ssl - Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled with Kafka Bitnami helm chart

Question

I'm deploying the kafka bitnami chart with TLS enabled for the external client for testing.

I follow the instruction, however, I've got following error. What is wrong with my configuration?

$ kubectl logs my-release-kafka-0
Couldn't find the expected Java Key Stores (JKS) files! They are mandatory when encryption via TLS is enabled.

Secret Creation is like this.

kubectl create secret generic kafka-jks --from-file=./kafka.truststore.jks --from-file=./kafka-0.keystore.jks

Deploy helm chart is following.

helm install my-release 
  --set externalAccess.enabled=true 
  --set externalAccess.service.type=LoadBalancer 
  --set externalAccess.service.port=9094 
  --set externalAccess.autoDiscovery.enabled=true 
  --set serviceAccount.create=true 
  --set rbac.create=true 
  --set auth.clientProtocol=tls 
  --set auth.jksSecret=kafka-jks 
  --set auth.jksPassword=<MY_JKS_PASSWORD> 
bitnami/kafka

According to the kubectl describe pod, it looks successfully mounted.

    Mounts:
      /bitnami/kafka from data (rw)
      /certs from kafka-certificates (ro)
      /opt/bitnami/kafka/logs from logs (rw)
      /scripts/setup.sh from scripts (rw,path="setup.sh")
      /shared from shared (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from my-release-kafka-token-bkqgt (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  data:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  data-my-release-kafka-0
    ReadOnly:   false
  scripts:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      my-release-kafka-scripts
    Optional:  false
  shared:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
  kafka-certificates:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kafka-jks
    Optional:    false
             :

$ kubectl describe secret kafka-jks
Name:         kafka-jks
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
kafka-0.keystore.jks:  5181 bytes
kafka.truststore.jks:  1346 bytes

I also test if the keystore works correctly. It looks work.

$ keytool -keystore kafka-0.keystore.jks -export -alias localhost -rfc -file signed_exported.crt
Enter keystore password:  
Certificate stored in file <signed_exported.crt>

Answer 1

等待大神答复