diff --git a/CHANGELOG.md b/CHANGELOG.md index fa67f27e..bbafc286 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# 6.6.5 + +- Added additional customization for redis secret. Can now specify auth secrey key: +```yaml +redis: + auth: + existingSecret: + existingSecretKey: + sidekiq: + auth: + existingSecret: + existingSecretKey: + cache: + auth: + existingSecret: + existingSecretKey: + +``` + # 6.6.4 - Update the mastodon version to v4.5.4 diff --git a/Chart.yaml b/Chart.yaml index ba86458f..1635a09b 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time # you make changes to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 6.6.4 +version: 6.6.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/templates/_db-migrate.tpl b/templates/_db-migrate.tpl index 23ddb347..7c4eda5b 100644 --- a/templates/_db-migrate.tpl +++ b/templates/_db-migrate.tpl @@ -111,7 +111,7 @@ spec: {{- else }} name: {{ template "mastodon.redis.secretName" . }} {{- end }} - key: redis-password + key: {{ .Values.redis.auth.existingSecretKey }} {{- if .preDeploy }} - name: "SKIP_POST_DEPLOYMENT_MIGRATIONS" value: "true" diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml index d2e4a3a0..a75d3c94 100644 --- a/templates/deployment-sidekiq.yaml +++ b/templates/deployment-sidekiq.yaml @@ -146,20 +146,20 @@ spec: valueFrom: secretKeyRef: name: {{ template "mastodon.redis.secretName" $context }} - key: redis-password + key: {{ $context.Values.redis.auth.existingSecretKey }} {{- if and $context.Values.redis.sidekiq.enabled $context.Values.redis.sidekiq.auth.existingSecret }} - name: "SIDEKIQ_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.sidekiq.secretName" $context }} - key: redis-password + key: {{ $context.Values.redis.sidekiq.auth.existingSecretKey }} {{- end }} {{- if and $context.Values.redis.cache.enabled $context.Values.redis.cache.auth.existingSecret }} - name: "CACHE_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.cache.secretName" $context }} - key: redis-password + key: {{ $context.Values.redis.cache.auth.existingSecretKey }} {{- end }} {{- if and $context.Values.elasticsearch.existingSecret (or $context.Values.elasticsearch.enabled $context.Values.elasticsearch.hostname) }} - name: "ES_PASS" diff --git a/templates/deployment-streaming.yaml b/templates/deployment-streaming.yaml index b0752a4d..6fa3078f 100644 --- a/templates/deployment-streaming.yaml +++ b/templates/deployment-streaming.yaml @@ -120,20 +120,20 @@ spec: valueFrom: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} - key: redis-password + key: {{ .Values.redis.auth.existingSecretKey }} {{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }} - name: "SIDEKIQ_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.sidekiq.secretName" . }} - key: redis-password + key: {{ .Values.redis.sidekiq.auth.existingSecretKey }} {{- end }} {{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }} - name: "CACHE_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.cache.secretName" . }} - key: redis-password + key: {{ .Values.redis.cache.auth.existingSecretKey }} {{- end }} - name: "PORT" value: {{ .Values.mastodon.streaming.port | quote }} diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml index 7f7056c5..bba77c85 100644 --- a/templates/deployment-web.yaml +++ b/templates/deployment-web.yaml @@ -123,20 +123,20 @@ spec: valueFrom: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} - key: redis-password + key: {{ .Values.redis.auth.existingSecretKey }} {{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }} - name: "SIDEKIQ_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.sidekiq.secretName" . }} - key: redis-password + key: {{ .Values.redis.sidekiq.auth.existingSecretKey }} {{- end }} {{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }} - name: "CACHE_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.cache.secretName" . }} - key: redis-password + key: {{ .Values.redis.cache.auth.existingSecretKey }} {{- end }} {{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }} - name: "ES_PASS" diff --git a/templates/job-create-admin.yaml b/templates/job-create-admin.yaml index 13b748b7..e3bf8eae 100644 --- a/templates/job-create-admin.yaml +++ b/templates/job-create-admin.yaml @@ -75,20 +75,20 @@ spec: valueFrom: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} - key: redis-password + key: {{ .Values.redis.auth.existingSecretKey }} {{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }} - name: "SIDEKIQ_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.sidekiq.secretName" . }} - key: redis-password + key: {{ .Values.redis.sidekiq.auth.existingSecretKey }} {{- end }} {{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }} - name: "CACHE_REDIS_PASSWORD" valueFrom: secretKeyRef: name: {{ template "mastodon.redis.cache.secretName" . }} - key: redis-password + key: {{ .Values.redis.cache.auth.existingSecretKey }} {{- end }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} diff --git a/templates/job-deploy-search.yaml b/templates/job-deploy-search.yaml index 44fc3c5a..4c16dde5 100644 --- a/templates/job-deploy-search.yaml +++ b/templates/job-deploy-search.yaml @@ -94,7 +94,7 @@ spec: valueFrom: secretKeyRef: name: {{ template "mastodon.redis.secretName" . }} - key: redis-password + key: {{ .Values.redis.auth.existingSecretKey }} - name: "PORT" value: {{ .Values.mastodon.web.port | quote }} {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/templates/secret-redis-preinstall.yaml b/templates/secret-redis-preinstall.yaml index 074e0353..a372b9ce 100644 --- a/templates/secret-redis-preinstall.yaml +++ b/templates/secret-redis-preinstall.yaml @@ -13,7 +13,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded type: Opaque data: - redis-password: "{{ .Values.redis.auth.password | b64enc }}" + {{ .Values.redis.auth.existingSecretKey }}: "{{ .Values.redis.auth.password | b64enc }}" {{- end }} {{- end }} {{- end }} diff --git a/templates/secret-redis.yaml b/templates/secret-redis.yaml index b1d8ac11..52dbbd09 100644 --- a/templates/secret-redis.yaml +++ b/templates/secret-redis.yaml @@ -9,7 +9,7 @@ metadata: {{- include "mastodon.labels" . | nindent 4 }} type: Opaque data: - redis-password: "{{ .Values.redis.auth.password | b64enc }}" + {{ .Values.redis.auth.existingSecretKey }}: "{{ .Values.redis.auth.password | b64enc }}" {{- end }} {{- end }} {{- end }} diff --git a/values.yaml b/values.yaml index 25e02dfb..33180d5e 100644 --- a/values.yaml +++ b/values.yaml @@ -756,8 +756,9 @@ redis: password: "" # setting password for an existing redis instance will store it in a new Secret # you can also specify the name of an existing Secret - # with a key of redis-password set to the password you want - # existingSecret: "" + # set to the password you want + existingSecret: "" + existingSecretKey: redis-password replica: replicaCount: 0 @@ -772,8 +773,9 @@ redis: auth: password: "" # you can also specify the name of an existing Secret - # with a key of redis-password set to the password you want + # set to the password you want existingSecret: "" + existingSecretKey: redis-password # Configuration for a separate redis instance only for cache. # If enabled, any values not specified will be copied from the base config. @@ -786,8 +788,9 @@ redis: auth: password: "" # you can also specify the name of an existing Secret - # with a key of redis-password set to the password you want + # set to the password you want existingSecret: "" + existingSecretKey: redis-password # -- Node(s) on which we will deploy the various redis pods master: