[bitnami/milvus] Do not expose externalKafka.tls.keyPassword (#27145)

* fix: 🔀 Undo rebase Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update CHANGELOG.md Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> Co-authored-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
2026-03-16 14:57:08 +08:00 · 2024-06-17 12:02:47 +02:00
parent 0783d6f35a
commit c16f98a612
4 changed files with 38 additions and 5 deletions
--- a/bitnami/milvus/CHANGELOG.md
+++ b/bitnami/milvus/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog

-## 8.2.4 (2024-06-14)
+## 8.2.5 (2024-06-17)

-* [bitnami/milvus] Release 8.2.4 ([#27171](https://github.com/bitnami/charts/pull/27171))
+* [bitnami/milvus] Do not expose externalKafka.tls.keyPassword ([#27145](https://github.com/bitnami/charts/pull/27145))
+
+## <small>8.2.4 (2024-06-14)</small>
+
+* [bitnami/milvus] Release 8.2.4 (#27171) ([5e6ddd4](https://github.com/bitnami/charts/commit/5e6ddd4911796bdc5e6456e8019c1600fe254deb)), closes [#27171](https://github.com/bitnami/charts/issues/27171)

 ## <small>8.2.3 (2024-06-14)</small>

--- a/bitnami/milvus/Chart.yaml
+++ b/bitnami/milvus/Chart.yaml
@@ -48,4 +48,4 @@ maintainers:
 name: milvus
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/milvus
-version: 8.2.4
+version: 8.2.5
--- a/bitnami/milvus/templates/_helpers.tpl
+++ b/bitnami/milvus/templates/_helpers.tpl
@@ -1007,7 +1007,7 @@ Init container definition for waiting for the database to be ready
      yq e -i '.kafka.ssl.tlsCaCert = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
      {{- end }}
      {{- if .context.Values.externalKafka.tls.keyPassword }}
-      yq e -i '.kafka.ssl.tlsKeyPassword = "{{ .context.Values.externalKafka.tls.keyPassword }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
+      yq e -i '.kafka.ssl.tlsKeyPassword = {{ print "{{ MILVUS_KAFKA_TLS_KEY_PASSWORD }}" | quote }}' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
      {{- end }}
      {{- end }}
      {{- else }}
@@ -1030,13 +1030,22 @@ Init container definition for waiting for the database to be ready
  env:
    - name: BITNAMI_DEBUG
      value: {{ ternary "true" "false" (or .context.Values.milvus.image.debug .context.Values.diagnosticMode.enabled) | quote }}
-    {{- if and (include "milvus.kafka.deployed" .context) (include "milvus.kafka.authEnabled" .context) }}
+    {{- if (include "milvus.kafka.deployed" .context) }}
+    {{- if (include "milvus.kafka.authEnabled" .context) }}
    - name: MILVUS_KAFKA_PASSWORD
      valueFrom:
        secretKeyRef:
          name: {{ include "milvus.kafka.secretName" .context }}
          key: {{ include "milvus.kafka.secretPasswordKey" .context }}
    {{- end }}
+    {{- if and .context.Values.externalKafka.tls.enabled .context.Values.externalKafka.tls.keyPassword .context.Values.externalKafka.tls.existingSecret }}
+    - name: MILVUS_KAFKA_TLS_KEY_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: {{ printf "%s-external-kafka-tls-passwords" (include "common.names.fullname" .context) }}
+          key: key-password
+    {{- end }}
+    {{- end }}
    {{- if and (include "milvus.s3.deployed" .context) }}
    - name: MILVUS_S3_ACCESS_ID
      valueFrom:
--- a/bitnami/milvus/templates/externalkafka-tls-password-secret.yaml
+++ b/bitnami/milvus/templates/externalkafka-tls-password-secret.yaml
@@ -0,0 +1,20 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.externalKafka.tls.enabled .Values.externalKafka.tls.keyPassword .Values.externalKafka.tls.existingSecret }}
+{{- $secretName := printf "%s-external-kafka-tls-passwords" (include "common.names.fullname" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  key-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "key-password" "providedValues" (list "externalKafka.tls.keyPassword") "context" $) }}
+{{- end }}