bitnami/kafka Fix pem auth with custom encrypted private key (#28618)

* kafka:fix-typo

Signed-off-by: Vladimir Voitenko <vladimirdev635@gmail.com>

* kafka:fix-pem-auth-with-custom-key

Signed-off-by: Vladimir Voitenko <vladimirdev635@gmail.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update bitnami/kafka/templates/scripts-configmap.yaml

Co-authored-by: Miguel Ruiz <miguel.ruiz@broadcom.com>
Signed-off-by: Voldemat <77781574+Voldemat@users.noreply.github.com>

* Update bitnami/kafka/templates/scripts-configmap.yaml

Co-authored-by: Miguel Ruiz <miguel.ruiz@broadcom.com>
Signed-off-by: Voldemat <77781574+Voldemat@users.noreply.github.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update bitnami/kafka/templates/scripts-configmap.yaml

Co-authored-by: Miguel Ruiz <miguel.ruiz@broadcom.com>
Signed-off-by: Voldemat <77781574+Voldemat@users.noreply.github.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* kafka: change-version-to-30.0.5

Signed-off-by: Vladimir Voitenko <vladimirdev635@gmail.com>

* Update CHANGELOG.md

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: Vladimir Voitenko <vladimirdev635@gmail.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Signed-off-by: Voldemat <77781574+Voldemat@users.noreply.github.com>
Signed-off-by: Miguel Ruiz <miguelruizramos96@gmail.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Miguel Ruiz <miguelruizramos96@gmail.com>
Co-authored-by: Miguel Ruiz <miguel.ruiz@broadcom.com>

bitnami/kafka/CHANGELOG.md

@@ -1,8 +1,12 @@
 # Changelog
 
-## 30.0.4 (2024-08-14)
+## 30.0.5 (2024-08-20)
 
-* [bitnami/kafka] Release 30.0.4 ([#28878](https://github.com/bitnami/charts/pull/28878))
+* bitnami/kafka Fix pem auth with custom encrypted private key ([#28618](https://github.com/bitnami/charts/pull/28618))
+
+## <small>30.0.4 (2024-08-14)</small>
+
+* [bitnami/kafka] Release 30.0.4 (#28878) ([3ff1490](https://github.com/bitnami/charts/commit/3ff14908c56a481e551f94cee08ad0488042d186)), closes [#28878](https://github.com/bitnami/charts/issues/28878)
 
 ## <small>30.0.3 (2024-08-08)</small>
 

bitnami/kafka/Chart.yaml

@@ -40,4 +40,4 @@ maintainers:
 name: kafka
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kafka
-version: 30.0.4
+version: 30.0.5

bitnami/kafka/templates/scripts-configmap.yaml

@@ -192,15 +192,15 @@ data:
         if [[ -f "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.crt" && "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.key" ]]; then
           cp "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.crt" /certs/tls.crt
           # Copy the PEM key ensuring the key used PEM format with PKCS#8
-          openssl pkcs8 -topk8 -nocrypt -in "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.key" > /certs/tls.key
+          openssl pkcs8 -topk8 -nocrypt -passin pass:"${KAFKA_TLS_PEM_KEY_PASSWORD:-}" -in "/mounted-certs/kafka-${POD_ROLE}-${POD_ID}.key" > /certs/tls.key
         elif [[ -f /mounted-certs/kafka.crt && -f /mounted-certs/kafka.key ]]; then
           cp "/mounted-certs/kafka.crt" /certs/tls.crt
           # Copy the PEM key ensuring the key used PEM format with PKCS#8
-          openssl pkcs8 -topk8 -nocrypt -in "/mounted-certs/kafka.key" > /certs/tls.key
+          openssl pkcs8 -topk8 -passin pass:"${KAFKA_TLS_PEM_KEY_PASSWORD:-}" -nocrypt -in "/mounted-certs/kafka.key" > /certs/tls.key
         elif [[ -f /mounted-certs/tls.crt && -f /mounted-certs/tls.key ]]; then
           cp "/mounted-certs/tls.crt" /certs/tls.crt
           # Copy the PEM key ensuring the key used PEM format with PKCS#8
-          openssl pkcs8 -topk8 -nocrypt -in "/mounted-certs/tls.key" > /certs/tls.key
+          openssl pkcs8 -topk8 -passin pass:"${KAFKA_TLS_PEM_KEY_PASSWORD:-}" -nocrypt -in "/mounted-certs/tls.key" > /certs/tls.key
         else
           error "PEM key and cert files not found"
         fi

bitnami/kafka/values.yaml

@@ -308,7 +308,7 @@ tls:
   ## When using 'pem' format for certificates, each secret should contain a public CA certificate, a public certificate and one private key.
   ## Create these secrets following the steps below:
   ## 1) Create a certificate key and signing request per Kafka broker, and sign the signing request with your CA
-  ## 2) Rename your CA file to `kafka.ca.crt`.
+  ## 2) Rename your CA file to `kafka-ca.crt`.
   ## 3) Rename your certificates to `kafka-X.tls.crt` where X is the ID of each Kafka broker.
   ## 3) Rename your keys to `kafka-X.tls.key` where X is the ID of each Kafka broker.
   ## 4) Run the command below one time per broker to create its associated secret (SECRET_NAME_X is the name of the secret you want to create):