DandyDeveloper · DandyDeveloper · Sep 16, 2025 · Apr 24, 2023 · Apr 24, 2023 · Sep 15, 2025
diff --git a/charts/redis-ha/Chart.yaml b/charts/redis-ha/Chart.yaml
@@ -5,7 +5,7 @@ keywords:
 - redis
 - keyvalue
 - database
-version: 4.34.10
+version: 4.34.11
 appVersion: 8.2.1
 description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management
 icon: https://img.icons8.com/external-tal-revivo-shadow-tal-revivo/24/external-redis-an-in-memory-data-structure-project-implementing-a-distributed-logo-shadow-tal-revivo.png

diff --git a/charts/redis-ha/README.md b/charts/redis-ha/README.md
@@ -133,6 +133,7 @@ The following table lists the configurable parameters of the Redis chart and the
 | `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` |
 | `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` |
 | `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | string | `"mymaster"` |
+| `redis.minReadySeconds` | Configure the 'minReadySeconds' parameter to StatefulSet ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minreadyseconds | int | `0` |
 | `redis.podAnnotations` | Annotations to be added to the redis statefulset pods | object | `{}` |
 | `redis.port` | Port to access the redis service | int | `6379` |
 | `redis.readinessProbe` | Readiness probe parameters for redis container | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":30,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15}` |

diff --git a/charts/redis-ha/templates/redis-auth-secret.yaml b/charts/redis-ha/templates/redis-auth-secret.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.auth (not .Values.existingSecret) -}}
+{{- if and .Values.auth (not (tpl (.Values.existingSecret | default "" ) . )) -}}
 {{ $fullAnnotations := mustMerge .Values.redis.annotations .Values.authSecretAnnotations }}
 apiVersion: v1
 kind: Secret

diff --git a/charts/redis-ha/templates/redis-ha-secret.yaml b/charts/redis-ha/templates/redis-ha-secret.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.restore.existingSecret }}
+{{- if not (tpl (.Values.restore.existingSecret | default "" ) . ) }}
 
 
 {{- $regexRestoreS3 := "^s3://.+|^S3://.+" -}}

diff --git a/charts/redis-ha/templates/redis-ha-serviceaccount.yaml b/charts/redis-ha/templates/redis-ha-serviceaccount.yaml
@@ -20,10 +20,10 @@ metadata:
 secrets:
 {{- end }}
 {{- if .Values.auth }}
-- name: {{ default (include "redis-ha.fullname" .) .Values.existingSecret }}
+- name: {{ default (include "redis-ha.fullname" .) (tpl (.Values.existingSecret | default "" ) . ) }}
 {{- end }}
 {{- if .Values.sentinel.auth }}
-- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) .Values.sentinel.existingSecret }}
+- name: {{ default (printf "%s-sentinel" (include "redis-ha.fullname" .)) (tpl (.Values.sentinel.existingSecret | default "" ) . ) }}
 {{- end }}
 {{- if .Values.imagePullSecrets }}
 imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 0 }}

diff --git a/charts/redis-ha/templates/redis-ha-statefulset.yaml b/charts/redis-ha/templates/redis-ha-statefulset.yaml
@@ -32,8 +32,8 @@ spec:
     metadata:
       annotations:
         checksum/init-config: {{ print (include "config-redis.conf" .) (include "config-sentinel.conf" .) (include "config-init.sh" .) (include "fix-split-brain.sh" .) (include "redis_liveness.sh" .) (include "redis_readiness.sh" .) (include "sentinel_liveness.sh" .) (include "trigger-failover-if-master.sh" .)| sha256sum }}
-      {{- if .Values.podAnnotations }}
-{{ toYaml .Values.podAnnotations | indent 8 }}
+      {{- if .Values.redis.podAnnotations }}
+{{ toYaml .Values.redis.podAnnotations | indent 8 }}
       {{- end }}
       {{- if and (.Values.exporter.enabled) (not .Values.exporter.serviceMonitor.enabled) }}
         prometheus.io/port: "{{ .Values.exporter.port }}"
@@ -158,8 +158,8 @@ spec:
         - name: AUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.existingSecret }}
-              name: {{ .Values.existingSecret }}
+            {{- if tpl (.Values.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}
             {{- end }}
@@ -169,8 +169,8 @@ spec:
         - name: SENTINELAUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.sentinel.existingSecret }}
-              name: {{ .Values.sentinel.existingSecret }}
+            {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}-sentinel
             {{- end }}
@@ -204,8 +204,8 @@ spec:
            && mv -v /data/dump.rdb_ /data/dump.rdb"
         envFrom:
         - secretRef:
-          {{- if .Values.restore.existingSecret }}
-            name: {{ .Values.existingSecret }}
+          {{- if tpl (.Values.restore.existingSecret | default "" ) . }}
+            name: {{ tpl (.Values.restore.existingSecret | default "" ) . }}
           {{- else }}
             name: {{ include "redis-ha.fullname" . }}-secret
           {{- end }}
@@ -238,8 +238,8 @@ spec:
         securityContext: {{- include "compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 10 }}
         envFrom:
         - secretRef:
-          {{- if .Values.restore.existingSecret }}
-            name: {{ .Values.existingSecret }}
+          {{- if tpl (.Values.restore.existingSecret | default "" ) . }}
+            name: {{ tpl (.Values.restore.existingSecret | default "" ) . }}
           {{- else }}
             name: {{ include "redis-ha.fullname" . }}-secret
           {{- end }}
@@ -300,8 +300,8 @@ spec:
         - name: AUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.existingSecret }}
-              name: {{ .Values.existingSecret }}
+            {{- if tpl (.Values.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}
             {{- end }}
@@ -400,8 +400,8 @@ spec:
         - name: AUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.existingSecret }}
-              name: {{ .Values.existingSecret }}
+            {{- if tpl (.Values.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}
             {{- end }}
@@ -411,8 +411,8 @@ spec:
         - name: SENTINELAUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.sentinel.existingSecret }}
-              name: {{ .Values.sentinel.existingSecret }}
+            {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}-sentinel
             {{- end }}
@@ -502,8 +502,8 @@ spec:
         - name: AUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.existingSecret }}
-              name: {{ .Values.existingSecret }}
+            {{- if tpl (.Values.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}
             {{- end }}
@@ -513,8 +513,8 @@ spec:
         - name: SENTINELAUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.sentinel.existingSecret }}
-              name: {{ .Values.sentinel.existingSecret }}
+            {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}-sentinel
             {{- end }}
@@ -553,8 +553,8 @@ spec:
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
-              {{- if .Values.existingSecret }}
-                name: {{ .Values.existingSecret }}
+              {{- if tpl (.Values.existingSecret | default "" ) . }}
+                name: {{ tpl (.Values.existingSecret | default "" ) . }}
               {{- else }}
                 name: {{ template "redis-ha.fullname" . }}
               {{- end }}
@@ -617,8 +617,8 @@ spec:
       {{- if .Values.redis.tlsPort }}
       - name: tls-certs
         secret:
-          {{- if .Values.tls.secretName }}
-          secretName: {{ .Values.tls.secretName }}
+          {{- if tpl (.Values.tls.secretName | default "" ) . }}
+          secretName: {{ tpl (.Values.tls.secretName | default "" ) . }}
           {{- else }}
           secretName: {{ template "redis-ha.fullname" . }}-tls-secret
           {{- end }}

diff --git a/charts/redis-ha/templates/redis-haproxy-deployment.yaml b/charts/redis-ha/templates/redis-haproxy-deployment.yaml
@@ -136,8 +136,8 @@ spec:
         - name: AUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.existingSecret }}
-              name: {{ .Values.existingSecret }}
+            {{- if tpl (.Values.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}
             {{- end }}
@@ -147,8 +147,8 @@ spec:
         - name: SENTINELAUTH
           valueFrom:
             secretKeyRef:
-            {{- if .Values.sentinel.existingSecret }}
-              name: {{ .Values.sentinel.existingSecret }}
+            {{- if tpl (.Values.sentinel.existingSecret | default "" ) . }}
+              name: {{ tpl (.Values.sentinel.existingSecret | default "" ) . }}
             {{- else }}
               name: {{ template "redis-ha.fullname" . }}-sentinel
             {{- end }}
@@ -200,7 +200,7 @@ spec:
 {{- if .Values.haproxy.tls.enabled }}
       - name: pemfile
         secret:
-          secretName: {{ .Values.haproxy.tls.secretName }}
+          secretName: {{ tpl .Values.haproxy.tls.secretName . }}
 {{- end }}
       - name: config-volume
         configMap:

diff --git a/charts/redis-ha/templates/redis-tls-secret.yaml b/charts/redis-ha/templates/redis-tls-secret.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.redis.tlsPort (not .Values.tls.secretName) -}}
+{{- if and .Values.redis.tlsPort (not (tpl (.Values.tls.secretName | default "" ) . )) -}}
 apiVersion: v1
 kind: Secret
 metadata:

diff --git a/charts/redis-ha/templates/sentinel-auth-secret.yaml b/charts/redis-ha/templates/sentinel-auth-secret.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.sentinel.auth (not .Values.sentinel.existingSecret) -}}
+{{- if and .Values.sentinel.auth (not (tpl ( .Values.sentinel.existingSecret | default "" ) . )) -}}
 apiVersion: v1
 kind: Secret
 metadata:

diff --git a/charts/redis-ha/values.yaml b/charts/redis-ha/values.yaml
@@ -102,6 +102,7 @@ haproxy:
   tls:
     # -- If "true" this will enable TLS termination on haproxy
     enabled: false
+    ## Supports templates like "{{ .Release.Name }}-haproxy-tls"
     # -- Secret containing the .pem file
     secretName: ""
     # -- Key file name
@@ -375,6 +376,10 @@ redis:
   # - secretRef:
   #     name: add-env-secret
 
+  # -- Configure the 'minReadySeconds' parameter to StatefulSet
+  # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#minreadyseconds
+  minReadySeconds: 0
+
   ## Configures redis with tls-port parameter
   # -- (int) TLS Port to access the redis service
   tlsPort: ~
@@ -527,6 +532,8 @@ sentinel:
   password: ~
   # password: password
 
+  ## Use existing secret containing key `authKey` (ignores sentinel.password).
+  ## Supports templates like "{{ .Release.Name }}-sentinel-creds"
   # -- An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass`
   # in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`)
   existingSecret: ""
@@ -852,6 +859,7 @@ authSecretAnnotations: {}
 
 ## Use existing secret containing key `authKey` (ignores redisPassword)
 ## Can also store AWS S3 or SSH secrets in this secret
+## Supports templates like "{{ .Release.Name }}-creds"
 # -- An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf
 # parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`)
 existingSecret: ~
@@ -905,7 +913,8 @@ emptyDir: {}
 tls:
   ## Fill the name of secret if you want to use your own TLS certificates.
   ## The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file
-  ## These secret will be genrated using files from certs folder if the secretName is not set and redis.tlsPort is set
+  ## Supports templates like "{{ .Release.Name }}-tls"
+  ## This secret will be generated using files from certs folder if the secretName is not set and redis.tlsPort is set
   # secretName: tls-secret
 
   # -- Name of certificate file