feat: switch to dandydeveloper/redis-ha chart 🚀

.github/workflows/release.yaml

@@ -24,7 +24,7 @@ jobs:
 
       - name: Add Helm repositories
         run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add dandydev https://dandydeveloper.github.io/charts
 
       - name: Run chart-releaser
         uses: helm/[email protected]

ct.yaml

@@ -5,4 +5,4 @@ chart-dirs:
 target-branch: main
 # helm-extra-args: --timeout 600s
 chart-repos:
-  - bitnami=https://charts.bitnami.com/bitnami
+  - dandydev=https://dandydeveloper.github.io/charts

helm/oauth2-proxy/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
-- name: redis
-  repository: https://charts.bitnami.com/bitnami
-  version: 22.0.1
-digest: sha256:7e8f393290629839ef212fb63e9ab4c5170ccba3da30c06c464a554987fcbb45
-generated: "2025-08-11T14:45:37.460990457Z"
+- name: redis-ha
+  repository: https://dandydeveloper.github.io/charts
+  version: 4.33.8
+digest: sha256:99abe093ebc97b930cad234e3bce566bb55e11ed0b2324e195d9783aaf5d1ace
+generated: "2025-08-13T08:08:37.645426006+02:00"

helm/oauth2-proxy/Chart.yaml

@@ -1,5 +1,5 @@
 name: oauth2-proxy
-version: 7.18.0
+version: 8.0.0
 apiVersion: v2
 appVersion: 7.11.0
 home: https://oauth2-proxy.github.io/oauth2-proxy/
@@ -13,9 +13,9 @@ keywords:
   - github
   - redis
 dependencies:
-  - name: redis
-    version: 22.0.1
-    repository: https://charts.bitnami.com/bitnami
+  - name: redis-ha
+    version: 4.33.8
+    repository: https://dandydeveloper.github.io/charts
     alias: redis
     condition: redis.enabled
 sources:
@@ -31,10 +31,8 @@ maintainers:
 kubeVersion: ">=1.16.0-0"
 annotations:
   artifacthub.io/changes: |
-    - kind: added
-      description: Added support for PodDisruptionBudget unhealthyPodEvictionPolicy
+    - kind: changed
+      description: Replace Redis chart by bitnami with dandydeveloper/redis-ha chart
       links:
         - name: Github PR
-          url: https://github.com/oauth2-proxy/manifests/pull/336
-        - name: Kubernetes documentation
-          url: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy
+          url: https://github.com/oauth2-proxy/manifests/pull/335

helm/oauth2-proxy/README.md

@@ -94,6 +94,13 @@ Version 7.0.0 introduces a new implementation to support multiple hostAliases.
 You probably need to adjust your hostAliases config. 
 See [here](https://github.com/oauth2-proxy/manifests/pull/164/) for detailed information.
 
+### To 8.0.0 - Bitnami 💀
+
+Version 8.0.0 removes the dependency on the Bitnami Redis subchart and replaces it with the `dandydeveloper/redis-ha` chart. Therefore this version introduces a breaking change to the redis subchart deployment configuration. Please refer to the official [redis-ha repository](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) for details. Furthermore, you can reference the redis CI test value files we use [here](https://github.com/oauth2-proxy/manifests/tree/main/helm/oauth2-proxy/ci).
+
+Furthermore, you can read up on why this change was necessary in [Breaking changes in Bitnami Catalog #323](https://github.com/oauth2-proxy/manifests/issues/323)
+
+
 ## Configuration
 
 The following table lists the configurable parameters of the oauth2-proxy chart and their default values.

helm/oauth2-proxy/ci/redis-sentinel-array-values.yaml

@@ -6,19 +6,29 @@ sessionStorage:
       password: "foo"
       masterName: "mymaster"
       connectionUrls:
-        - "redis://oauth2-proxy-redis:26379"
-        - "redis://oauth2-proxy-redis:26379"
+        - "redis://oauth2-proxy-redis-announce-0:26379"
+        - "redis://oauth2-proxy-redis-announce-1:26379"
+
+# provision an instance of the redis-ha sub-chart
 redis:
-  # provision an instance of the redis sub-chart
   enabled: true
   fullnameOverride: oauth2-proxy-redis
-  architecture: replication
-  sentinel:
-    enabled: true
-    masterSet: mymaster
-  global:
-    redis:
-      password: "foo"
+
+  redisPassword: "foo"
+
+  redis:
+    masterGroupName: mymaster
+
+  replicas: 2
+  hardAntiAffinity: false
+
+  persistentVolume:
+    enabled: false
+  haproxy:
+    enabled: false
+  exporter:
+    enabled: false
+
 initContainers:
   waitForRedis:
     enabled: true

helm/oauth2-proxy/ci/redis-sentinel-comma-values.yaml

@@ -5,18 +5,28 @@ sessionStorage:
     sentinel:
       password: "foo"
       masterName: "mymaster"
-      connectionUrls: "redis://oauth2-proxy-redis:26379,redis://oauth2-proxy-redis:26379"
+      connectionUrls: "redis://oauth2-proxy-redis-announce-0:26379,redis://oauth2-proxy-redis-announce-1:26379"
+
+# provision an instance of the redis-ha sub-chart
 redis:
-  # provision an instance of the redis sub-chart
   enabled: true
   fullnameOverride: oauth2-proxy-redis
-  architecture: replication
-  sentinel:
-    enabled: true
-    masterSet: mymaster
-  global:
-    redis:
-      password: "foo"
+
+  redisPassword: "foo"
+
+  redis:
+    masterGroupName: mymaster
+
+  replicas: 2
+  hardAntiAffinity: false
+
+  persistentVolume:
+    enabled: false
+  haproxy:
+    enabled: false
+  exporter:
+    enabled: false
+
 initContainers:
   waitForRedis:
     enabled: true

helm/oauth2-proxy/ci/redis-standalone-values.yaml

@@ -3,13 +3,64 @@ sessionStorage:
   redis:
     clientType: "standalone"
     password: "foo"
+
+# provision an instance of the redis-ha sub-chart
 redis:
-  # provision an instance of the redis sub-chart
   enabled: true
-  architecture: standalone
-  global:
-    redis:
-      password: "foo"
+  fullnameOverride: oauth2-proxy-redis
+
+  redisPassword: "foo"
+
+  replicas: 1
+
+  # Remove sentinel overhead, speed up startup and redis itself
+  sentinel:
+    livenessProbe:
+      enabled: false
+    readinessProbe:
+      enabled: false
+    startupProbe:
+      enabled: false
+    quorum: 1
+
+  hardAntiAffinity: false
+
+  redis:
+    config:
+      min-replicas-to-write: 0
+      save: ""
+      appendonly: "no"
+
+    terminationGracePeriodSeconds: 10
+    livenessProbe:
+      initialDelaySeconds: 5
+      periodSeconds: 5
+      timeoutSeconds: 3
+      failureThreshold: 2
+    readinessProbe:
+      initialDelaySeconds: 5
+      periodSeconds: 5
+      timeoutSeconds: 3
+      failureThreshold: 2
+    startupProbe:
+      initialDelaySeconds: 5
+      periodSeconds: 2
+      timeoutSeconds: 3
+      failureThreshold: 10
+  splitBrainDetection:
+    interval: 0
+  persistentVolume:
+    enabled: false
+  emptyDir: {}
+  haproxy:
+    enabled: false
+  exporter:
+    enabled: false
+  sysctlImage:
+    enabled: false
+  hostPath:
+    chown: false
+
 initContainers:
   waitForRedis:
     enabled: true

helm/oauth2-proxy/templates/_helpers.tpl

@@ -94,7 +94,7 @@ Redis subcharts fullname
 */}}
 {{- define "oauth2-proxy.redis.fullname" -}}
 {{- if .Values.redis.enabled -}}
-{{- include "common.names.fullname" (dict "Chart" (dict "Name" "redis") "Release" .Release "Values" .Values.redis) -}}
+{{- include "redis-ha.fullname" (dict "Chart" (dict "Name" "redis-ha") "Release" .Release "Values" .Values.redis) -}}
 {{- else -}}
 {{ fail "attempting to use redis subcharts fullname, even though the subchart is not enabled. This will lead to misconfiguration" }}
 {{- end -}}
@@ -107,7 +107,7 @@ Compute the redis url if not set explicitly.
 {{- if .Values.sessionStorage.redis.standalone.connectionUrl -}}
 {{ .Values.sessionStorage.redis.standalone.connectionUrl }}
 {{- else if .Values.redis.enabled -}}
-{{- printf "redis://%s-master:%.0f" (include "oauth2-proxy.redis.fullname" .) .Values.redis.master.service.ports.redis -}}
+{{- printf "redis://%s:%.0f" (include "oauth2-proxy.redis.fullname" .) .Values.redis.redis.port -}}
 {{- else -}}
 {{ fail "please set sessionStorage.redis.standalone.connectionUrl or enable the redis subchart via redis.enabled" }}
 {{- end -}}

helm/oauth2-proxy/templates/deployment.yaml

@@ -199,7 +199,7 @@ spec:
         {{- if eq (default "cookie" .Values.sessionStorage.type) "redis" }}
         - name: OAUTH2_PROXY_SESSION_STORE_TYPE
           value: "redis"
-         {{- if or .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.password (and .Values.redis.enabled (.Values.redis.auth).enabled )}}
+         {{- if or .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.password (and .Values.redis.enabled (.Values.redis.auth))}}
         - name: OAUTH2_PROXY_REDIS_PASSWORD
           valueFrom:
             secretKeyRef: