diff --git a/bitnami/milvus/CHANGELOG.md b/bitnami/milvus/CHANGELOG.md
index 2a78ccbb81e0d6..2863e6146b179a 100644
--- a/bitnami/milvus/CHANGELOG.md
+++ b/bitnami/milvus/CHANGELOG.md
@@ -1,8 +1,12 @@
# Changelog
-## 8.2.7 (2024-06-18)
+## 8.3.0 (2024-06-19)
-* [bitnami/milvus] Release 8.2.7 ([#27403](https://github.com/bitnami/charts/pull/27403))
+* [bitnami/milvus] feat: config external S3 tls client certs settings (… ([#27068](https://github.com/bitnami/charts/pull/27068))
+
+## 8.2.7 (2024-06-18)
+
+* [bitnami/milvus] Release 8.2.7 (#27403) ([72a2ad7](https://github.com/bitnami/charts/commit/72a2ad7c8a3f2eac2cfeede24bbf96d28c13fa18)), closes [#27403](https://github.com/bitnami/charts/issues/27403)
## 8.2.6 (2024-06-17)
diff --git a/bitnami/milvus/Chart.yaml b/bitnami/milvus/Chart.yaml
index 9732bf4b6a7cc5..9e4bd8e303fd2c 100644
--- a/bitnami/milvus/Chart.yaml
+++ b/bitnami/milvus/Chart.yaml
@@ -48,4 +48,4 @@ maintainers:
name: milvus
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/milvus
-version: 8.2.7
+version: 8.3.0
diff --git a/bitnami/milvus/README.md b/bitnami/milvus/README.md
index dc338db447e24c..3c8ed62b72a8be 100644
--- a/bitnami/milvus/README.md
+++ b/bitnami/milvus/README.md
@@ -1725,20 +1725,22 @@ wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
### External S3 parameters
-| Name | Description | Value |
-| ----------------------------------------- | ------------------------------------------------------------------ | --------------- |
-| `externalS3.host` | External S3 host | `""` |
-| `externalS3.port` | External S3 port number | `443` |
-| `externalS3.accessKeyID` | External S3 access key ID | `""` |
-| `externalS3.accessKeySecret` | External S3 access key secret | `""` |
-| `externalS3.existingSecret` | Name of an existing secret resource containing the S3 credentials | `""` |
-| `externalS3.existingSecretAccessKeyIDKey` | Name of an existing secret key containing the S3 access key ID | `root-user` |
-| `externalS3.existingSecretKeySecretKey` | Name of an existing secret key containing the S3 access key secret | `root-password` |
-| `externalS3.protocol` | External S3 protocol | `https` |
-| `externalS3.bucket` | External S3 bucket | `milvus` |
-| `externalS3.rootPath` | External S3 root path | `file` |
-| `externalS3.iamEndpoint` | External S3 IAM endpoint | `""` |
-| `externalS3.cloudProvider` | External S3 cloud provider | `""` |
+| Name | Description | Value |
+| ----------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- |
+| `externalS3.host` | External S3 host | `""` |
+| `externalS3.port` | External S3 port number | `443` |
+| `externalS3.accessKeyID` | External S3 access key ID | `""` |
+| `externalS3.accessKeySecret` | External S3 access key secret | `""` |
+| `externalS3.existingSecret` | Name of an existing secret resource containing the S3 credentials | `""` |
+| `externalS3.existingSecretAccessKeyIDKey` | Name of an existing secret key containing the S3 access key ID | `root-user` |
+| `externalS3.existingSecretKeySecretKey` | Name of an existing secret key containing the S3 access key secret | `root-password` |
+| `externalS3.bucket` | External S3 bucket | `milvus` |
+| `externalS3.rootPath` | External S3 root path | `file` |
+| `externalS3.iamEndpoint` | External S3 IAM endpoint | `""` |
+| `externalS3.cloudProvider` | External S3 cloud provider | `""` |
+| `externalS3.tls.enabled` | Enable TLS for externalS3 client connections. | `false` |
+| `externalS3.tls.existingSecret` | Name of the existing secret containing the TLS certificates for externalS3 client communications. | `""` |
+| `externalS3.tls.caCert` | The secret key from the existingSecret if 'caCert' key different from the default (ca.crt) | `ca.crt` |
### External Kafka parameters
diff --git a/bitnami/milvus/templates/_helpers.tpl b/bitnami/milvus/templates/_helpers.tpl
index 497b984b4eda80..33898a8a750d27 100644
--- a/bitnami/milvus/templates/_helpers.tpl
+++ b/bitnami/milvus/templates/_helpers.tpl
@@ -605,7 +605,7 @@ Return the S3 protocol
{{- if .Values.minio.enabled -}}
{{- ternary "https" "http" .Values.minio.tls.enabled -}}
{{- else -}}
- {{- print .Values.externalS3.protocol -}}
+ {{- ternary "https" "http" .Values.externalS3.tls.enabled -}}
{{- end -}}
{{- end -}}
@@ -637,10 +637,8 @@ Return true if TLS is used
{{- define "milvus.s3.useSSL" -}}
{{- if .Values.minio.enabled -}}
{{- .Values.minio.tls.enabled -}}
- {{- else if (eq .Values.externalS3.protocol "https") -}}
- {{- print "true" -}}
{{- else -}}
- {{- print "false" -}}
+ {{- .Values.externalS3.tls.enabled -}}
{{- end -}}
{{- end -}}
@@ -772,7 +770,7 @@ Init container definition for waiting for the database to be ready
echo "Connection success"
exit 0
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
volumeMounts:
- name: etcd-client-certs
mountPath: /bitnami/milvus/conf/cert/etcd/client
@@ -816,14 +814,24 @@ Init container definition for waiting for the database to be ready
check_s3() {
local -r s3_host="${1:-?missing s3}"
- if curl --max-time 5 "${s3_host}" | grep "RequestId"; then
+ local params_cert=""
+
+ {{- if .Values.externalS3.tls.enabled }}
+ {{- if and .Values.externalS3.tls.existingSecret .Values.externalS3.tls.caCert }}
+ params_cert="--cacert /bitnami/milvus/conf/cert/minio/client/{{ .Values.externalS3.tls.caCert }}"
+ {{- else }}
+ params_cert="-k"
+ {{- end }}
+ {{- end }}
+
+ if curl --max-time 5 "${s3_host}" $params_cert | grep "RequestId"; then
return 0
else
return 1
fi
}
- host={{ printf "%v:%v" (include "milvus.s3.host" .) (include "milvus.s3.port" .) }}
+ host={{ template "milvus.s3.protocol" . }}://{{ printf "%v:%v" (include "milvus.s3.host" .) (include "milvus.s3.port" .) }}
echo "Checking connection to $host"
if retry_while "check_s3 $host"; then
@@ -835,6 +843,12 @@ Init container definition for waiting for the database to be ready
echo "Connection success"
exit 0
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ volumeMounts:
+ - name: minio-client-certs
+ mountPath: /bitnami/milvus/conf/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- end -}}
{{/*
@@ -1014,17 +1028,28 @@ Init container definition for waiting for the database to be ready
mv /bitnami/milvus/rendered-conf/pre-render-config_00.yaml /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
{{- end }}
+ # Minio TLS settings
+ {{- if and (not .context.Values.minio.enabled) .context.Values.externalS3.tls.enabled }}
+ {{- if and .context.Values.externalS3.tls.existingSecret .context.Values.externalS3.tls.caCert }}
+ yq e '.minio.ssl.tlsCACert = "/opt/bitnami/milvus/configs/cert/minio/client/{{ .context.Values.externalS3.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml > /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ {{- else }}
+ yq e '.minio.ssl.tlsCACert = ""' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml > /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ {{- end }}
+ {{- else }}
+ mv /bitnami/milvus/rendered-conf/pre-render-config_01.yaml /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ {{- end }}
+
# Milvus server TLS settings
- yq e '.common.security.tlsMode = {{ .context.Values.proxy.tls.mode }}' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml > /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ yq e '.common.security.tlsMode = {{ .context.Values.proxy.tls.mode }}' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml > /bitnami/milvus/rendered-conf/pre-render-config_03.yaml
{{- if ne (int .context.Values.proxy.tls.mode) 0 }}
- yq e -i '.tls.serverPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
- yq e -i '.tls.serverKeyPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ yq e -i '.tls.serverPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.cert }}"' /bitnami/milvus/rendered-conf/pre-render-config_03.yaml
+ yq e -i '.tls.serverKeyPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.key }}"' /bitnami/milvus/rendered-conf/pre-render-config_03.yaml
{{- if eq (int .context.Values.proxy.tls.mode) 2 }}
- yq e -i '.tls.caPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_02.yaml
+ yq e -i '.tls.caPemPath = "/opt/bitnami/milvus/configs/cert/milvus/{{ .context.Values.proxy.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_03.yaml
{{- end }}
{{- end }}
- render-template /bitnami/milvus/rendered-conf/pre-render-config_02.yaml > /bitnami/milvus/rendered-conf/milvus.yaml
+ render-template /bitnami/milvus/rendered-conf/pre-render-config_03.yaml > /bitnami/milvus/rendered-conf/milvus.yaml
rm /bitnami/milvus/rendered-conf/pre-render-config*
chmod 644 /bitnami/milvus/rendered-conf/milvus.yaml
env:
diff --git a/bitnami/milvus/templates/data-coordinator/deployment.yaml b/bitnami/milvus/templates/data-coordinator/deployment.yaml
index df3cb63ef94846..2ba108af1fecd5 100644
--- a/bitnami/milvus/templates/data-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/data-coordinator/deployment.yaml
@@ -175,7 +175,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -185,6 +185,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if .Values.dataCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -210,7 +215,7 @@ spec:
configMap:
name: {{ template "milvus.data-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
@@ -222,6 +227,12 @@ spec:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.dataCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/data-node/deployment.yaml b/bitnami/milvus/templates/data-node/deployment.yaml
index 9966c39c5f0c4f..b4a1d70532fbff 100644
--- a/bitnami/milvus/templates/data-node/deployment.yaml
+++ b/bitnami/milvus/templates/data-node/deployment.yaml
@@ -175,7 +175,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -185,6 +185,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if .Values.dataNode.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataNode.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -210,7 +215,7 @@ spec:
configMap:
name: {{ template "milvus.data-node.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
@@ -222,6 +227,12 @@ spec:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.dataNode.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.dataNode.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/index-coordinator/deployment.yaml b/bitnami/milvus/templates/index-coordinator/deployment.yaml
index 95c6edac4e7fbe..4201469f5aad42 100644
--- a/bitnami/milvus/templates/index-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/index-coordinator/deployment.yaml
@@ -175,7 +175,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -185,6 +185,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if .Values.indexCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -210,7 +215,7 @@ spec:
configMap:
name: {{ template "milvus.index-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
@@ -222,6 +227,12 @@ spec:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.indexCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/index-node/deployment.yaml b/bitnami/milvus/templates/index-node/deployment.yaml
index 86a48be9383553..87a40cc49e1931 100644
--- a/bitnami/milvus/templates/index-node/deployment.yaml
+++ b/bitnami/milvus/templates/index-node/deployment.yaml
@@ -175,7 +175,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -185,6 +185,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if .Values.indexNode.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexNode.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -210,7 +215,7 @@ spec:
configMap:
name: {{ template "milvus.index-node.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
@@ -222,6 +227,12 @@ spec:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.indexNode.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.indexNode.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/proxy/deployment.yaml b/bitnami/milvus/templates/proxy/deployment.yaml
index 7f6f29a38cf2d4..09c0e08aa44561 100644
--- a/bitnami/milvus/templates/proxy/deployment.yaml
+++ b/bitnami/milvus/templates/proxy/deployment.yaml
@@ -177,7 +177,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -187,6 +187,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if and (ne (int .Values.proxy.tls.mode) 0) .Values.proxy.tls.existingSecret }}
- name: milvus-certs
mountPath: /opt/bitnami/milvus/configs/cert/milvus
@@ -217,24 +222,30 @@ spec:
configMap:
name: {{ template "milvus.proxy.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
defaultMode: 256
{{- end }}
- {{- if and (ne (int .Values.proxy.tls.mode) 0) .Values.proxy.tls.existingSecret }}
- - name: milvus-certs
- secret:
- secretName: {{ .Values.proxy.tls.existingSecret }}
- defaultMode: 256
- {{- end }}
{{- if and (not .Values.kafka.enabled) .Values.externalKafka.tls.enabled .Values.externalKafka.tls.existingSecret }}
- name: kafka-client-certs
secret:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
+ {{- if and (ne (int .Values.proxy.tls.mode) 0) .Values.proxy.tls.existingSecret }}
+ - name: milvus-certs
+ secret:
+ secretName: {{ .Values.proxy.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.proxy.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.proxy.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/query-coordinator/deployment.yaml b/bitnami/milvus/templates/query-coordinator/deployment.yaml
index 3d1a9532cbe4eb..9a15e60804b580 100644
--- a/bitnami/milvus/templates/query-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/query-coordinator/deployment.yaml
@@ -175,7 +175,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -185,6 +185,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if .Values.queryCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -210,7 +215,7 @@ spec:
configMap:
name: {{ template "milvus.query-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
@@ -222,6 +227,12 @@ spec:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.queryCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/query-node/deployment.yaml b/bitnami/milvus/templates/query-node/deployment.yaml
index c81c544240e0e0..db215a85b3a116 100644
--- a/bitnami/milvus/templates/query-node/deployment.yaml
+++ b/bitnami/milvus/templates/query-node/deployment.yaml
@@ -175,7 +175,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -185,6 +185,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if .Values.queryNode.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryNode.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -210,7 +215,7 @@ spec:
configMap:
name: {{ template "milvus.query-node.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
@@ -222,6 +227,12 @@ spec:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.queryNode.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.queryNode.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/templates/root-coordinator/deployment.yaml b/bitnami/milvus/templates/root-coordinator/deployment.yaml
index d55eb1ca3261d4..5cc5f96e96ba15 100644
--- a/bitnami/milvus/templates/root-coordinator/deployment.yaml
+++ b/bitnami/milvus/templates/root-coordinator/deployment.yaml
@@ -175,7 +175,7 @@ spec:
- name: empty-dir
mountPath: /bitnami/milvus/data
subPath: app-data-dir
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
mountPath: /opt/bitnami/milvus/configs/cert/etcd/client
readOnly: true
@@ -185,6 +185,11 @@ spec:
mountPath: /opt/bitnami/milvus/configs/cert/kafka/client
readOnly: true
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ mountPath: /opt/bitnami/milvus/configs/cert/minio/client
+ readOnly: true
+ {{- end }}
{{- if .Values.rootCoord.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.rootCoord.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
@@ -210,7 +215,7 @@ spec:
configMap:
name: {{ template "milvus.root-coordinator.extraConfigmapName" . }}
{{- end }}
- {{- if and .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
+ {{- if and (not .Values.etcd.enabled) .Values.externalEtcd.tls.enabled .Values.externalEtcd.tls.existingSecret }}
- name: etcd-client-certs
secret:
secretName: {{ .Values.externalEtcd.tls.existingSecret }}
@@ -222,6 +227,12 @@ spec:
secretName: {{ .Values.externalKafka.tls.existingSecret }}
defaultMode: 256
{{- end }}
+ {{- if and (not .Values.minio.enabled) .Values.externalS3.tls.enabled .Values.externalS3.tls.existingSecret }}
+ - name: minio-client-certs
+ secret:
+ secretName: {{ .Values.externalS3.tls.existingSecret }}
+ defaultMode: 256
+ {{- end }}
{{- if .Values.rootCoord.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.rootCoord.extraVolumes "context" $) | nindent 8 }}
{{- end }}
diff --git a/bitnami/milvus/values.schema.json b/bitnami/milvus/values.schema.json
index 76d1961b88f972..18d9d6da3b4fea 100644
--- a/bitnami/milvus/values.schema.json
+++ b/bitnami/milvus/values.schema.json
@@ -7610,10 +7610,25 @@
"description": "Name of an existing secret key containing the S3 access key secret",
"default": "root-password"
},
- "protocol": {
- "type": "string",
- "description": "External S3 protocol",
- "default": "https"
+ "tls": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "description": "Enable TLS for external S3 client connections.",
+ "default": false
+ },
+ "existingSecret": {
+ "type": "string",
+ "description": "Name of the existing secret containing the TLS certificates for external S3 client communications.",
+ "default": ""
+ },
+ "caCert": {
+ "type": "string",
+ "description": "The secret key from the existingSecret if 'caCert' key different from the default (ca.crt)",
+ "default": "ca.crt"
+ }
+ }
},
"bucket": {
"type": "string",
@@ -7694,6 +7709,41 @@
"default": "PLAIN"
}
}
+ },
+ "tls": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "description": "Enable TLS for external Kafka client connections.",
+ "default": false
+ },
+ "existingSecret": {
+ "type": "string",
+ "description": "Name of the existing secret containing the TLS certificates for external Kafka client communications.",
+ "default": ""
+ },
+ "cert": {
+ "type": "string",
+ "description": "The secret key from the existingSecret if 'cert' key different from the default (tls.crt)",
+ "default": "tls.crt"
+ },
+ "key": {
+ "type": "string",
+ "description": "The secret key from the existingSecret if 'key' key different from the default (tls.key)",
+ "default": "tls.key"
+ },
+ "caCert": {
+ "type": "string",
+ "description": "The secret key from the existingSecret if 'caCert' key different from the default (ca.crt)",
+ "default": "ca.crt"
+ },
+ "keyPassword": {
+ "type": "string",
+ "description": "Password to access the password-protected PEM key if necessary.",
+ "default": ""
+ }
+ }
}
}
},
diff --git a/bitnami/milvus/values.yaml b/bitnami/milvus/values.yaml
index 642d4127f2ae09..99d1210960ab99 100644
--- a/bitnami/milvus/values.yaml
+++ b/bitnami/milvus/values.yaml
@@ -5270,7 +5270,6 @@ externalEtcd:
## @param externalS3.existingSecret Name of an existing secret resource containing the S3 credentials
## @param externalS3.existingSecretAccessKeyIDKey Name of an existing secret key containing the S3 access key ID
## @param externalS3.existingSecretKeySecretKey Name of an existing secret key containing the S3 access key secret
-## @param externalS3.protocol External S3 protocol
## @param externalS3.bucket External S3 bucket
## @param externalS3.rootPath External S3 root path
## @param externalS3.iamEndpoint External S3 IAM endpoint
@@ -5284,7 +5283,18 @@ externalS3:
existingSecret: ""
existingSecretAccessKeyIDKey: "root-user"
existingSecretKeySecretKey: "root-password"
- protocol: "https"
+ ## External S3 TLS connection configuration
+ ##
+ tls:
+ ## @param externalS3.tls.enabled Enable TLS for externalS3 client connections.
+ ##
+ enabled: false
+ ## @param externalS3.tls.existingSecret Name of the existing secret containing the TLS certificates for externalS3 client communications.
+ ##
+ existingSecret: ""
+ ## @param externalS3.tls.caCert The secret key from the existingSecret if 'caCert' key different from the default (ca.crt)
+ ##
+ caCert: ca.crt
bucket: "milvus"
rootPath: "file"
iamEndpoint: ""