Skip to content

feat: improve Helm chart #12691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 11 commits into
base: dev
Choose a base branch
from
+209 −220
Open

feat: improve Helm chart #12691

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
ec5dd85
**Summary:**
fernandezcuesta Jun 25, 2025
475ed17
chore: add livenessProbe entries for celery
fernandezcuesta Jun 25, 2025
6b18b96
fix: reference to removed field
fernandezcuesta Jun 26, 2025
4165ca8
fix: conflict
fernandezcuesta Jun 26, 2025
cbf8778
chore: add reference to upstream chart
fernandezcuesta Jun 26, 2025
67d6348
fix: missing default values from upstream chart used in templates
fernandezcuesta Jun 26, 2025
b34e833
chore: rephrase
fernandezcuesta Jun 26, 2025
330a127
feat: allow deploy secret as regular non-hooked resources
fernandezcuesta Jun 26, 2025
b474297
fix: review
fernandezcuesta Jun 30, 2025
5c2f804
chore: restore Chart.lock
fernandezcuesta Jun 30, 2025
fba0cd0
chore: update chart.lock
fernandezcuesta Jul 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions helm/defectdojo/Chart.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 16.7.0
repository: oci://registry-1.docker.io/bitnamicharts
version: 16.7.15
- name: redis
repository: https://charts.bitnami.com/bitnami
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.6.4
digest: sha256:20147b5ef71e728a24b1ce410bfbc64885bb824bac17d75dc3ad49e9af5f1b01
generated: "2025-05-08T15:21:14.221601771Z"
digest: sha256:b7190cec386cfc905413b0e7638bcafac0f6c19f1b0dc0b1bd768c09cf8dc295
generated: "2025-07-02T07:45:06.165441283+02:00"
4 changes: 2 additions & 2 deletions helm/defectdojo/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ maintainers:
dependencies:
- name: postgresql
version: ~16.7.0
repository: "https://charts.bitnami.com/bitnami"
repository: oci://registry-1.docker.io/bitnamicharts
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a nice step. I like it.

