From d3a54f13b070d1e7f2111fe5926f658091507f28 Mon Sep 17 00:00:00 2001 From: Marko Oldenburg Date: Sun, 23 Nov 2025 13:01:43 +0100 Subject: [PATCH 1/4] Refactor environment variables in deployment template The environment variables for the Paperless-NGX deployment have been refactored and moved into the main container section within the Kubernetes deployment manifest. This change organizes the environment variable definitions, enhancing readability and maintainability. Key modifications include: - Moved the `env` section under `containers.main`, allowing for a clearer structure. - Retained the logic for PostgreSQL, MariaDB, and Redis database configuration while ensuring environment variables are set within the context of the main application container. This change does not introduce any breaking functionality, but it does improve the clarity and intent of the configuration. --- charts/paperless-ngx/templates/common.yaml | 91 ++++++++++++---------- charts/paperless-ngx/values.yaml | 9 +-- 2 files changed, 52 insertions(+), 48 deletions(-) diff --git a/charts/paperless-ngx/templates/common.yaml b/charts/paperless-ngx/templates/common.yaml index c172e65..cbfc981 100644 --- a/charts/paperless-ngx/templates/common.yaml +++ b/charts/paperless-ngx/templates/common.yaml @@ -1,48 +1,53 @@ {{/* Append the hardcoded settings */}} {{- define "healthchecks.harcodedValues" -}} -env: - PAPERLESS_TIME_ZONE: {{ .Values.env.TZ }} - PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }} - - {{- with .Values.ingress.main }} - {{- if and .enabled .hosts }} - PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }} - {{- end }} - {{- end }} - - {{- if .Values.postgresql.enabled }} - {{- with .Values.postgresql }} - PAPERLESS_DBENGINE: postgresql - PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql - PAPERLESS_DBNAME: {{ .auth.database }} - PAPERLESS_DBUSER: {{ default "postgres" .auth.username }} - PAPERLESS_DBPASS: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }} - key: {{ if not .auth.password }}postgres-{{ end }}password - {{- end }} - {{- else if .Values.mariadb.enabled }} - {{- with .Values.mariadb}} - PAPERLESS_DBENGINE: mariadb - PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb - PAPERLESS_DBNAME: {{ .auth.database }} - PAPERLESS_DBUSER: {{ .auth.username }} - PAPERLESS_DBPASS: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }} - key: mariadb-password - {{- end }} - {{- end }} - - {{- if .Values.redis.enabled }} - {{- with .Values.redis }} - A_REDIS_PASSWORD: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }} - key: {{ .auth.existingSecretPasswordKey | default "redis-password" }} - PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master - {{- end }} - {{- end }} +controllers: + main: + type: deployment + containers: + main: + env: + PAPERLESS_TIME_ZONE: {{ .Values.env.TZ }} + PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }} + + {{- with .Values.ingress.main }} + {{- if and .enabled .hosts }} + PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }} + {{- end }} + {{- end }} + + {{- if .Values.postgresql.enabled }} + {{- with .Values.postgresql }} + PAPERLESS_DBENGINE: postgresql + PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql + PAPERLESS_DBNAME: {{ .auth.database }} + PAPERLESS_DBUSER: {{ default "postgres" .auth.username }} + PAPERLESS_DBPASS: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }} + key: {{ if not .auth.password }}postgres-{{ end }}password + {{- end }} + {{- else if .Values.mariadb.enabled }} + {{- with .Values.mariadb}} + PAPERLESS_DBENGINE: mariadb + PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb + PAPERLESS_DBNAME: {{ .auth.database }} + PAPERLESS_DBUSER: {{ .auth.username }} + PAPERLESS_DBPASS: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }} + key: mariadb-password + {{- end }} + {{- end }} + + {{- if .Values.redis.enabled }} + {{- with .Values.redis }} + A_REDIS_PASSWORD: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }} + key: {{ .auth.existingSecretPasswordKey | default "redis-password" }} + PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master + {{- end }} + {{- end }} {{- end -}} {{- $_ := merge .Values (include "healthchecks.harcodedValues" . | fromYaml) -}} diff --git a/charts/paperless-ngx/values.yaml b/charts/paperless-ngx/values.yaml index 6da2f3f..7ec6d3a 100644 --- a/charts/paperless-ngx/values.yaml +++ b/charts/paperless-ngx/values.yaml @@ -20,11 +20,10 @@ controllers: # @default -- See [values.yaml](./values.yaml) # -- Set the resource requests / limits for the container. resources: {} - -env: - # -- Set the container timezone - TZ: UTC - # PAPERLESS_SECRET_KEY: "" + env: + # -- Set the container timezone + TZ: UTC + # PAPERLESS_SECRET_KEY: "" service: # -- Configures service settings for the chart. -- 2.49.1 From 5f201ba91874ac27817d04100270f1c9e7d11cbd Mon Sep 17 00:00:00 2001 From: Marko Oldenburg Date: Sun, 23 Nov 2025 13:12:58 +0100 Subject: [PATCH 2/4] Refactor environment variable definitions in common.yaml This commit refactors the environment variable definitions in the `common.yaml` template for the Paperless-ngx chart. The structure has been simplified by removing the unnecessary nested "controllers: main: type: deployment" section, directly defining the `env` block. This improves readability and maintainability of the Helm template. No functional changes were introduced, and existing behaviors are preserved. The refactor aims to streamline the configuration management process for better clarity when setting up environment variables related to services like PostgreSQL, MariaDB, and Redis. --- charts/paperless-ngx/templates/common.yaml | 93 ++++++++++------------ 1 file changed, 44 insertions(+), 49 deletions(-) diff --git a/charts/paperless-ngx/templates/common.yaml b/charts/paperless-ngx/templates/common.yaml index cbfc981..e3fdfcc 100644 --- a/charts/paperless-ngx/templates/common.yaml +++ b/charts/paperless-ngx/templates/common.yaml @@ -1,55 +1,50 @@ {{/* Append the hardcoded settings */}} {{- define "healthchecks.harcodedValues" -}} -controllers: - main: - type: deployment - containers: - main: - env: - PAPERLESS_TIME_ZONE: {{ .Values.env.TZ }} - PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }} - - {{- with .Values.ingress.main }} - {{- if and .enabled .hosts }} - PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }} - {{- end }} - {{- end }} - - {{- if .Values.postgresql.enabled }} - {{- with .Values.postgresql }} - PAPERLESS_DBENGINE: postgresql - PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql - PAPERLESS_DBNAME: {{ .auth.database }} - PAPERLESS_DBUSER: {{ default "postgres" .auth.username }} - PAPERLESS_DBPASS: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }} - key: {{ if not .auth.password }}postgres-{{ end }}password - {{- end }} - {{- else if .Values.mariadb.enabled }} - {{- with .Values.mariadb}} - PAPERLESS_DBENGINE: mariadb - PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb - PAPERLESS_DBNAME: {{ .auth.database }} - PAPERLESS_DBUSER: {{ .auth.username }} - PAPERLESS_DBPASS: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }} - key: mariadb-password - {{- end }} - {{- end }} - - {{- if .Values.redis.enabled }} - {{- with .Values.redis }} - A_REDIS_PASSWORD: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }} - key: {{ .auth.existingSecretPasswordKey | default "redis-password" }} - PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master - {{- end }} - {{- end }} +env: + PAPERLESS_TIME_ZONE: {{ .Values.env.TZ }} + PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }} + + {{- with .Values.ingress.main }} + {{- if and .enabled .hosts }} + PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }} + {{- end }} + {{- end }} + + {{- if .Values.postgresql.enabled }} + {{- with .Values.postgresql }} + PAPERLESS_DBENGINE: postgresql + PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql + PAPERLESS_DBNAME: {{ .auth.database }} + PAPERLESS_DBUSER: {{ default "postgres" .auth.username }} + PAPERLESS_DBPASS: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }} + key: {{ if not .auth.password }}postgres-{{ end }}password + {{- end }} + {{- else if .Values.mariadb.enabled }} + {{- with .Values.mariadb}} + PAPERLESS_DBENGINE: mariadb + PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb + PAPERLESS_DBNAME: {{ .auth.database }} + PAPERLESS_DBUSER: {{ .auth.username }} + PAPERLESS_DBPASS: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }} + key: mariadb-password + {{- end }} + {{- end }} + + {{- if .Values.redis.enabled }} + {{- with .Values.redis }} + A_REDIS_PASSWORD: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }} + key: {{ .auth.existingSecretPasswordKey | default "redis-password" }} + PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master + {{- end }} + {{- end }} {{- end -}} {{- $_ := merge .Values (include "healthchecks.harcodedValues" . | fromYaml) -}} {{/* Render the templates */}} -{{ include "bjw-s.common.loader.all" . }} +{{ include "bjw-s.common.loader.all" . }} \ No newline at end of file -- 2.49.1 From ac8181519ceafbcc67bd52857fe50a06e02b638c Mon Sep 17 00:00:00 2001 From: Marko Oldenburg Date: Sun, 23 Nov 2025 14:05:37 +0100 Subject: [PATCH 3/4] Refactor hardcoded environment variables in common.yaml Removed hardcoded environment variables from the `common.yaml` template and refactored them to utilize the newly structured values from `Values.controllers.main.containers.main.env`. This change enhances maintainability and clarity by aligning environmental variables with the current values schema. Additionally, the code was cleaned up by ensuring proper indentation and structure for readability. No breaking changes or significant shifts in functionality were introduced; the refactor merely improves the organization of environment configuration. --- charts/paperless-ngx/templates/common.yaml | 82 +++++++++++----------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/charts/paperless-ngx/templates/common.yaml