Helm: Using existing services
By default, the Helm chart deploys PostgreSQL, RabbitMQ, Memcached, and Redis as Bitnami subcharts. You can disable any or all of these subcharts to use pre-existing external services instead.
Using an external PostgreSQL server
Disable the bundled PostgreSQL subchart and configure the external server in your values file:
postgresql: enabled: false externalPostgresql: host: pg.example.com port: 5432 user: zulip database: zulip password: your-pg-password sslmode: require
The
sslmodesetting is optional and maps to the PostgreSQLsslmodeconnection parameter.Default Zulip uses PostgreSQL’s built-in full-text search and needs no extensions, but search quality depends on the dictionary files the server has available for stemming. The
zulip/zulip-postgresqlimage bundles a useful set; managed-database providers (e.g., Amazon RDS) often don’t ship those dictionaries and produce lower-quality results. To enable PGroonga for multi-language full-text search, the external server needs thepgroongaextension available.Create the
zulipdatabase and user on your external server before installing the chart.
Using an external RabbitMQ server
rabbitmq:
enabled: false
externalRabbitmq:
host: rabbitmq.example.com
port: 5672
user: zulip
password: your-rabbitmq-password
# vhost: "/"
Set vhost if Zulip should use a non-default RabbitMQ
virtual host; it defaults to /.
Using an external Memcached server
memcached:
enabled: false
externalMemcached:
host: memcached.example.com
port: 11211
user: zulip
password: your-memcached-password
Using an external Redis server
redis:
enabled: false
externalRedis:
host: redis.example.com
port: 6379
password: your-redis-password
Using Kubernetes Secrets for service passwords
Bundled subcharts
Each Bitnami subchart supports referencing a pre-existing Kubernetes Secret
instead of placing passwords in your values file. When set, the Zulip container
also reads the password from the same secret via valueFrom:
postgresql:
auth:
existingSecret: my-pg-secret
# Secret must contain a key named "password"
# (configurable via auth.secretKeys.userPasswordKey)
rabbitmq:
auth:
existingPasswordSecret: my-rabbitmq-secret
# Secret must contain a key named "rabbitmq-password"
# (configurable via auth.existingSecretPasswordKey)
redis:
auth:
existingSecret: my-redis-secret
# Secret must contain a key named "redis-password"
# (configurable via auth.existingSecretPasswordKey)
memcached:
auth:
existingPasswordSecret: my-memcached-secret
# Secret must contain a key named "memcached-password"
# (configurable via auth.existingSecretPasswordKey)
External services
When using external services, password fields also accept valueFrom
references:
externalPostgresql:
host: pg.example.com
password:
valueFrom:
secretKeyRef:
name: my-external-pg-secret
key: password
The same pattern works for externalRabbitmq.password,
externalMemcached.password, and externalRedis.password.
Mixed internal and external services
You can mix internal and external services. For example, to use the bundled PostgreSQL but an external Redis:
postgresql:
enabled: true
auth:
postgresPassword: secure-password
password: secure-password
redis:
enabled: false
externalRedis:
host: redis.example.com
port: 6379
password: your-redis-password