[bitnami/kafka] Release kafka-4.0.0-debian-12-r1 (#79548)

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>

bitnami/kafka/4.0/debian-12/Dockerfile

@@ -9,10 +9,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2025-03-24T10:56:38Z" \
+      org.opencontainers.image.created="2025-04-05T19:16:44Z" \
       org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
       org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \
-      org.opencontainers.image.ref.name="4.0.0-debian-12-r0" \
+      org.opencontainers.image.ref.name="4.0.0-debian-12-r1" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \
       org.opencontainers.image.title="kafka" \
       org.opencontainers.image.vendor="Broadcom, Inc." \
@@ -29,7 +29,6 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 RUN install_packages ca-certificates curl procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
     COMPONENTS=( \
-      "wait-for-port-1.0.8-14-linux-${OS_ARCH}-debian-12" \
       "jre-17.0.14-10-1-linux-${OS_ARCH}-debian-12" \
       "kafka-4.0.0-0-linux-${OS_ARCH}-debian-12" \
     ) ; \
@@ -55,7 +54,7 @@ RUN /opt/bitnami/scripts/kafka/postunpack.sh
 ENV APP_VERSION="4.0.0" \
     BITNAMI_APP_NAME="kafka" \
     JAVA_HOME="/opt/bitnami/java" \
-    PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH"
+    PATH="/opt/bitnami/java/bin:/opt/bitnami/kafka/bin:$PATH"
 
 EXPOSE 9092
 

bitnami/kafka/4.0/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json

@@ -10,11 +10,5 @@
         "distro": "debian-12",
         "type": "NAMI",
         "version": "4.0.0-0"
-    },
-    "wait-for-port": {
-        "arch": "amd64",
-        "distro": "debian-12",
-        "type": "NAMI",
-        "version": "1.0.8-14"
     }
 }

bitnami/kafka/4.0/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh

@@ -277,22 +277,12 @@ validate_string() {
                 return 1
                 ;;
             *)
-                break
+                string="$1"
                 ;;
         esac
         shift
     done
 
-    if [ "$#" -gt 1 ]; then
-        stderr_print "too many arguments provided"
-        return 2
-    elif [ "$#" -eq 0 ]; then
-        stderr_print "missing string"
-        return 1
-    else
-        string=$1
-    fi
-
     if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
         echo "string length is less than $min_length"
         return 1

bitnami/kafka/4.0/debian-12/rootfs/opt/bitnami/scripts/kafka-env.sh

@@ -34,11 +34,11 @@ kafka_env_vars=(
     KAFKA_ZOOKEEPER_PROTOCOL
     KAFKA_ZOOKEEPER_PASSWORD
     KAFKA_ZOOKEEPER_USER
+    KAFKA_ZOOKEEPER_TLS_TYPE
+    KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE
     KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD
     KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD
-    KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE
     KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME
-    KAFKA_ZOOKEEPER_TLS_TYPE
     KAFKA_INTER_BROKER_USER
     KAFKA_INTER_BROKER_PASSWORD
     KAFKA_CONTROLLER_USER
@@ -98,11 +98,11 @@ export KAFKA_OPTS="${KAFKA_OPTS:-}"
 export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}"
 export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}"
 export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}"
+export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}"
+export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"
 export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}"
 export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}"
-export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"
 export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}"
-export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}"
 
 # Authentication
 export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}"

bitnami/kafka/4.0/debian-12/rootfs/opt/bitnami/scripts/libkafka.sh

@@ -103,6 +103,13 @@ kafka_get_version() {
 
 ########################
 # Returns true if ZooKeeper is supported as metadata storage
+# Globals:
+#   None
+# Arguments:
+#   None
+# Returns:
+#   true/false
+#########################
 kafka_is_zookeeper_supported() {
     major_version="$(get_sematic_version "$(kafka_get_version)" 1)"
     if [[ "$major_version" -lt "4" ]]; then
@@ -943,7 +950,9 @@ kafka_initialize() {
         cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR"
     fi
     # Copy truststore to cert directory
-    for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do
+    local -a certs_vars=("KAFKA_TLS_TRUSTSTORE_FILE")
+    kafka_is_zookeeper_supported && certs_vars+=("KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE")
+    for cert_var in "${certs_vars[@]}"; do
         # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location)
         if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then
             info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}"
@@ -995,41 +1004,43 @@ kafka_initialize() {
             kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS"
         fi
         # Settings for each Kafka Listener are configured individually
-        read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")"
-        for protocol_map in "${protocol_maps[@]}"; do
-            read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")"
-            # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT
-            listener="${map[0]}"
-            protocol="${map[1]}"
-            listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')"
+        if ! is_empty_value "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}"; then
+            read -r -a protocol_maps <<<"$(tr ',' ' ' <<<"$KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP")"
+            for protocol_map in "${protocol_maps[@]}"; do
+                read -r -a map <<<"$(tr ':' ' ' <<<"$protocol_map")"
+                # Obtain the listener and protocol from protocol map string, e.g. CONTROLLER:PLAINTEXT
+                listener="${map[0]}"
+                protocol="${map[1]}"
+                listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')"
 
