release paperless ngx 0.0.2 fixed bug with redis configuration

chg: add support for PVC selector

charts/mealie/templates/pvc.yaml

@@ -18,4 +18,10 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+  {{- if .Values.persistence.selector }}
+  {{- with .Values.persistence.selector }}
+  selector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end }}

charts/paperless-ngx/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: paperless-ngx
 description: Paperless-ngx helm chart for Kubernetes
 type: application
-version: 0.0.1
+version: 0.0.2
 appVersion: "latest"
 maintainers:
   - name: Richard Tomik

charts/paperless-ngx/readme.md

@@ -32,6 +32,13 @@ Paperless-ngx requires PostgreSQL 11+ as its database backend. Ensure you have:
 Redis is required for background task processing. Ensure you have:
 - A Redis server accessible from the cluster
 - Connection details configured in values.yaml
+- Optional: Redis authentication credentials (username/password)
+- Optional: Redis key prefix for sharing one Redis server among multiple Paperless instances
+
+The chart supports all Redis authentication methods:
+- No authentication: `redis://host:port/database`
+- Password only (requirepass): `redis://:password@host:port/database`
+- Username and password (Redis 6.0+ ACL): `redis://username:password@host:port/database`
 
 ## Installing the Chart
 
@@ -86,6 +93,11 @@ The following table lists the configurable parameters and their default values.
 | `redis.external.host`                 | External Redis host                                                | `redis.default.svc.cluster.local`        |
 | `redis.external.port`                 | External Redis port                                                | `6379`                                    |
 | `redis.external.database`             | External Redis database number                                     | `0`                                       |
+| `redis.external.username`             | Redis username (Redis 6.0+ with ACL)                               | `""`                                      |
+| `redis.external.password`             | Redis password (leave empty if no auth required)                   | `""`                                      |
+| `redis.external.existingSecret`       | Existing secret with Redis credentials                             | `""`                                      |
+| `redis.external.passwordKey`          | Key in existing secret for Redis password                          | `redis-password`                          |
+| `redis.external.prefix`               | Prefix for Redis keys/channels (for multi-instance)                | `""`                                      |
 
 ### Security Configuration
 
@@ -166,14 +178,27 @@ config:
     existingSecret: "paperless-admin-secrets"
 
 postgresql:
+  # External PostgreSQL connection details
   external:
-    host: "postgresql.database.svc.cluster.local"
+    enabled: true
-    existingSecret: "paperless-db-secrets"
+    host: "postgres-cluster-pooler.dbs.svc.cluster.local"
+    port: 5432
+    database: "paperless"
+    username: "paperless"
+    # Use existingSecret for credentials
+    existingSecret: "paperless-db-credentials"
     passwordKey: "password"
 
 redis:
   external:
     host: "redis.cache.svc.cluster.local"
+    port: 6379
+    database: 0
+    # Use existingSecret for Redis credentials
+    existingSecret: "paperless-redis-credentials"
+    passwordKey: "password"
+    # Optional: Use prefix to share Redis among multiple instances
+    prefix: "paperless-prod"
 
