Skip to content

feat: extended Redis TLS and MinIO credential support#52

Merged
aron-muon merged 2 commits intomainfrom
aron/redis-minio-extension
Apr 12, 2026
Merged

feat: extended Redis TLS and MinIO credential support#52
aron-muon merged 2 commits intomainfrom
aron/redis-minio-extension

Conversation

@aron-muon
Copy link
Copy Markdown
Owner

@aron-muon aron-muon commented Apr 12, 2026
edited
Loading

Summary

Adds Helm template flexibility and S3-compatible credential support to unblock deployments with self-signed CAs and non-standard secret key names (e.g. RustFS operator).

  • Add extraVolumes / extraVolumeMounts to the deployment template, enabling users to mount additional volumes such as CA certificates for Redis TLS or S3/MinIO TLS verification
  • Add env support to the deployment template, enabling individual env var injection with valueFrom references for mapping secret keys to different env var names
  • Accept AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY as fallbacks for MinIO credentials in app config, since these are the standard S3-compatible env var names created by operators like RustFS Manager

Closes #51

Changes

Helm (deployment.yaml, values.yaml)

  • extraVolumeMounts block in spec.containers[0].volumeMounts
  • extraVolumes block in spec.volumes
  • env block in spec.containers[0] (after envFrom)
  • Default empty-list values for env, extraVolumes, extraVolumeMounts

App code (src/config/minio.py)

  • Use Pydantic AliasChoices on access_key and secret_key fields so MINIO_ACCESS_KEY is tried first, falling back to AWS_ACCESS_KEY_ID (and likewise for the secret key)

Tests (tests/unit/test_minio_config.py)

  • test_loads_from_aws_env_vars_as_fallback — verifies AWS_* env vars work when MINIO_* vars are absent
  • test_minio_vars_take_precedence_over_aws_vars — verifies MINIO_* vars win when both are set
  • Updated get_clean_env() to also strip AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY for test isolation

Test plan

  • All 1313 unit tests pass (just test-unit)
  • Helm template renders correctly with default values
  • Helm template renders correctly with extraVolumes, extraVolumeMounts, and env set
  • Deploy with Redis TLS CA cert mounted via extraVolumes/extraVolumeMounts
  • Deploy with S3 credentials from AWS_* env vars (e.g. RustFS operator secret)

🤖 Generated with Claude Code

@aron-muon aron-muon changed the title fix: minio env injection and redis volume injection feat: extended Redis TLS and MinIO credential support Apr 12, 2026
@aron-muon aron-muon marked this pull request as ready for review April 12, 2026 10:50
@aron-muon aron-muon merged commit f8db46d into main Apr 12, 2026
29 checks passed
@aron-muon aron-muon deleted the aron/redis-minio-extension branch April 12, 2026 10:51
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 12, 2026

🎉 This PR is included in version 3.3.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Extended Redis TLS and Minio support

1 participant

@aron-muon