-            if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then
-                listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')"
-                env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH"
-                [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}"
-            fi
-            if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then
-                local role=""
-                if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then
-                    kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL"
-                    role="inter-broker"
-                elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then
-                    kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL"
-                    kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL"
-                    role="controller"
+                if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then
+                    listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')"
+                    env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH"
+                    [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}"
                 fi
-                # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly
-                if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then
-                    kafka_configure_consumer_producer_jaas
-                    kafka_producer_consumer_conf_set security.protocol "$protocol"
-                    kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}"
+                if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then
+                    local role=""
+                    if [[ "$listener" = "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-INTERNAL}" ]]; then
+                        kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL"
+                        role="inter-broker"
+                    elif [[ "${KAFKA_CFG_CONTROLLER_LISTENER_NAMES:-CONTROLLER}" =~ $listener ]]; then
+                        kafka_server_conf_set sasl.mechanism.controller.protocol "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL"
+                        kafka_server_conf_set "listener.name.${listener_lower}.sasl.enabled.mechanisms" "$KAFKA_CFG_SASL_MECHANISM_CONTROLLER_PROTOCOL"
+                        role="controller"
+                    fi
+                    # If KAFKA_CLIENT_LISTENER_NAME is found in the listeners list, configure the producer/consumer accordingly
+                    if [[ "$listener" = "${KAFKA_CLIENT_LISTENER_NAME:-CLIENT}" ]]; then
+                        kafka_configure_consumer_producer_jaas
+                        kafka_producer_consumer_conf_set security.protocol "$protocol"
+                        kafka_producer_consumer_conf_set sasl.mechanism "${KAFKA_CLIENT_SASL_MECHANISM:-$(kafka_client_sasl_mechanism)}"
+                    fi
+                    # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected
+                    if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then
+                        kafka_configure_server_jaas "$listener_lower" "${role:-}"
+                    fi
                 fi
-                # Configure inline listener jaas configuration, omitted if mounted JAAS conf file detected
-                if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then
-                    kafka_configure_server_jaas "$listener_lower" "${role:-}"
-                fi
-            fi
-        done
+            done
+        fi
         # Configure Kafka using environment variables
         # This is executed at the end, to allow users to override properties set by the initialization logic
         kafka_configure_from_environment_variables

bitnami/kafka/README.md

@@ -194,11 +194,11 @@ docker-compose up -d
 | `KAFKA_ZOOKEEPER_PROTOCOL`                | Authentication protocol for Zookeeper connections. Allowed protocols: `PLAINTEXT`, `SASL, SSL`, and `SASL_SSL`.                       | `PLAINTEXT`                         |
 | `KAFKA_ZOOKEEPER_PASSWORD`                | Kafka Zookeeper user password for SASL authentication.                                                                                | `nil`                               |
 | `KAFKA_ZOOKEEPER_USER`                    | Kafka Zookeeper user for SASL authentication.                                                                                         | `nil`                               |
+| `KAFKA_ZOOKEEPER_TLS_TYPE`                | Choose the TLS certificate format to use. Allowed values: `JKS`, `PEM`.                                                               | `JKS`                               |
+| `KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE`     | Kafka Zookeeper truststore file location.                                                                                             | `nil`                               |
 | `KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD`   | Kafka Zookeeper keystore file password and key password.                                                                              | `nil`                               |
 | `KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD` | Kafka Zookeeper truststore file password.                                                                                             | `nil`                               |
-| `KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE`     | Kafka Zookeeper truststore file location.                                                                                             | `nil`                               |
 | `KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME`     | Verify Zookeeper hostname on TLS certificates.                                                                                        | `true`                              |
-| `KAFKA_ZOOKEEPER_TLS_TYPE`                | Choose the TLS certificate format to use. Allowed values: `JKS`, `PEM`.                                                               | `JKS`                               |
 | `KAFKA_INTER_BROKER_USER`                 | Kafka inter broker communication user.                                                                                                | `user`                              |
 | `KAFKA_INTER_BROKER_PASSWORD`             | Kafka inter broker communication password.                                                                                            | `bitnami`                           |
 | `KAFKA_CONTROLLER_USER`                   | Kafka control plane communication user.                                                                                               | `controller_user`                   |