b/charts/paperless-ngx/templates/common.yaml index e3fdfcc..83d83ea 100644 --- a/charts/paperless-ngx/templates/common.yaml +++ b/charts/paperless-ngx/templates/common.yaml @@ -1,50 +1,50 @@ {{/* Append the hardcoded settings */}} {{- define "healthchecks.harcodedValues" -}} -env: - PAPERLESS_TIME_ZONE: {{ .Values.env.TZ }} - PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }} +PAPERLESS_TIME_ZONE: {{ .Values.controllers.main.containers.main.env.TZ }} +PAPERLESS_PORT: {{ quote .Values.service.main.ports.http.port }} - {{- with .Values.ingress.main }} - {{- if and .enabled .hosts }} - PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }} - {{- end }} - {{- end }} +{{- with .Values.ingress.main }} +{{- if and .enabled .hosts }} +PAPERLESS_URL: http{{ if .tls }}s{{ end }}://{{ (first .hosts).host }} +{{- end }} +{{- end }} - {{- if .Values.postgresql.enabled }} - {{- with .Values.postgresql }} - PAPERLESS_DBENGINE: postgresql - PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql - PAPERLESS_DBNAME: {{ .auth.database }} - PAPERLESS_DBUSER: {{ default "postgres" .auth.username }} - PAPERLESS_DBPASS: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }} - key: {{ if not .auth.password }}postgres-{{ end }}password - {{- end }} - {{- else if .Values.mariadb.enabled }} - {{- with .Values.mariadb}} - PAPERLESS_DBENGINE: mariadb - PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb - PAPERLESS_DBNAME: {{ .auth.database }} - PAPERLESS_DBUSER: {{ .auth.username }} - PAPERLESS_DBPASS: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }} - key: mariadb-password - {{- end }} - {{- end }} +{{- if .Values.postgresql.enabled }} +{{- with .Values.postgresql }} +PAPERLESS_DBENGINE: postgresql +PAPERLESS_DBHOST: {{ $.Release.Name }}-postgresql +PAPERLESS_DBNAME: {{ .auth.database }} +PAPERLESS_DBUSER: {{ default "postgres" .auth.username }} +PAPERLESS_DBPASS: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-postgresql" $.Release.Name) }} + key: {{ if not .auth.password }}postgres-{{ end }}password +{{- end }} +{{- else if .Values.mariadb.enabled }} +{{- with .Values.mariadb}} +PAPERLESS_DBENGINE: mariadb +PAPERLESS_DBHOST: {{ $.Release.Name }}-mariadb +PAPERLESS_DBNAME: {{ .auth.database }} +PAPERLESS_DBUSER: {{ .auth.username }} +PAPERLESS_DBPASS: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-mariadb" $.Release.Name) }} + key: mariadb-password +{{- end }} +{{- end }} - {{- if .Values.redis.enabled }} - {{- with .Values.redis }} - A_REDIS_PASSWORD: - secretKeyRef: - name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }} - key: {{ .auth.existingSecretPasswordKey | default "redis-password" }} - PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master - {{- end }} - {{- end }} +{{- if .Values.redis.enabled }} +{{- with .Values.redis }} +A_REDIS_PASSWORD: + secretKeyRef: + name: {{ .auth.existingSecret | default (printf "%s-redis" $.Release.Name) }} + key: {{ .auth.existingSecretPasswordKey | default "redis-password" }} +PAPERLESS_REDIS: redis://{{ .auth.username }}:$(A_REDIS_PASSWORD)@{{ $.Release.Name }}-redis-master +{{- end }} +{{- end }} {{- end -}} -{{- $_ := merge .Values (include "healthchecks.harcodedValues" . | fromYaml) -}} +{{- /* Mergt die Umgebungsvariablen in den 'env'-Block des Haupt-Containers */ -}} +{{- $_ := mergeOverwrite .Values.controllers.main.containers.main.env (include "healthchecks.harcodedValues" . | fromYaml) -}} {{/* Render the templates */}} {{ include "bjw-s.common.loader.all" . }} \ No newline at end of file -- 2.49.1 From 070ca0e62c148e7fa5993b5dbba9427fb929c9b9 Mon Sep 17 00:00:00 2001 From: Marko Oldenburg Date: Sun, 23 Nov 2025 14:06:24 +0100 Subject: [PATCH 4/4] Update paperless-ngx chart version to 0.25.0 The version number for the paperless-ngx chart has been downgraded from 0.25.1 to 0.25.0 in the Chart.yaml file. This change may have been necessary due to issues or bugs identified in the 0.25.1 release that require reverting to a more stable version. The appVersion remains unchanged at 2.20.0, and the kubeVersion requirement is still set to "">=1.28.0-0". No breaking changes are introduced with this version rollback, but users should ensure that their deployments are compatible with the features and functionality provided in version 0.25.0. --- charts/paperless-ngx/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/paperless-ngx/Chart.yaml b/charts/paperless-ngx/Chart.yaml index d013269..28a5932 100644 --- a/charts/paperless-ngx/Chart.yaml +++ b/charts/paperless-ngx/Chart.yaml @@ -4,7 +4,7 @@ description: "A community-supported supercharged version of paperless: scan, ind home: https://charts.gabe565.com/charts/paperless-ngx/ icon: https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/b948750/src-ui/src/assets/logo-notext.svg type: application -version: 0.25.1 +version: 0.25.0 # renovate datasource=docker depName=ghcr.io/paperless-ngx/paperless-ngx appVersion: 2.20.0 kubeVersion: ">=1.28.0-0" -- 2.49.1