 ingress:
   enabled: true
@@ -193,13 +218,63 @@ ingress:
 helm install paperless-ngx . -f values-production.yaml
 ```
 
+### Redis Authentication Examples
+
+#### Redis with Password Only (requirepass)
+
+```bash
+helm install paperless-ngx . \
+  --set redis.external.host=redis.example.com \
+  --set redis.external.password=myredispassword
+```
+
+Or with existing secret:
+
+```yaml
+redis:
+  external:
+    host: "redis.example.com"
+    existingSecret: "redis-auth-secret"
+    passwordKey: "redis-password"
+```
+
+#### Redis with Username and Password (Redis 6.0+ ACL)
+
+```bash
+helm install paperless-ngx . \
+  --set redis.external.host=redis.example.com \
+  --set redis.external.username=paperless-user \
+  --set redis.external.password=myredispassword
+```
+
+#### Multiple Paperless Instances on One Redis Server
+
+Use the `prefix` parameter to avoid key collisions:
+
+```yaml
+# Instance 1
+redis:
+  external:
+    host: "shared-redis.example.com"
+    password: "sharedpassword"
+    prefix: "paperless-prod"
+
+# Instance 2
+redis:
+  external:
+    host: "shared-redis.example.com"
+    password: "sharedpassword"
+    prefix: "paperless-staging"
+```
+
 ## Security Considerations
 
-1. **Use external secrets** for production deployments to store sensitive data like database passwords and the Django secret key.
+1. **Use external secrets** for production deployments to store sensitive data like database passwords, Redis passwords, and the Django secret key.
 2. **Set a proper PAPERLESS_URL** when exposing the application externally.
 3. **Configure ALLOWED_HOSTS** to restrict which hosts can access the application.
 4. **Use HTTPS** when exposing the application to the internet.
-5. **Container Security**: The container runs as root initially to allow s6-overlay to set up the runtime environment, then drops privileges to UID 1000. This is required for the Paperless-ngx Docker image to function properly.
+5. **Secure Redis**: Always use authentication (password or username/password) for Redis in production environments. Use `existingSecret` instead of plain text passwords.
+6. **Container Security**: The container runs as root initially to allow s6-overlay to set up the runtime environment, then drops privileges to UID 1000. This is required for the Paperless-ngx Docker image to function properly.
 
 ## Volumes and Data
 

charts/paperless-ngx/templates/_helpers.tpl

@@ -90,10 +90,20 @@ Redis port
 
 {{/*
 Redis URL
+Constructs the Redis URL with optional authentication.
+Format: redis://[username]:[password]@host:port/database
 */}}
 {{- define "paperless-ngx.redis.url" -}}
 {{- $host := include "paperless-ngx.redis.host" . }}
 {{- $port := include "paperless-ngx.redis.port" . }}
 {{- $database := .Values.redis.external.database | toString }}
+{{- $username := .Values.redis.external.username | default "" }}
+{{- $password := .Values.redis.external.password | default "" }}
+{{- if and $username $password }}
+{{- printf "redis://%s:%s@%s:%s/%s" $username $password $host $port $database }}
+{{- else if $password }}
+{{- printf "redis://:%s@%s:%s/%s" $password $host $port $database }}
+{{- else }}
 {{- printf "redis://%s:%s/%s" $host $port $database }}
+{{- end }}
 {{- end }}

charts/paperless-ngx/templates/deployment.yaml

@@ -69,6 +69,10 @@ spec:
             # Required services
             - name: PAPERLESS_REDIS
               value: {{ include "paperless-ngx.redis.url" . | quote }}
+            {{- if .Values.redis.external.prefix }}
+            - name: PAPERLESS_REDIS_PREFIX
+              value: {{ .Values.redis.external.prefix | quote }}
+            {{- end }}
             - name: PAPERLESS_DBHOST
               value: {{ include "paperless-ngx.postgresql.host" . | quote }}
             - name: PAPERLESS_DBPORT

charts/paperless-ngx/templates/secret.yaml

@@ -5,6 +5,9 @@
 {{- if not .Values.postgresql.external.existingSecret -}}
   {{- $needsSecret = true -}}
 {{- end -}}
+{{- if and .Values.redis.external.password (not .Values.redis.external.existingSecret) -}}
+  {{- $needsSecret = true -}}
+{{- end -}}
 {{- if and .Values.config.admin.user (not .Values.config.admin.existingSecret) -}}
   {{- $needsSecret = true -}}
 {{- end -}}
@@ -27,6 +30,9 @@ data:
   {{- if not .Values.postgresql.external.existingSecret }}
   {{ .Values.postgresql.external.passwordKey | default "postgresql-password" }}: {{ .Values.postgresql.external.password | default "paperless" | b64enc }}
   {{- end }}
+  {{- if and .Values.redis.external.password (not .Values.redis.external.existingSecret) }}
+  {{ .Values.redis.external.passwordKey | default "redis-password" }}: {{ .Values.redis.external.password | b64enc }}
+  {{- end }}
   {{- if and .Values.config.admin.user (not .Values.config.admin.existingSecret) }}
   {{ .Values.config.admin.userKey | default "admin-user" }}: {{ .Values.config.admin.user | b64enc }}
   {{ .Values.config.admin.passwordKey | default "admin-password" }}: {{ .Values.config.admin.password | default "changeme" | b64enc }}

charts/paperless-ngx/values.yaml

@@ -158,11 +158,16 @@ redis:
     host: "redis.default.svc.cluster.local"
     port: 6379
     database: 0
+    # Authentication (leave empty if Redis has no auth)
+    username: ""  # Optional: Redis username (Redis 6.0+)
     # Use existingSecret for credentials if Redis has auth
     existingSecret: ""
     passwordKey: "redis-password"
     # Or set password directly (leave empty if no auth)
     password: ""
+    # Optional: Prefix for Redis keys and channels
+    # Useful for sharing one Redis server among multiple Paperless instances
+    prefix: ""
 
 ## Paperless-ngx Configuration
 config: