quorum/zookeeper.keystore.jks" "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks"
elif [[ -f {{ printf "/certs/quorum/%s" (include "zookeeper.quorum.tlsTruststoreKey" .) | quote }} ]] && [[ -f {{ printf "/certs/quorum/%s" (include "zookeeper.quorum.tlsKeystoreKey" .) | quote }} ]]; then
cp {{ printf "/certs/quorum/%s" (include "zookeeper.quorum.tlsTruststoreKey" .) | quote }} "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks"
cp {{ printf "/certs/quorum/%s" (include "zookeeper.quorum.tlsKeystoreKey" .) | quote }} "/opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks"
else
echo "Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when Quorum encryption via TLS is enabled."
exit 1

26
bitnami/zookeeper/templates/statefulset.yaml
View File

@@ -124,24 +124,24 @@ spec:
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.client.tlsPasswordsSecret" . }}
key: "keystore-password"
key: {{ include "zookeeper.client.tlsPasswordKeystoreKey" . }}
- name: ZOO_TLS_CLIENT_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.client.tlsPasswordsSecret" . }}
key: "truststore-password"
key: {{ include "zookeeper.client.tlsPasswordTruststoreKey" . }}
{{- end }}
{{- if or .Values.tls.quorum.passwordsSecretName (include "zookeeper.quorum.createTlsPasswordsSecret" .) }}
- name: ZOO_TLS_QUORUM_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }}
key: "keystore-password"
key: {{ include "zookeeper.quorum.tlsPasswordKeystoreKey" . }}
- name: ZOO_TLS_QUORUM_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }}
key: "truststore-password"
key: {{ include "zookeeper.quorum.tlsPasswordTruststoreKey" . }}
{{- end }}
{{- if .Values.tls.resources }}
resources: {{- toYaml .Values.tls.resources | nindent 12 }}
@@ -245,10 +245,6 @@ spec:
{{- end }}
- name: ZOO_HEAP_SIZE
value: {{ .Values.heapSize | quote }}
{{- if .Values.log4jProp }}
- name: ZOO_LOG4J_PROP
value: {{ .Values.log4jProp | quote }}
{{- end }}
- name: ZOO_LOG_LEVEL
value: {{ .Values.logLevel | quote }}
- name: ALLOW_ANONYMOUS_LOGIN
@@ -264,8 +260,12 @@ spec:
value: {{ .Values.metrics.containerPort | quote }}
{{- end }}
{{- if .Values.tls.client.enabled }}
- name: ZOO_TLS_PORT_NUMBER
value: {{ .Values.containerPorts.tls | quote }}
- name: ZOO_TLS_CLIENT_ENABLE
value: {{ .Values.tls.client.enabled | quote }}
- name: ZOO_TLS_CLIENT_AUTH
value: {{ .Values.tls.client.auth | quote }}
- name: ZOO_TLS_CLIENT_KEYSTORE_FILE
value: {{ .Values.tls.client.keystorePath | quote }}
- name: ZOO_TLS_CLIENT_TRUSTSTORE_FILE
@@ -275,19 +275,21 @@ spec:
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.client.tlsPasswordsSecret" . }}
key: "keystore-password"
key: {{ include "zookeeper.client.tlsPasswordKeystoreKey" . }}
{{- end }}
{{- if or .Values.tls.client.truststorePassword .Values.tls.client.passwordsSecretName .Values.tls.client.autoGenerated }}
- name: ZOO_TLS_CLIENT_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.client.tlsPasswordsSecret" . }}
key: "truststore-password"
key: {{ include "zookeeper.client.tlsPasswordTruststoreKey" . }}
{{- end }}
{{- end }}
{{- if .Values.tls.quorum.enabled }}
- name: ZOO_TLS_QUORUM_ENABLE
value: {{ .Values.tls.quorum.enabled | quote }}
- name: ZOO_TLS_QUORUM_CLIENT_AUTH
value: {{ .Values.tls.quorum.auth | quote }}
- name: ZOO_TLS_QUORUM_KEYSTORE_FILE
value: {{ .Values.tls.quorum.keystorePath | quote }}
- name: ZOO_TLS_QUORUM_TRUSTSTORE_FILE
@@ -297,14 +299,14 @@ spec:
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }}
key: "keystore-password"
key: {{ include "zookeeper.quorum.tlsPasswordKeystoreKey" . }}
{{- end }}
{{- if or .Values.tls.quorum.truststorePassword .Values.tls.quorum.passwordsSecretName .Values.tls.quorum.autoGenerated }}
- name: ZOO_TLS_QUORUM_TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "zookeeper.quorum.tlsPasswordsSecret" . }}
key: "truststore-password"
key: {{ include "zookeeper.quorum.tlsPasswordTruststoreKey" . }}
{{- end }}
{{- end }}
- name: POD_NAME

