Fix master key secret creation for ServiceMonitor compatibility

[barskern]

Pull Request

Related issue

Fixes failing ServiceMonitor when MEILI_MASTER_KEY is specified as the main secret.

What does this PR do?

The service monitor REQUIRES the kubernetes secret to be present to be able to query for the metrics, i.e. we should make the secret also when the MEILI_MASTER_KEY is used to pass the main secret.

PR checklist

Please check if your PR fulfills the following requirements:

• Did you use any AI tool while implementing this PR (code, tests, docs, etc.)? If yes, disclose it in the PR description and describe what it was used for. AI usage is allowed when it is disclosed.
• Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)?
• Have you read the contributing guidelines?
• Have you made sure that the title is accurate and descriptive of the changes?

Thank you so much for contributing to Meilisearch!

Fixed failing ServiceMonitor when MEILI_MASTER_KEY is provided via environment variables

This PR fixes a bug where the ServiceMonitor fails when the MEILI_MASTER_KEY is supplied through environment variables rather than an existing Kubernetes Secret. The ServiceMonitor requires a Kubernetes Secret to be present to query metrics, but the secret was not being created in this scenario.

Changes

charts/meilisearch/templates/master-key-secret.yaml

The Secret creation condition has been extended to account for environment-supplied master keys:

• Broadened the template condition (line 1) to render the Secret not only when isProductionWithoutMasterKey is true, but also when .Values.environment.MEILI_MASTER_KEY is set and .Values.auth.existingMasterKeySecret is not provided
• Added an else if branch (line 12) to populate the Secret data with the value from .Values.environment.MEILI_MASTER_KEY before falling back to generating a random key

This ensures that the master key Secret is created whenever the ServiceMonitor needs it, allowing the ServiceMonitor to successfully authenticate and query metrics in all deployment configurations.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates the Meilisearch Helm template to broaden when and how the master key Kubernetes Secret is created. The rendering condition now includes cases where a master key is explicitly provided via environment values, and the data population logic prioritizes configured values over random generation.

Changes

Master Key Secret Template Logic

Layer / File(s)	Summary
Master key Secret rendering and data logic charts/meilisearch/templates/master-key-secret.yaml	Template conditional broadened to render the Secret when production mode is set OR when MEILI_MASTER_KEY is explicitly configured without an existing secret. Data section now emits the configured value as an intermediate case before falling back to random generation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A key finds its home, three paths converge,
Production calls, values emerge,
Random or chosen, the template decides,
Where the secret hides!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title references ServiceMonitor compatibility, but the PR's main objective is fixing master key secret creation when MEILI_MASTER_KEY is provided as an environment variable to enable ServiceMonitor functionality.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@charts/meilisearch/templates/master-key-secret.yaml`:
- Around line 12-13: The Secret data value for MEILI_MASTER_KEY is not
base64-encoded; update the template in master-key-secret.yaml so the branch that
uses .Values.environment.MEILI_MASTER_KEY encodes it with the b64enc Helm
function (same approach as the random fallback that already uses "| b64enc"),
i.e., apply b64enc to .Values.environment.MEILI_MASTER_KEY in the
MEILI_MASTER_KEY data entry so Kubernetes receives valid base64 data.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bfbe1f0d-e3ea-4eb2-a287-cdd0f61b37bb

📥 Commits

Reviewing files that changed from the base of the PR and between b72a8f3 and ab50274.

📒 Files selected for processing (1)

• charts/meilisearch/templates/master-key-secret.yaml