Skip to content

Add additional configuration for redis secrets #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
timetinytim wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Add additional configuration for redis secrets #201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
57bb346
Add additional configuration for redis secrets
timetinytim Aug 4, 2025
57e838d
Merge branch 'main' into add-redis-secret-customization
timetinytim Aug 5, 2025
298f30d
A bit more clarity in the changelog
timetinytim Aug 5, 2025
35cd066
Merge branch 'main' into add-redis-secret-customization
timetinytim Sep 16, 2025
ce9c827
Merge branch 'main' into add-redis-secret-customization
timetinytim Sep 26, 2025
6cadc2b
Merge branch 'main' into add-redis-secret-customization
timetinytim Oct 13, 2025
a2a9929
Bump chart version
timetinytim Oct 13, 2025
2d7eb8e
Merge branch 'main' into add-redis-secret-customization
timetinytim Oct 15, 2025
e5ada50
Merge branch 'main' into add-redis-secret-customization
timetinytim Oct 20, 2025
37b5d21
Merge branch 'main' into add-redis-secret-customization
timetinytim Oct 21, 2025
e53ee42
Merge branch 'main' into add-redis-secret-customization
timetinytim Nov 6, 2025
11b827d
Merge branch 'main' into add-redis-secret-customization
timetinytim Nov 14, 2025
d21bb02
Merge branch 'main' into add-redis-secret-customization
timetinytim Nov 21, 2025
038bb24
Merge branch 'main' into add-redis-secret-customization
timetinytim Dec 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,22 @@
# 6.6.4

- Added additional customization for redis secret. Can now specify auth secrey key:
```yaml
redis:
auth:
existingSecret:
existingSecretKey:
sidekiq:
auth:
existingSecret:
existingSecretKey:
cache:
auth:
existingSecret:
existingSecretKey:

```

# 6.6.3

- Update the mastodon version to v4.5.3
Expand Down
2 changes: 1 addition & 1 deletion Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time
# you make changes to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 6.6.3
version: 6.6.4

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
2 changes: 1 addition & 1 deletion templates/_db-migrate.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ spec:
{{- else }}
name: {{ template "mastodon.redis.secretName" . }}
{{- end }}
key: redis-password
key: {{ .Values.redis.auth.existingSecretKey }}
Copy link
Member

@renchap renchap Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to have both name and key (the whole secretKeyRef be from a template, rather than repeating this everywhere?

Copy link
Contributor Author

@timetinytim timetinytim Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's honestly not a bad idea. I'll make that change.

Copy link
Contributor Author

@timetinytim timetinytim Aug 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Except I can see one issue with this.

The current solution allows it to be backwards compatible with the way it's already done. This new solution would basically mean either replacing existingSecret with that new format, which would break existing setups, or creating a new field like existingSecretRef, which wouldn't break anything, but would be somewhat redundant.

{{- if .preDeploy }}
- name: "SKIP_POST_DEPLOYMENT_MIGRATIONS"
value: "true"
Expand Down
6 changes: 3 additions & 3 deletions templates/deployment-sidekiq.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,20 +146,20 @@ spec:
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" $context }}
key: redis-password
key: {{ $context.Values.redis.auth.existingSecretKey }}
{{- if and $context.Values.redis.sidekiq.enabled $context.Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" $context }}
key: redis-password
key: {{ $context.Values.redis.sidekiq.auth.existingSecretKey }}
{{- end }}
{{- if and $context.Values.redis.cache.enabled $context.Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" $context }}
key: redis-password
key: {{ $context.Values.redis.cache.auth.existingSecretKey }}
{{- end }}
{{- if and $context.Values.elasticsearch.existingSecret (or $context.Values.elasticsearch.enabled $context.Values.elasticsearch.hostname) }}
- name: "ES_PASS"
Expand Down
6 changes: 3 additions & 3 deletions templates/deployment-streaming.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,20 +120,20 @@ spec:
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
key: {{ .Values.redis.auth.existingSecretKey }}
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
key: {{ .Values.redis.sidekiq.auth.existingSecretKey }}
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
key: {{ .Values.redis.cache.auth.existingSecretKey }}
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.streaming.port | quote }}
Expand Down
6 changes: 3 additions & 3 deletions templates/deployment-web.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,20 +123,20 @@ spec:
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
key: {{ .Values.redis.auth.existingSecretKey }}
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
key: {{ .Values.redis.sidekiq.auth.existingSecretKey }}
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
key: {{ .Values.redis.cache.auth.existingSecretKey }}
{{- end }}
{{- if and .Values.elasticsearch.existingSecret (or .Values.elasticsearch.enabled .Values.elasticsearch.hostname) }}
- name: "ES_PASS"
Expand Down
6 changes: 3 additions & 3 deletions templates/job-create-admin.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,20 +75,20 @@ spec:
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
key: {{ .Values.redis.auth.existingSecretKey }}
{{- if and .Values.redis.sidekiq.enabled .Values.redis.sidekiq.auth.existingSecret }}
- name: "SIDEKIQ_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.sidekiq.secretName" . }}
key: redis-password
key: {{ .Values.redis.sidekiq.auth.existingSecretKey }}
{{- end }}
{{- if and .Values.redis.cache.enabled .Values.redis.cache.auth.existingSecret }}
- name: "CACHE_REDIS_PASSWORD"
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.cache.secretName" . }}
key: redis-password
key: {{ .Values.redis.cache.auth.existingSecretKey }}
{{- end }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
Expand Down
2 changes: 1 addition & 1 deletion templates/job-deploy-search.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ spec:
valueFrom:
secretKeyRef:
name: {{ template "mastodon.redis.secretName" . }}
key: redis-password
key: {{ .Values.redis.auth.existingSecretKey }}
- name: "PORT"
value: {{ .Values.mastodon.web.port | quote }}
{{- if (not .Values.mastodon.s3.enabled) }}
Expand Down
2 changes: 1 addition & 1 deletion templates/secret-redis-preinstall.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ metadata:
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
type: Opaque
data:
redis-password: "{{ .Values.redis.auth.password | b64enc }}"
{{ .Values.redis.auth.existingSecretKey }}: "{{ .Values.redis.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion templates/secret-redis.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ metadata:
{{- include "mastodon.labels" . | nindent 4 }}
type: Opaque
data:
redis-password: "{{ .Values.redis.auth.password | b64enc }}"
{{ .Values.redis.auth.existingSecretKey }}: "{{ .Values.redis.auth.password | b64enc }}"
{{- end }}
{{- end }}
{{- end }}
11 changes: 7 additions & 4 deletions values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -756,8 +756,9 @@ redis:
password: ""
# setting password for an existing redis instance will store it in a new Secret
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# existingSecret: ""
# set to the password you want
existingSecret: ""
existingSecretKey: redis-password
replica:
replicaCount: 0

Expand All @@ -772,8 +773,9 @@ redis:
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# set to the password you want
existingSecret: ""
existingSecretKey: redis-password

# Configuration for a separate redis instance only for cache.
# If enabled, any values not specified will be copied from the base config.
Expand All @@ -786,8 +788,9 @@ redis:
auth:
password: ""
# you can also specify the name of an existing Secret
# with a key of redis-password set to the password you want
# set to the password you want
existingSecret: ""
existingSecretKey: redis-password

# -- Node(s) on which we will deploy the various redis pods
master:
Expand Down