condition: postgresql.enabled
- name: redis
version: ~19.6.0
repository: "https://charts.bitnami.com/bitnami"
repository: oci://registry-1.docker.io/bitnamicharts
condition: redis.enabled
6 changes: 3 additions & 3 deletions helm/defectdojo/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ Create the name of the service account to use
{{- if .Values.redis.enabled -}}
{{- printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" (.Values.celery.brokerHost | default .Values.redis.redisServer) -}}
{{ .Values.celery.brokerHost }}
{{- end -}}
{{- end -}}
{{- end -}}
Expand All @@ -71,9 +71,9 @@ Create the name of the service account to use
*/}}
{{- define "redis.scheme" -}}
{{- if eq .Values.celery.broker "redis" -}}
{{- if .Values.redis.transportEncryption.enabled -}}
{{- if .Values.redis.tls.enabled -}}
{{- printf "rediss" -}}
{{- else if eq .Values.redis.scheme "sentinel" -}}
{{- else if .Values.redis.sentinel.enabled -}}
{{- printf "sentinel" -}}
{{- else -}}
{{- printf "redis" -}}
Expand Down
54 changes: 28 additions & 26 deletions helm/defectdojo/templates/celery-beat-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,12 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- with .Values.extraLabels }}
{{- toYaml . | nindent 4 }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.celery.annotations }}
{{- with .Values.celery.worker.annotations }}
annotations:
{{- with .Values.celery.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.celery.beat.replicas }}
{{- if .Values.revisionHistoryLimit }}
Expand Down Expand Up @@ -71,22 +69,16 @@ spec:
configMap:
name: {{ .Values.django.uwsgi.certificates.configName }}
{{- end }}
{{- range .Values.celery.extraVolumes }}
- name: userconfig-{{ .name }}
{{ .type }}:
{{- if (eq .type "configMap") }}
name: {{ .name }}
{{- else if (eq .type "secret") }}
secretName: {{ .name }}
{{- else if (eq .type "hostPath") }}
type: {{ .pathType | default "Directory" }}
path: {{ .hostPath }}
{{- end }}
{{- with .Values.celery.beat.extraVolumes }}
{{- . | toYaml | nindent 6 }}
{{- end }}
{{- if or .Values.dbMigrationChecker.enabled .Values.cloudsql.enabled }}
{{- if coalesce .Values.dbMigrationChecker.enabled .Values.cloudsql.enabled .Values.celery.beat.extraInitContainers }}
initContainers:
{{- range .Values.celery.beat.extraInitContainers }}
- {{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.cloudsql.enabled }}
{{- if .Values.cloudsql.enabled }}
- name: cloudsql-proxy
image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
Expand Down Expand Up @@ -115,6 +107,15 @@ spec:
name: celery
image: "{{ template "celery.repository" . }}:{{ .Values.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- with .Values.celery.beat.livenessProbe }}
livenessProbe: {{ toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.celery.beat.readinessProbe }}
readinessProbe: {{ toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.celery.beat.startupProbe }}
startupProbe: {{ toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- toYaml .Values.securityContext.djangoSecurityContext | nindent 10 }}
Expand All @@ -128,15 +129,12 @@ spec:
mountPath: /app/dojo/settings/local_settings.py
subPath: file
{{- end }}
{{- if .Values.django.uwsgi.certificates.enabled }}
{{- if .Values.django.uwsgi.certificates.enabled }}
- name: cert-mount
mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}
{{- end }}
{{- range .Values.celery.extraVolumes }}
- name: userconfig-{{ .name }}
readOnly: true
mountPath: {{ .path }}
subPath: {{ .subPath }}
{{- with .Values.celery.beat.extraVolumeMounts }}
{{- . | toYaml | nindent 8 }}
{{- end }}
envFrom:
- configMapRef:
Expand All @@ -162,8 +160,12 @@ spec:
secretKeyRef:
name: {{ $fullName }}
key: DD_SECRET_KEY
optional: true
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 8 }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- with .Values.celery.beat.extraEnv }}
{{- . | toYaml | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.celery.beat.resources | nindent 10 }}
Expand Down
50 changes: 26 additions & 24 deletions helm/defectdojo/templates/celery-worker-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,10 @@ metadata:
{{- with .Values.extraLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.celery.annotations }}
{{- with .Values.celery.worker.annotations }}
annotations:
{{- with .Values.celery.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.celery.worker.replicas }}
{{- if .Values.revisionHistoryLimit }}
Expand Down Expand Up @@ -69,20 +67,14 @@ spec:
configMap:
name: {{ .Values.django.uwsgi.certificates.configName }}
{{- end }}
{{- range .Values.celery.extraVolumes }}
- name: userconfig-{{ .name }}
{{ .type }}:
{{- if (eq .type "configMap") }}
name: {{ .name }}
{{- else if (eq .type "secret") }}
secretName: {{ .name }}
{{- else if (eq .type "hostPath") }}
type: {{ .pathType | default "Directory" }}
path: {{ .hostPath }}
{{- end }}
{{- with .Values.celery.beat.extraVolumes }}
{{- . | toYaml | nindent 6 }}
{{- end }}
{{- if or .Values.dbMigrationChecker.enabled .Values.cloudsql.enabled }}
{{- if coalesce .Values.dbMigrationChecker.enabled .Values.cloudsql.enabled .Values.celery.worker.extraInitContainers }}
initContainers:
{{- range .Values.celery.worker.extraInitContainers }}
- {{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.cloudsql.enabled }}
- name: cloudsql-proxy
Expand Down Expand Up @@ -111,13 +103,22 @@ spec:
- name: celery
image: "{{ template "celery.repository" . }}:{{ .Values.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- with .Values.celery.worker.livenessProbe }}
livenessProbe: {{ toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.celery.worker.readinessProbe }}
readinessProbe: {{ toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.celery.worker.startupProbe }}
startupProbe: {{ toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- toYaml .Values.securityContext.djangoSecurityContext | nindent 10 }}
{{- end }}
command: ['/entrypoint-celery-worker.sh']
volumeMounts:
{{- if .Values.localsettingspy }}
{{- if .Values.localsettingspy }}
- name: localsettingspy
readOnly: true
mountPath: /app/dojo/settings/local_settings.py
Expand All @@ -127,11 +128,8 @@ spec:
- name: cert-mount
mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}
{{- end }}
{{- range .Values.celery.extraVolumes }}
- name: userconfig-{{ .name }}
readOnly: true
mountPath: {{ .path }}
subPath: {{ .subPath }}
{{- with .Values.celery.worker.extraVolumeMounts }}
{{- . | toYaml | nindent 8 }}
{{- end }}
envFrom:
- configMapRef:
Expand All @@ -157,8 +155,12 @@ spec:
secretKeyRef:
name: {{ $fullName }}
key: DD_SECRET_KEY
optional: true
{{- with .Values.extraEnv }}
{{- toYaml . | nindent 8 }}
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- with .Values.celery.worker.extraEnv }}
{{- . | toYaml | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.celery.worker.resources | nindent 10 }}
Expand Down
7 changes: 4 additions & 3 deletions helm/defectdojo/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ data:
DD_CELERY_BROKER_USER: ''
DD_CELERY_BROKER_HOST: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.hostname" . }}{{ end }}
DD_CELERY_BROKER_PORT: '{{ if eq .Values.celery.broker "redis" }}{{- if ( hasKey .Values.redis "master" ) -}}{{ .Values.redis.master.service.ports.redis }}{{ else }}6379{{ end }}{{- end -}}'
DD_CELERY_BROKER_PARAMS: '{{ if eq .Values.celery.broker "redis" }}{{- if .Values.redis.transportEncryption.enabled -}}{{ .Values.redis.transportEncryption.params | default "ssl_cert_reqs=optional" }}{{ end }}{{ end }}'
DD_CELERY_BROKER_PARAMS: '{{ if eq .Values.celery.broker "redis" }}{{- if .Values.redis.tls.enabled -}}{{ .Values.celery.brokerParams | default "ssl_cert_reqs=optional" }}{{ end }}{{ end }}'
DD_CELERY_BROKER_PATH: '{{ .Values.celery.path | default "//" }}'
DD_CELERY_LOG_LEVEL: {{ .Values.celery.logLevel }}
DD_CELERY_WORKER_POOL_TYPE: {{ .Values.celery.worker.appSettings.poolType | default "solo" }}
Expand All @@ -54,5 +54,6 @@ data:
{{- if .Values.django.uwsgi.certificates.enabled }}
REQUESTS_CA_BUNDLE: {{ .Values.django.uwsgi.certificates.certMountPath }}{{ .Values.django.uwsgi.certificates.certFileName }}
{{- end }}
{{- with .Values.extraConfigs }}
{{- toYaml . | nindent 2 }}{{- end }}
{{- with .Values.extraConfigs }}
{{- toYaml . | nindent 2 }}
{{- end }}
Loading
Loading