The encryption initializer previously only supported environment variables
in self-hosted mode. In managed mode, it expected encryption credentials
to exist in Rails.application.credentials, which would cause boot failures
if they were missing.
This change updates the encryption configuration to support environment
variables in both managed and self-hosted modes:
- Environment variables (ACTIVE_RECORD_ENCRYPTION_*) now work in both modes
- Priority: env vars > auto-generation (self-hosted only) > credentials
- Updated documentation in .env.example and Helm chart README
This allows managed mode deployments to provide encryption keys via
environment variables instead of requiring Rails credentials.
Co-authored-by: Claude <noreply@anthropic.com>
* feat: updated redis-operator to 0.23.X
* chore: renamed redis-operator-redis to redis-sentinel
* chore: renamed 00-redis-operator-replication to redis-operator-replication
* feat: added podSecurityContext
* fix: added security context to fix PV mounting
* fix: removed reference to tag and image in managed
* Revert "fix: added security context to fix PV mounting"
This reverts commit 18aca83c73.
* chore: removed podSecurityContext as it is not necessary
* Add backup rendering logic and tests for CNPG Cluster CR
- Implemented logic in `cnpg-cluster.yaml` to render `.spec.backup` based on `cnpg.cluster.backup` values.
- Introduced validation for required fields and unsupported keys (e.g., `ttl`, `volumeSnapshot.enabled`) to avoid CRD warnings.
- Added Helm unit tests to validate backup rendering for various scenarios: missing/invalid fields, inferred `method`, and unsupported keys.
- Updated `README.md` and `values.yaml` with examples and documentation for backup configuration options.
* Add plugin rendering logic and tests for CNPG Cluster CR
- Implemented logic in `cnpg-cluster.yaml` to render `.spec.plugins` based on `cnpg.cluster.plugins` values.
- Added Helm unit tests to validate plugin rendering scenarios: unset plugins and configured plugin values.
- Updated `values.yaml` with examples and documentation for configuring CNPG plugins.
* Update chart to v1.0.1 with CNPG backup and plugin enhancements
- Add rendering logic for `Cluster.spec.backup`, inferring `method: volumeSnapshot` when applicable and validating required fields.
- Add support for `Cluster.spec.plugins`, enabling barman-cloud plugin and WAL archiver configuration.
- Strip unsupported keys (e.g., `backup.ttl`, `volumeSnapshot.enabled`) to prevent CRD warnings.
- Update examples and documentation in `README.md` and `values.yaml`.
* Keep Helm chart on same major version as app?
* Versioning with monorepo
* MD is tricky
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* Add Helm chart for Sure Rails app deployment.
- Introduced initial Helm chart structure for deploying the Sure Rails app with Sidekiq on Kubernetes.
- Added optional CloudNativePG and Redis-Operator subcharts for high availability of PostgreSQL and Redis.
- Implemented configuration guards for mutual exclusivity between Redis operators.
- Included support for Horizontal Pod Autoscalers (HPAs) for web and worker deployments.
- Added default configurations for CronJobs, database migrations, and Ingress setup.
- Generated NOTES.txt for deployment guidance and troubleshooting.
- Added example profiles for simple and high-availability hosting setups in README.md.
- Enhanced templates with helper functions for reusable logic and secret management.
* Refactor Helm chart to use shared _env.tpl helper for environment variable injection.
- Added `_env.tpl` for managing environment variables across workloads (web, worker, jobs, etc.).
- Replaced repetitive inline environment configurations with reusable `sure.env` helper.
- Enhanced `redis-simple` configurations with support for dynamic persistence settings and resource limits.
- Updated `values.yaml` with improved defaults for multi-node cluster setups.
- Extended cleanup scripts to handle RedisSentinel CRs.
* Refactor Helm chart templates for consistency and improved readability
- Simplified `simplefin-backfill-job.yaml` by quoting backfill args for cleaner rendering.
- Removed unused `extraEnvFrom` logic from `_env.tpl`.
- Streamlined `redis-simple-deployment.yaml` by restructuring `volumeMounts` and `volumes` blocks for better condition handling.
* Bump Sure Helm chart version to 1.0.0 for initial stable release.
* Update README: Redis subchart to use OT redis-operator and improve secret management examples.
- Replaced `dandydev/redis-ha` with `OT-CONTAINER-KIT redis-operator`
- Added Redis secret configurations examples for flexible secret management.
- Updated README with new Redis configuration instructions, examples, and auto-wiring precedence adjustments.
* Enhance Redis-Operator Helm chart with managed scheduling, topology spreading, and fallback logic
- Introduced `managed.*` fields for optional RedisReplication configurations, prioritizing them over top-level settings.
- Added support for `nodeSelector`, `affinity`, `tolerations`, `topologySpreadConstraints`, and customized `workloadResources` for Redis pods.
- Updated default Redis image to `v8.4.0` in templates.
- Improved persistence configuration with fallback support.
- Updated README and values.yaml with examples and guidance for high-availability setups.
- Enhanced CNPG chart with scheduling options for consistency.
* Update README with improved Redis-Operator usage examples and secret placeholder guidance
- Added instructions for constructing `REDIS_URL` in Kubernetes manifests using placeholders.
- Replaced sensitive values in example secrets with non-sensitive placeholders (`__SET_SECRET__`).
- Included notes on linting Helm templates and YAML to avoid false-positive CI errors.
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
