[bitnami/kibana] Set usePasswordFiles=true by default (#32636)

* [bitnami/kibana] Set `usePasswordFiles=true` by default

Signed-off-by: Miguel Ruiz <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Bot <[email protected]>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Bot <[email protected]>

* Update conditionals

Signed-off-by: Miguel Ruiz <[email protected]>

* Update CHANGELOG.md

Signed-off-by: Bitnami Bot <[email protected]>

* Fix indent

Signed-off-by: Miguel Ruiz <[email protected]>

---------

Signed-off-by: Miguel Ruiz <[email protected]>
Signed-off-by: Bitnami Bot <[email protected]>
Co-authored-by: Bitnami Bot <[email protected]>

Author: migruiz4

bitnami/kibana/CHANGELOG.md

@@ -1,8 +1,13 @@
 # Changelog
 
-## 11.5.3 (2025-03-25)
+## 11.6.0 (2025-04-04)
 
-* [bitnami/kibana] Release 11.5.3 ([#32604](https://github.com/bitnami/charts/pull/32604))
+* [bitnami/kibana] Set `usePasswordFiles=true` by default ([#32636](https://github.com/bitnami/charts/pull/32636))
+
+## <small>11.5.3 (2025-03-25)</small>
+
+* [bitnami/*] Add tanzuCategory annotation (#32409) ([a8fba5c](https://github.com/bitnami/charts/commit/a8fba5cb01f6f4464ca7f69c50b0fbe97d837a95)), closes [#32409](https://github.com/bitnami/charts/issues/32409)
+* [bitnami/kibana] Release 11.5.3 (#32604) ([2bc41c9](https://github.com/bitnami/charts/commit/2bc41c9aa9ff2014a0c89cd626e0039a0108b29d)), closes [#32604](https://github.com/bitnami/charts/issues/32604)
 
 ## <small>11.5.2 (2025-03-04)</small>
 

bitnami/kibana/Chart.yaml

@@ -33,4 +33,4 @@ maintainers:
 name: kibana
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/kibana
-version: 11.5.3
+version: 11.6.0

bitnami/kibana/README.md

@@ -283,6 +283,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
 | `commonLabels`           | Labels to add to all deployed objects                                                                     | `{}`            |
 | `extraDeploy`            | A list of extra kubernetes resources to be deployed                                                       | `[]`            |
 | `clusterDomain`          | Kubernetes cluster domain name                                                                            | `cluster.local` |
+| `usePasswordFiles`       | Mount credentials as files instead of using environment variables                                         | `true`          |
 | `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden)                   | `false`         |
 | `diagnosticMode.command` | Command to override all containers in the the deployment(s)/statefulset(s)                                | `["sleep"]`     |
 | `diagnosticMode.args`    | Args to override all containers in the the deployment(s)/statefulset(s)                                   | `["infinity"]`  |

bitnami/kibana/templates/deployment.yaml

@@ -166,32 +166,52 @@ spec:
               value: "true"
             {{- end }}
             {{- if and .Values.tls.enabled .Values.tls.usePemCerts (or .Values.tls.keyPassword .Values.tls.passwordsSecret) }}
+            {{- if .Values.usePasswordFiles }}
+            - name: KIBANA_SERVER_KEY_PASSWORD_FILE
+              value: "/opt/bitnami/kibana/secrets/kibana-key-password"
+            {{- else }}
             - name: KIBANA_SERVER_KEY_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "kibana.tls.secretName" . }}
                   key: kibana-key-password
             {{- end }}
+            {{- end }}
             {{- if and .Values.tls.enabled (not .Values.tls.usePemCerts) (or .Values.tls.keystorePassword .Values.tls.passwordsSecret) }}
+            {{- if .Values.usePasswordFiles }}
+            - name: KIBANA_SERVER_KEYSTORE_PASSWORD_FILE
+              value: "/opt/bitnami/kibana/secrets/kibana-keystore-password"
+            {{- else }}
             - name: KIBANA_SERVER_KEYSTORE_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "kibana.tls.secretName" . }}
                   key: kibana-keystore-password
             {{- end }}
+            {{- end }}
             {{- if .Values.elasticsearch.security.auth.enabled }}
+            {{- if .Values.usePasswordFiles }}
+            - name: KIBANA_PASSWORD_FILE
+              value: "/opt/bitnami/kibana/secrets/kibana-password"
+            {{- else }}
             - name: KIBANA_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "kibana.elasticsearch.auth.secretName" . }}
                   key: kibana-password
             {{- end }}
+            {{- end }}
             {{- if and .Values.elasticsearch.security.auth.enabled .Values.elasticsearch.security.auth.createSystemUser }}
+            {{- if .Values.usePasswordFiles }}
+            - name: KIBANA_ELASTICSEARCH_PASSWORD_FILE
+              value: "/opt/bitnami/kibana/secrets/elasticsearch-password"
+            {{- else }}
             - name: KIBANA_ELASTICSEARCH_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ tpl .Values.elasticsearch.security.auth.elasticsearchPasswordSecret . }}
                   key: elasticsearch-password
+            {{- end }}
             - name: KIBANA_CREATE_USER
               value: "true"
             {{- end }}
@@ -202,12 +222,17 @@ spec:
             - name: KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE
               value: {{ .Values.elasticsearch.security.tls.verificationMode | quote }}
             {{- if and .Values.elasticsearch.security.tls.enabled (not .Values.elasticsearch.security.tls.usePemCerts) (or .Values.elasticsearch.security.tls.truststorePassword .Values.elasticsearch.security.tls.passwordsSecret) }}
+            {{- if .Values.usePasswordFiles }}
+            - name: KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD_FILE
+              value: "/opt/bitnami/kibana/secrets/elasticsearch-truststore-password"
+            {{- else }}
             - name: KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: {{ include "kibana.elasticsearch.tls.secretName" . }}
                   key: elasticsearch-truststore-password
             {{- end }}
+            {{- end }}
             {{- if .Values.extraEnvVars }}
             {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
             {{- end }}
@@ -274,6 +299,10 @@ spec:
               mountPath: /bitnami/kibana
             - name: kibana-config
               mountPath: /bitnami/kibana/conf
+            {{- if and .Values.usePasswordFiles (or .Values.elasticsearch.security.auth.enabled (and .Values.tls.enabled (or .Values.tls.passwordsSecret (ternary .Values.tls.keyPassword .Values.tls.keystorePassword .Values.tls.usePemCerts)))) }}
+            - name: kibana-secrets
+              mountPath: /opt/bitnami/kibana/secrets
+            {{- end }}
             {{- if .Values.tls.enabled }}
             - name: kibana-certificates
               mountPath: /opt/bitnami/kibana/config/certs/server
@@ -313,6 +342,29 @@ spec:
       volumes:
         - name: empty-dir
           emptyDir: {}
+        {{- if and .Values.usePasswordFiles (or .Values.elasticsearch.security.auth.enabled
+        (and .Values.elasticsearch.security.tls.enabled (not .Values.elasticsearch.security.tls.usePemCerts) (or .Values.elasticsearch.security.tls.truststorePassword .Values.elasticsearch.security.tls.passwordsSecret))
+        (and .Values.tls.enabled (or .Values.tls.passwordsSecret (ternary .Values.tls.keyPassword .Values.tls.keystorePassword .Values.tls.usePemCerts)))) }}
+        - name: kibana-secrets
+          projected:
+            sources:
+                {{- if and .Values.tls.enabled (or .Values.tls.passwordsSecret (ternary .Values.tls.keyPassword .Values.tls.keystorePassword .Values.tls.usePemCerts)) }}
+                - secret:
+                    name: {{ include "kibana.tls.secretName" . }}
+                {{- end }}
+                {{- if .Values.elasticsearch.security.auth.enabled }}
+                - secret:
+                    name: {{ include "kibana.elasticsearch.auth.secretName" . }}
+                {{- end }}
+                {{- if and .Values.elasticsearch.security.auth.enabled .Values.elasticsearch.security.auth.createSystemUser }}
+                - secret:
+                    name: {{ tpl .Values.elasticsearch.security.auth.elasticsearchPasswordSecret . }}
+                {{- end }}
+                {{- if and .Values.elasticsearch.security.tls.enabled (not .Values.elasticsearch.security.tls.usePemCerts) (or .Values.elasticsearch.security.tls.truststorePassword .Values.elasticsearch.security.tls.passwordsSecret) }}
+                - secret:
+                    name: {{ include "kibana.elasticsearch.tls.secretName" . }}
+                {{- end }}
+        {{- end }}
         - name: kibana-data
         {{- if .Values.persistence.enabled }}
           persistentVolumeClaim:

bitnami/kibana/values.yaml

@@ -57,6 +57,9 @@ extraDeploy: []
 ## @param clusterDomain Kubernetes cluster domain name
 ##
 clusterDomain: cluster.local
+## @param usePasswordFiles Mount credentials as files instead of using environment variables
+##
+usePasswordFiles: true
 ## Enable diagnostic mode in the deployment(s)/statefulset(s)
 ##
 diagnosticMode:
@@ -510,7 +513,7 @@ ingress:
   ##   path: /
   ##
   extraHosts: []
-  ## @param ingress.extraPaths Additional arbitrary path/backend objects. Evaluated as a template. 
+  ## @param ingress.extraPaths Additional arbitrary path/backend objects. Evaluated as a template.
   ## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
   ## extraPaths:
   ## - path: /*