34
bitnami/zookeeper/values.yaml
View File

@@ -75,7 +75,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/zookeeper
tag: 3.8.0-debian-10-r34
tag: 3.8.0-debian-10-r37
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -621,7 +621,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 10-debian-10-r400
tag: 10-debian-10-r403
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
@@ -750,6 +750,9 @@ tls:
## @param tls.client.enabled Enable TLS for client connections
##
enabled: false
## @param tls.client.auth SSL Client auth. Can be "none", "want" or "need".
##
auth: "none"
## @param tls.client.autoGenerated Generate automatically self-signed TLS certificates for ZooKeeper client communications
## Currently only supports PEM certificates
##
@@ -757,6 +760,12 @@ tls:
## @param tls.client.existingSecret Name of the existing secret containing the TLS certificates for ZooKeeper client communications
##
existingSecret: ""
## @param tls.client.existingSecretKeystoreKey The secret key from the tls.client.existingSecret containing the Keystore.
##
existingSecretKeystoreKey: ""
## @param tls.client.existingSecretTruststoreKey The secret key from the tls.client.existingSecret containing the Truststore.
##
existingSecretTruststoreKey: ""
## @param tls.client.keystorePath Location of the KeyStore file used for Client connections
##
keystorePath: /opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks
@@ -766,6 +775,12 @@ tls:
## @param tls.client.passwordsSecretName Existing secret containing Keystore and truststore passwords
##
passwordsSecretName: ""
## @param tls.client.passwordsSecretKeystoreKey The secret key from the tls.client.passwordsSecretName containing the password for the Keystore.
##
passwordsSecretKeystoreKey: ""
## @param tls.client.passwordsSecretTruststoreKey The secret key from the tls.client.passwordsSecretName containing the password for the Truststore.
##
passwordsSecretTruststoreKey: ""
## @param tls.client.keystorePassword Password to access KeyStore if needed
##
keystorePassword: ""
@@ -776,12 +791,21 @@ tls:
## @param tls.quorum.enabled Enable TLS for quorum protocol
##
enabled: false
## @param tls.quorum.auth SSL Quorum Client auth. Can be "none", "want" or "need".
##
auth: "none"
## @param tls.quorum.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates.
##
autoGenerated: false
## @param tls.quorum.existingSecret Name of the existing secret containing the TLS certificates for ZooKeeper quorum protocol
##
existingSecret: ""
## @param tls.quorum.existingSecretKeystoreKey The secret key from the tls.quorum.existingSecret containing the Keystore.
##
existingSecretKeystoreKey: ""
## @param tls.quorum.existingSecretTruststoreKey The secret key from the tls.quorum.existingSecret containing the Truststore.
##
existingSecretTruststoreKey: ""
## @param tls.quorum.keystorePath Location of the KeyStore file used for Quorum protocol
##
keystorePath: /opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks
@@ -791,6 +815,12 @@ tls:
## @param tls.quorum.passwordsSecretName Existing secret containing Keystore and truststore passwords
##
passwordsSecretName: ""
## @param tls.quorum.passwordsSecretKeystoreKey The secret key from the tls.quorum.passwordsSecretName containing the password for the Keystore.
##
passwordsSecretKeystoreKey: ""
## @param tls.quorum.passwordsSecretTruststoreKey The secret key from the tls.quorum.passwordsSecretName containing the password for the Truststore.
##
passwordsSecretTruststoreKey: ""
## @param tls.quorum.keystorePassword Password to access KeyStore if needed
##
keystorePassword: ""