Description
Is your feature request related to a problem? Please describe.
I would like to be able to maintain my loki config as a ConfigMap with no sensitive values in it, but right now, the redis password must be plain text.
Describe the solution you'd like
It'd be nice to have an option for using an env var like this:
storage_config:
index_queries_cache_config:
enable_fifocache: false
redis:
endpoint: redis.namespace.svc.cluster.local:6379
expiration: 30m
timeout: 5s
password_var: name-of-env-var
tls_enabled: trueThen users could just use the extraVars settings to make sure the redis or valkey password is always passed in from an existingSecret.
Or if possible specifying another secret directly like this:
storage_config:
index_queries_cache_config:
enable_fifocache: false
redis:
endpoint: redis.namespace.svc.cluster.local:6379
expiration: 30m
timeout: 5s
password_secret: name-of-redis-credentials-secret
tls_enabled: trueDescribe alternatives you've considered
The only alternative is to store the entire config as a Secret, which makes it difficult to work with as it won't have proper syntax highlighting because the way a lot of companies generate Secrets is to use ExternalSecrets from something like GCP or AWS secrets services. It would be cleaner to accept this data as an env var or existing secret.
We could also have a simple yq init container that templates in this secret optionally, but it would be nice if it were a feature of this chart.
Additional context
Happy to help get this taken care of if you can point me in the right direction.