fix(sourcegraph): incorrect rendering of redis connection env vars (#786)

michaellzc · marcleblanc2 · github-actions[bot] · commit c3247c539499 · 2025-12-16T10:14:13.000Z
reworked #784 ### Checklist - [x] Follow the [manual testing process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md) - [x] Update [changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md) - [x] Update [Kubernetes update doc](https://docs.sourcegraph.com/admin/updates/kubernetes) ### Test plan added unit test --------- Co-authored-by: Marc <7050295+marcleblanc2@users.noreply.github.com> (cherry picked from commit 5ff81c8)
diff --git a/charts/sourcegraph/templates/_helpers.tpl b/charts/sourcegraph/templates/_helpers.tpl
@@ -249,23 +249,35 @@ app.kubernetes.io/name: jaeger
 {{- end }}
 
 {{/*
-Set redisCache and redisStore endpoints
-So that customers can configure them any of these ways:
-1. Create a new Kubernetes secret, with default values (default, no override config required)
-2. Use an existing Kubernetes secret, by configuring .Values.redisCache.connection.existingSecret
-3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true
-4. Do not create or use Kubernetes secrets, but pass custom values (ex. external Redis) directly as environment variables into the needed pods, by configuring .Values.sourcegraph.disableKubernetesSecrets = true, .Values.redisCache.connection.endpoint = "", .Values.redisStore.connection.endpoint = "", and defining the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods
+Set redisCache and redisStore endpoints,
+so that customers can configure them any of these ways:
+
+1. Create new Kubernetes secrets, with default values (default, no override config required)
+
+2. Use existing Kubernetes secrets, managed externally, by configuring:
+.Values.redisCache.connection.existingSecret: <secret name>
+.Values.redisStore.connection.existingSecret: <secret name>
+
+3. Do not create or use Kubernetes secrets, just pass the default values directly as environment variables into the needed pods, by configuring:
+.Values.sourcegraph.disableKubernetesSecrets: true
+
+4. Do not create or use Kubernetes secrets, but provide custom values (ex. external Redis) to have this function pass them into the REDIS_CACHE_ENDPOINT and REDIS_STORE_ENDPOINT env vars on frontend, gitserver, searcher, and worker pods, by configuring:
+.Values.sourcegraph.disableKubernetesSecrets: true
+.Values.redisCache.connection.endpoint: <custom value for REDIS_CACHE_ENDPOINT>
+.Values.redisStore.connection.endpoint: <custom value for REDIS_STORE_ENDPOINT>
+
 */}}
 {{- define "sourcegraph.redisConnection" -}}
 {{- if .Values.sourcegraph.disableKubernetesSecrets -}}
-{{- if .Values.redisCache.connection.endpoint -}}
-- name: REDIS_CACHE_ENDPOINT
-  value: {{ .Values.redisCache.connection.endpoint }}
+{{- $cacheEndpoint := dig "connection" "endpoint" "" .Values.redisCache -}}
+{{- $storeEndpoint := dig "connection" "endpoint" "" .Values.redisStore -}}
+{{- if not (and $cacheEndpoint $storeEndpoint) -}}
+{{- fail ".Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true!" -}}
 {{- end -}}
-{{- if .Values.redisStore.connection.endpoint -}}
+- name: REDIS_CACHE_ENDPOINT
+  value: {{ $cacheEndpoint }}
 - name: REDIS_STORE_ENDPOINT
-  value: {{ .Values.redisStore.connection.endpoint }}
-{{- end -}}
+  value: {{ $storeEndpoint }}
 {{- else -}}
 - name: REDIS_CACHE_ENDPOINT
   valueFrom:
diff --git a/charts/sourcegraph/tests/redisConnection_test.yaml b/charts/sourcegraph/tests/redisConnection_test.yaml
@@ -0,0 +1,57 @@
+---
+suite: redisConnection
+templates:
+- frontend/sourcegraph-frontend.Deployment.yaml
+tests:
+- it: should reference the default secret
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_CACHE_ENDPOINT
+          valueFrom:
+            secretKeyRef:
+              key: endpoint
+              name: redis-cache
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_STORE_ENDPOINT
+          valueFrom:
+            secretKeyRef:
+              key: endpoint
+              name: redis-store
+- it: should not reference secret when .sourcegraph.disableKubernetesSecrets is true
+  set:
+    sourcegraph:
+      disableKubernetesSecrets: true
+    redisCache:
+      connection:
+        endpoint: redis-cache-svc
+    redisStore:
+      connection:
+        endpoint: redis-store-svc
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_CACHE_ENDPOINT
+          value: redis-cache-svc
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: REDIS_STORE_ENDPOINT
+          value: redis-store-svc
+- it: should fail when .sourcegraph.disableKubernetesSecrets is true but .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint are not set
+  set:
+    sourcegraph:
+      disableKubernetesSecrets: true
+    redisCache:
+      connection:
+        endpoint: ""
+    redisStore:
+      connection:
+        endpoint: ""
+  asserts:
+    - failedTemplate: 
+        errorMessage: .Values.redisCache.connection.endpoint and .Values.redisStore.connection.endpoint must be set when disableKubernetesSecrets is true!
