mirror of
https://github.com/bitnami/charts.git
synced 2026-03-29 16:27:11 +08:00
[bitnami/kafka] Add support for PEM certificates (#5825)
* [bitnami/kafka] Add support for PEM certificates Signed-off-by: juan131 <juanariza@vmware.com> * Update bitnami/kafka/README.md Co-authored-by: Andrés Bono <andresbonojimenez@gmail.com> * Update bitnami/kafka/README.md Co-authored-by: Andrés Bono <andresbonojimenez@gmail.com> * [bitnami/kafka] Update components versions Signed-off-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Andrés Bono <andresbonojimenez@gmail.com> Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Juan Ariza Toledano
committed by
GitHub
GitHub
parent
c9adefff01
commit
b437fef9f2
34
bitnami/kafka/templates/tls-secret.yaml
Normal file
34
bitnami/kafka/templates/tls-secret.yaml
Normal file
@@ -0,0 +1,34 @@
|
||||
{{- if (include "kafka.createTlsSecret" .) }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "kafka.fullname" . }}-tls
|
||||
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
||||
{{- if .Values.commonLabels }}
|
||||
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.commonAnnotations }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||
{{- end }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- $root := . }}
|
||||
{{- range $path, $bytes := .Files.Glob "files/tls/*.{crt,pem,jks}" }}
|
||||
{{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.auth.tls.type "pem") .Values.auth.tls.autoGenerated }}
|
||||
{{- $replicaCount := int .Values.replicaCount }}
|
||||
{{- $releaseNamespace := .Release.Namespace -}}
|
||||
{{- $clusterDomain := .Values.clusterDomain -}}
|
||||
{{- $fullname := include "kafka.fullname" . -}}
|
||||
{{- $ca := genCA "kafka-ca" 365 }}
|
||||
{{- range $i := until $replicaCount }}
|
||||
{{- $replicaHost := printf "%s-%d.%s-headless" $fullname $i $fullname -}}
|
||||
{{- $altNames := list (printf "%s.%s.svc.%s" $replicaHost $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $replicaHost $releaseNamespace) (printf "%s.%s" $fullname $releaseNamespace) $replicaHost $fullname -}}
|
||||
{{- $cert := genSignedCert $replicaHost nil $altNames 365 $ca }}
|
||||
kafka-{{ $i }}.keystore.pem: {{ $cert.Cert | b64enc | quote }}
|
||||
kafka-{{ $i }}.keystore.key: {{ $cert.Key | b64enc | quote }}
|
||||
{{- end }}
|
||||
kafka.truststore.pem: {{ $ca.Cert | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user