From e31a5b318a7d1b7a93e43a5dc659f66b6b023452 Mon Sep 17 00:00:00 2001 From: Christina Zimnicki Date: Thu, 14 Aug 2025 18:07:31 -0500 Subject: [PATCH 1/4] Update docs links and add CA conditional --- fides-minimal/values.yaml | 2 +- fides/templates/fides/fides-deployment.yaml | 4 ++++ fides/templates/fides/worker-deployment.yaml | 4 ++++ fides/values.yaml | 4 ++-- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/fides-minimal/values.yaml b/fides-minimal/values.yaml index 72a124e..6cdc689 100644 --- a/fides-minimal/values.yaml +++ b/fides-minimal/values.yaml @@ -15,7 +15,7 @@ fides: # This secret should have at least the following keys: REDIS_HOST, REDIS_PORT, REDIS_PASSWORD. This value is required. redisSecretName: "" # fides.configure.additionalEnvVar adds arbitrary environment variables to the Fides configuration, in addition to those set - # by the Helm chart. See https://ethyca.github.io/fides/installation/configuration/ for all possible values. + # by the Helm chart. See https://www.ethyca.com/docs/dev-docs/configuration/configuration#fides-configuration-variable-reference for all possible values. additionalEnvVars: - name: FIDES__LOGGING__LOG_PII value: "false" diff --git a/fides/templates/fides/fides-deployment.yaml b/fides/templates/fides/fides-deployment.yaml index 0d01514..a8b9e84 100644 --- a/fides/templates/fides/fides-deployment.yaml +++ b/fides/templates/fides/fides-deployment.yaml @@ -67,18 +67,22 @@ spec: volumeMounts: - name: {{ include "fides.configVolume" . }} mountPath: {{ include "fides.configPath" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} mountPath: {{ include "fides.redisCaPath" . }} readOnly: true + {{- end }} resources: {{- toYaml .Values.fides.resources | nindent 12 }} volumes: - name: {{ include "fides.configVolume" . }} configMap: name: {{ include "fides.tomlConfigMapName" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} secret: secretName: {{ .Values.fides.configuration.redisCaSecretName }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/fides/templates/fides/worker-deployment.yaml b/fides/templates/fides/worker-deployment.yaml index d67699a..262fd34 100644 --- a/fides/templates/fides/worker-deployment.yaml +++ b/fides/templates/fides/worker-deployment.yaml @@ -62,18 +62,22 @@ spec: volumeMounts: - name: {{ include "fides.configVolume" . }} mountPath: {{ include "fides.configPath" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} mountPath: {{ include "fides.redisCaPath" . }} readOnly: true + {{- end }} resources: {{- toYaml .Values.fides.workers.resources | nindent 12 }} volumes: - name: {{ include "fides.configVolume" . }} configMap: name: {{ include "fides.worker.tomlConfigMapName" . }} + {{- if .Values.fides.configuration.redisCaSecretName }} - name: {{ include "fides.redisCaVolume" . }} secret: secretName: {{ .Values.fides.configuration.redisCaSecretName }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/fides/values.yaml b/fides/values.yaml index 1c06f39..03db7c8 100644 --- a/fides/values.yaml +++ b/fides/values.yaml @@ -17,10 +17,10 @@ fides: # the value of redis.deployRedis is false. redisSecretName: "" # fides.configuration.redisCaSecretName is the name of the Kubernetes secret containing the Redis CA certificate. - # This secret should have at least the following keys: ca.crt. This value is required if the value of redis.deployRedis is true. + # This secret should have at least the following keys: ca.crt. This value is required if the value of redis.deployRedis is true, AND you are using Redis with TLS enabled. redisCaSecretName: "" # fides.configure.additionalEnvVar adds arbitrary environment variables to the Fides configuration, in addition to those set - # by the Helm chart. See https://ethyca.github.io/fides/installation/configuration/ for all possible values. + # by the Helm chart. See https://www.ethyca.com/docs/dev-docs/configuration/configuration#fides-configuration-variable-reference for all possible values. additionalEnvVars: - name: FIDES__LOGGING__LOG_PII value: "false" From cf51a64577b526aea4b829e6d2912aaff76795bc Mon Sep 17 00:00:00 2001 From: Thomas Van Dort Date: Fri, 15 Aug 2025 13:42:27 -0400 Subject: [PATCH 2/4] Bump version. --- fides-minimal/Chart.yaml | 2 +- fides/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fides-minimal/Chart.yaml b/fides-minimal/Chart.yaml index e55ca30..6dd56b2 100644 --- a/fides-minimal/Chart.yaml +++ b/fides-minimal/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: fides-minimal -version: 0.16.0 +version: 0.16.1 appVersion: "2.48.1" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. This version of the Helm chart removes some excess features such as the lookup function which may not be available in all cases. type: application diff --git a/fides/Chart.yaml b/fides/Chart.yaml index 6d21e6b..168e4c2 100644 --- a/fides/Chart.yaml +++ b/fides/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: fides -version: 0.17.0 +version: 0.17.1 appVersion: "2.64.0" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. type: application From 48e01e886f19bdcd4a3566695339885521253a84 Mon Sep 17 00:00:00 2001 From: Tom Van Dort Date: Fri, 15 Aug 2025 13:47:47 -0400 Subject: [PATCH 3/4] Update fides/Chart.yaml Co-authored-by: Robert Keyser <39230492+RobertKeyser@users.noreply.github.com> --- fides/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fides/Chart.yaml b/fides/Chart.yaml index 168e4c2..0252698 100644 --- a/fides/Chart.yaml +++ b/fides/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: fides version: 0.17.1 -appVersion: "2.64.0" +appVersion: "2.67.0" description: Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. type: application keywords: From 34d0d35cd28751c5a1845192b01e760ae7312e7b Mon Sep 17 00:00:00 2001 From: Thomas Van Dort Date: Fri, 15 Aug 2025 13:52:20 -0400 Subject: [PATCH 4/4] Update changelog. --- CHANGELOG.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index af06aa1..6cdefe1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,12 +16,18 @@ The types of changes are: - `Fixed` for any bug fixes. - `Security` in case of vulnerabilities. -## [Unreleased](https://github.com/ethyca/fides-helm/compare/fides-0.16.1...main) +## [Unreleased](https://github.com/ethyca/fides-helm/compare/fides-0.17.1...main) ### Added ### Fixed +## [0.17.1](https://github.com/ethyca/fides-helm/compare/fides-0.17.0...fides-0.17.1) + +### Fixed + +- Redis cert is only mounted when used. [#82](https://github.com/ethyca/fides-helm/pull/82) + ## [0.17.0](https://github.com/ethyca/fides-helm/compare/fides-0.16.1...fides-0.17.0) ### Added