diff --git a/kubernetes/main/apps/media/sonarr/app/externalsecret.yaml b/kubernetes/main/apps/media/sonarr/app/externalsecret.yaml
index 518b576b2..b78db5a66 100755
--- a/kubernetes/main/apps/media/sonarr/app/externalsecret.yaml
+++ b/kubernetes/main/apps/media/sonarr/app/externalsecret.yaml
@@ -29,7 +29,8 @@ spec:
         COOKIE_SECRET: "{{ .COOKIE_SECRET }}"
         CLIENT_SECRET: "{{ .CLIENT_SECRET}}"
         CLIENT_ID: "{{ .CLIENT_ID }}"
-        REDIS_PASSWORD: "{{ .REDIS_PASSWORD }}"
+        DRAGONFLY_PASSWORD: "{{ .DRAGONFLY__PASSWORD }}"
+        dragonfly-ca.crt: '{{ index . "dragonfly-ca.crt" }}'
   dataFrom:
     - extract:
         key: api-keys
@@ -40,4 +41,9 @@ spec:
     - extract:
         key: secrets/oauth2/sonarr
     - extract:
-        key: secrets/redis
+        key: secrets/dragonfly
+  data:
+    - secretKey: dragonfly-ca.crt
+      remoteRef:
+        key: secrets/certificates/dragonfly
+        property: ca.crt
diff --git a/kubernetes/main/apps/media/sonarr/app/helmrelease.yaml b/kubernetes/main/apps/media/sonarr/app/helmrelease.yaml
index 0dec4a0dc..a78d4c0ea 100755
--- a/kubernetes/main/apps/media/sonarr/app/helmrelease.yaml
+++ b/kubernetes/main/apps/media/sonarr/app/helmrelease.yaml
@@ -89,9 +89,8 @@ spec:
                 valueFrom:
                   secretKeyRef:
                     name: *secret
-                    key: REDIS_PASSWORD
+                    key: DRAGONFLY_PASSWORD
               OAUTH2_PROXY_SESSION_STORE_TYPE: redis
-              OAUTH2_PROXY_REDIS_CONNECTION_URL: redis://redis-master.database.svc.cluster.local:6379
             securityContext: *securityContext
 
           app:
@@ -246,3 +245,13 @@ spec:
               - path: /etc/oauth2-proxy.cfg
                 subPath: oauth2-proxy.cfg
                 readOnly: true
+
+      dragonfly-ca-cert:
+        type: secret
+        name: *secret
+        advancedMounts:
+          sonarr:
+            oauth2-proxy:
+              - path: /etc/ssl/certs/dragonfly-ca.crt
+                subPath: dragonfly-ca.crt
+                readOnly: true
diff --git a/kubernetes/main/apps/media/sonarr/app/resources/oauth2-proxy.cfg b/kubernetes/main/apps/media/sonarr/app/resources/oauth2-proxy.cfg
index db133d4d2..b4129bf6a 100644
--- a/kubernetes/main/apps/media/sonarr/app/resources/oauth2-proxy.cfg
+++ b/kubernetes/main/apps/media/sonarr/app/resources/oauth2-proxy.cfg
@@ -21,3 +21,5 @@ cookie_csrf_per_request = true
 cookie_csrf_expire = "5m"
 ping_path = "/oauth2/ping"
 cookie_samesite = "strict"
+redis_connection_url = "rediss://dragonfly-cluster.database.svc.cluster.local:6379"
+redis_insecure_skip_tls_verify = false