feat(helm-local_settings): Add option to add local_settings.py (#10803)

Author: kiblik

docs/content/en/open_source/installation/configuration.md

@@ -23,7 +23,7 @@ When you deploy DefectDojo in a **Kubernetes** cluster, you can set environment
 
 An example can be found in [`template_env`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/template-env).
 
-### local_settings.py (not with Kubernetes)
+### local_settings.py
 
 `local_settings.py` can contain more complex customizations such as adding MIDDLEWARE or INSTALLED_APP entries.
 This file is processed *after* settings.dist.py is processed, so you can modify settings delivered by DefectDojo out of the box.
@@ -34,6 +34,8 @@ An example can be found in [`dojo/settings/template-local_settings`](https://git
 
 In Docker Compose release mode, files in `docker/extra_settings/` (relative to the file `docker-compose.yml`) will be copied into `dojo/settings/` in the docker container on startup.
 
+`local_settings.py` can be used in Kubernetes as well. Variable `localsettingspy` will be stored as ConfigMap and mounted to responsible location of containers.
+
 ## Configuration in the UI
 
 Users with the superuser status can configure more options via the UI under `Configuration` / `System Settings`. 

helm/defectdojo/templates/celery-beat-deployment.yaml

@@ -61,6 +61,11 @@ spec:
       volumes:
       - name: run
         emptyDir: {}
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- if  .Values.django.uwsgi.certificates.enabled }}
       - name: cert-mount
         configMap:
@@ -119,6 +124,12 @@ spec:
         volumeMounts:
         - name: run
           mountPath: /run/defectdojo
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- if  .Values.django.uwsgi.certificates.enabled }}
         - name: cert-mount
           mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}

helm/defectdojo/templates/celery-worker-deployment.yaml

@@ -59,6 +59,11 @@ spec:
       - name: {{ .Values.imagePullSecrets }}
       {{- end }}
       volumes:
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- if  .Values.django.uwsgi.certificates.enabled }}
       - name: cert-mount
         configMap:
@@ -114,6 +119,12 @@ spec:
         {{- end }}
         command: ['/entrypoint-celery-worker.sh']
         volumeMounts:
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- if  .Values.django.uwsgi.certificates.enabled }}
         - name: cert-mount
           mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}

helm/defectdojo/templates/configmap-local-settings-py.yaml

@@ -0,0 +1,15 @@
+{{- if  .Values.localsettingspy }}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $fullName }}-localsettingspy
+  labels:
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+data:
+  file: 
+    {{ toYaml .Values.localsettingspy | indent 4 }}
+{{- end }}

helm/defectdojo/templates/django-deployment.yaml

@@ -68,6 +68,11 @@ spec:
       volumes:
       - name: run
         emptyDir: {}
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- if  .Values.django.uwsgi.certificates.enabled }}
       - name: cert-mount
         configMap:
@@ -150,6 +155,12 @@ spec:
         volumeMounts:
         - name: run
           mountPath: /run/defectdojo
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- if  .Values.django.uwsgi.certificates.enabled }}
         - name: cert-mount
           mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}

helm/defectdojo/templates/initializer-job.yaml

@@ -44,6 +44,11 @@ spec:
       - name: {{ .Values.imagePullSecrets }}
       {{- end }}
       volumes:
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- range .Values.initializer.extraVolumes }}
       - name: userconfig-{{ .name }}
         {{ .type }}:
@@ -107,6 +112,12 @@ spec:
           {{- toYaml .Values.securityContext.djangoSecurityContext | nindent 10 }}
         {{- end }}
         volumeMounts:
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- range .Values.initializer.extraVolumes }}
         - name: userconfig-{{ .name }}
           readOnly: true

helm/defectdojo/values.yaml

@@ -543,3 +543,15 @@ extraConfigs: {}
 #     configMapKeyRef:
 #       name: my-other-postgres-configmap
 #       key: cluster_endpoint
+
+# To add code snippet which would extend setting functionality, you might add it here
+# It will be stored as ConfigMap and mounted `dojo/settings/local_settings.py`.
+# For more see: https://documentation.defectdojo.com/getting_started/configuration/
+# For example:
+# localsettingspy: |
+#   INSTALLED_APPS += (
+#     'debug_toolbar',
+#   )
+#   MIDDLEWARE = [
+#       'debug_toolbar.middleware.DebugToolbarMiddleware',
+#   ] + MIDDLEWARE