diff --git a/CHANGELOG.md b/CHANGELOG.md index af06aa1..6cdefe1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,12 +16,18 @@ The types of changes are: - `Fixed` for any bug fixes. - `Security` in case of vulnerabilities. -## [Unreleased](https://github.com/ethyca/fides-helm/compare/fides-0.16.1...main) +## [Unreleased](https://github.com/ethyca/fides-helm/compare/fides-0.17.1...main) ### Added ### Fixed +## [0.17.1](https://github.com/ethyca/fides-helm/compare/fides-0.17.0...fides-0.17.1) + +### Fixed + +- Redis cert is only mounted when used. [#82](https://github.com/ethyca/fides-helm/pull/82) + ## [0.17.0](https://github.com/ethyca/fides-helm/compare/fides-0.16.1...fides-0.17.0) ### Added diff --git a/fides-minimal/Chart.yaml b/fides-minimal/Chart.yaml index e55ca30..6dd56b2 100644 --- a/fides-minimal/Chart.yaml +++ b/fides-minimal/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: fides-minimal -version: 0.16.0 +version: 0.16.1 appVersion: "2.48.1" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. This version of the Helm chart removes some excess features such as the lookup function which may not be available in all cases. type: application diff --git a/fides-minimal/values.yaml b/fides-minimal/values.yaml index 72a124e..6cdc689 100644 --- a/fides-minimal/values.yaml +++ b/fides-minimal/values.yaml @@ -15,7 +15,7 @@ fides: # This secret should have at least the following keys: REDIS_HOST, REDIS_PORT, REDIS_PASSWORD. This value is required. redisSecretName: "" # fides.configure.additionalEnvVar adds arbitrary environment variables to the Fides configuration, in addition to those set - # by the Helm chart. See https://ethyca.github.io/fides/installation/configuration/ for all possible values. + # by the Helm chart. See https://www.ethyca.com/docs/dev-docs/configuration/configuration#fides-configuration-variable-reference for all possible values. additionalEnvVars: - name: FIDES__LOGGING__LOG_PII value: "false" diff --git a/fides/Chart.yaml b/fides/Chart.yaml index 6d21e6b..0252698 100644 --- a/fides/Chart.yaml +++ b/fides/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: fides -version: 0.17.0 -appVersion: "2.64.0" +version: 0.17.1 +appVersion: "2.67.0" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. type: application keywords: diff --git a/fides/templates/fides/fides-deployment.yaml b/fides/templates/fides/fides-deployment.yaml index 0d01514..a8b9e84 100644 --- a/fides/templates/fides/fides-deployment.yaml +++ b/fides/templates/fides/fides-deployment.yaml @@ -67,18 +67,22 @@ spec: volumeMounts: - name: {{ include "fides.configVolume" . }} mountPath: {{ include "fides.configPath" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} mountPath: {{ include "fides.redisCaPath" . }} readOnly: true + {{- end }} resources: {{- toYaml .Values.fides.resources | nindent 12 }} volumes: - name: {{ include "fides.configVolume" . }} configMap: name: {{ include "fides.tomlConfigMapName" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} secret: secretName: {{ .Values.fides.configuration.redisCaSecretName }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/fides/templates/fides/worker-deployment.yaml b/fides/templates/fides/worker-deployment.yaml index d67699a..262fd34 100644 --- a/fides/templates/fides/worker-deployment.yaml +++ b/fides/templates/fides/worker-deployment.yaml @@ -62,18 +62,22 @@ spec: volumeMounts: - name: {{ include "fides.configVolume" . }} mountPath: {{ include "fides.configPath" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} mountPath: {{ include "fides.redisCaPath" . }} readOnly: true + {{- end }} resources: {{- toYaml .Values.fides.workers.resources | nindent 12 }} volumes: - name: {{ include "fides.configVolume" . }} configMap: name: {{ include "fides.worker.tomlConfigMapName" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} secret: secretName: {{ .Values.fides.configuration.redisCaSecretName }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/fides/values.yaml b/fides/values.yaml index 1c06f39..03db7c8 100644 --- a/fides/values.yaml +++ b/fides/values.yaml @@ -17,10 +17,10 @@ fides: # the value of redis.deployRedis is false. redisSecretName: "" # fides.configuration.redisCaSecretName is the name of the Kubernetes secret containing the Redis CA certificate. - # This secret should have at least the following keys: ca.crt. This value is required if the value of redis.deployRedis is true. + # This secret should have at least the following keys: ca.crt. This value is required if the value of redis.deployRedis is true, AND you are using Redis with TLS enabled. redisCaSecretName: "" # fides.configure.additionalEnvVar adds arbitrary environment variables to the Fides configuration, in addition to those set - # by the Helm chart. See https://ethyca.github.io/fides/installation/configuration/ for all possible values. + # by the Helm chart. See https://www.ethyca.com/docs/dev-docs/configuration/configuration#fides-configuration-variable-reference for all possible values. additionalEnvVars: - name: FIDES__LOGGING__LOG_PII value: "false"