From cc5a37f841c56027552f49f27aa0a7e097598a0e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:38:15 -0600 Subject: [PATCH] feat(helm): Use Valkey Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> --- .github/workflows/k8s-tests.yml | 4 +- helm/defectdojo/Chart.lock | 10 +- helm/defectdojo/Chart.yaml | 12 +- helm/defectdojo/README.md | 42 +++---- helm/defectdojo/README.md.gotmpl | 29 +++-- helm/defectdojo/templates/_helpers.tpl | 12 +- .../templates/celery-beat-deployment.yaml | 6 +- .../templates/celery-worker-deployment.yaml | 6 +- helm/defectdojo/templates/configmap.yaml | 8 +- .../templates/django-deployment.yaml | 6 +- .../{secret-redis.yaml => secret-valkey.yaml} | 15 ++- .../templates/tests/unit-tests.yaml | 6 +- helm/defectdojo/values.schema.json | 103 ++++++++++-------- helm/defectdojo/values.yaml | 25 ++--- 14 files changed, 142 insertions(+), 142 deletions(-) rename helm/defectdojo/templates/{secret-redis.yaml => secret-valkey.yaml} (58%) diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index 237c27e4dc5..2801ea95a2e 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -73,8 +73,8 @@ jobs: --set images.nginx.image.tag=latest \ --set imagePullPolicy=Never \ --set initializer.keepSeconds="-1" \ - --set redis.enabled=true \ - --set createRedisSecret=true \ + --set valkey.enabled=true \ + --set createValkeySecret=true \ --set postgresql.enabled=true \ --set createPostgresqlSecret=true \ --set createSecret=true diff --git a/helm/defectdojo/Chart.lock b/helm/defectdojo/Chart.lock index 53a5c180867..e4dadf96786 100644 --- a/helm/defectdojo/Chart.lock +++ b/helm/defectdojo/Chart.lock @@ -2,8 +2,8 @@ dependencies: - name: postgresql repository: oci://us-docker.pkg.dev/os-public-container-registry/defectdojo version: 16.7.27 -- name: redis - repository: oci://us-docker.pkg.dev/os-public-container-registry/defectdojo - version: 19.6.4 -digest: sha256:b22ad615baaa104a188c735f74ddddaec83b698315bb82f722679f762be64b50 -generated: "2025-08-27T11:22:22.13669-05:00" +- name: valkey + repository: oci://registry-1.docker.io/cloudpirates + version: 0.9.2 +digest: sha256:9e9234390f5cb295e3bbf0dbe2a0a6475a13ce8cf4b5c5458bc733205afefe95 +generated: "2025-11-04T19:07:03.952089+01:00" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index f38e5988843..14d16f4b717 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -13,10 +13,10 @@ dependencies: version: ~16.7.0 repository: "oci://us-docker.pkg.dev/os-public-container-registry/defectdojo" condition: postgresql.enabled - - name: redis - version: ~19.6.4 - repository: "oci://us-docker.pkg.dev/os-public-container-registry/defectdojo" - condition: redis.enabled + - name: valkey + version: ~0.9.2 + repository: "oci://registry-1.docker.io/cloudpirates" + condition: valkey.enabled # For correct syntax, check https://artifacthub.io/docs/topics/annotations/helm/ # This is example for "artifacthub.io/changes" # artifacthub.io/changes: | @@ -34,4 +34,6 @@ dependencies: # description: Critical bug annotations: artifacthub.io/prerelease: "true" - artifacthub.io/changes: "" + artifacthub.io/changes: | + - kind: changed + description: Replace Redis with Valkey diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 7fd44828e41..3d06bb5cf9b 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -94,7 +94,7 @@ helm install \ --set django.ingress.enabled=${DJANGO_INGRESS_ENABLED} \ --set django.ingress.activateTLS=${DJANGO_INGRESS_ACTIVATE_TLS} \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true ``` @@ -280,10 +280,10 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.ingress.secretName="minikube-tls" \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true -# For high availability deploy multiple instances of Django, Celery and Redis +# For high availability deploy multiple instances of Django, Celery and Valkey helm install \ defectdojo \ ./helm/defectdojo \ @@ -292,9 +292,10 @@ helm install \ --set django.ingress.secretName="minikube-tls" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Run highly available PostgreSQL cluster @@ -306,13 +307,14 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set django.ingress.secretName="minikube-tls" \ --set postgresql.enabled=true \ --set postgresql.replication.enabled=true \ --set postgresql.replication.slaveReplicas=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Note: If you run `helm install defectdojo before, you will get an error @@ -359,16 +361,13 @@ You will still need to set a host value as well. If you want to use a redis-sentinel setup as the Celery broker, you will need to set the following. -1. Set redis.scheme to "sentinel" in values.yaml +1. Set valkey.scheme to "sentinel" in values.yaml 2. Set two additional extraEnv vars specifying the sentinel master name and port in values.yaml ```yaml -celery: - broker: 'redis' - -redis: - redisServer: 'PutYourRedisSentinelAddress' +valkey: scheme: 'sentinel' +redisServer: 'PutYourRedisSentinelAddress' extraEnv: - name: DD_CELERY_BROKER_TRANSPORT_OPTIONS @@ -451,10 +450,10 @@ extraEnv: #### Step 4: Deploy DefectDojo -After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Redis: +After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Valkey: ```bash -helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createRedisSecret=true +helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createValkeySecret=true ``` **NOTE**: It is important to highlight that this setup can also be utilized for achieving high availability (HA) in PostgreSQL. By placing a load balancer in front of the PostgreSQL cluster, read and write requests can be efficiently routed to the appropriate primary or standby servers as needed. @@ -509,8 +508,8 @@ A Helm chart for Kubernetes to install DefectDojo | Repository | Name | Version | |------------|------|---------| +| oci://registry-1.docker.io/cloudpirates | valkey | ~0.9.2 | | oci://us-docker.pkg.dev/os-public-container-registry/defectdojo | postgresql | ~16.7.0 | -| oci://us-docker.pkg.dev/os-public-container-registry/defectdojo | redis | ~19.6.4 | ## Values @@ -547,7 +546,6 @@ A Helm chart for Kubernetes to install DefectDojo | celery.beat.resources.requests.memory | string | `"128Mi"` | | | celery.beat.startupProbe | object | `{}` | Enable startup probe for Celery beat container. | | celery.beat.tolerations | list | `[]` | | -| celery.broker | string | `"redis"` | | | celery.logLevel | string | `"INFO"` | | | celery.worker.affinity | object | `{}` | | | celery.worker.annotations | object | `{}` | Annotations for the Celery worker deployment. | @@ -583,8 +581,9 @@ A Helm chart for Kubernetes to install DefectDojo | cloudsql.use_private_ip | bool | `false` | whether to use a private IP to connect to the database | | cloudsql.verbose | bool | `true` | By default, the proxy has verbose logging. Set this to false to make it less verbose | | createPostgresqlSecret | bool | `false` | create postgresql secret in defectdojo chart, outside of postgresql chart | -| createRedisSecret | bool | `false` | create redis secret in defectdojo chart, outside of redis chart | +| createRedisSecret | bool | `false` | this value is deprecated and will be removed in the future | | createSecret | bool | `false` | create defectdojo specific secret | +| createValkeySecret | bool | `false` | create valkey secret in defectdojo chart, outside of valkey chart | | dbMigrationChecker.containerSecurityContext | object | `{}` | Container security context for the DB migration checker. | | dbMigrationChecker.enabled | bool | `true` | Enable/disable the DB migration checker. | | dbMigrationChecker.extraEnv | list | `[]` | Additional environment variables for DB migration checker. | @@ -727,9 +726,6 @@ A Helm chart for Kubernetes to install DefectDojo | postgresql.primary.podSecurityContext.enabled | bool | `true` | Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC | | postgresql.primary.podSecurityContext.fsGroup | int | `1001` | fsGroup specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. | | postgresql.volumePermissions.containerSecurityContext | object | `{"runAsUser":1001}` | if using restricted SCC set runAsUser: "auto" and if running under anyuid SCC - runAsUser needs to match the line above | -| redis | object | `{"architecture":"standalone","auth":{"existingSecret":"defectdojo-redis-specific","existingSecretPasswordKey":"redis-password","password":""},"enabled":true,"sentinel":{"enabled":false},"tls":{"enabled":false}}` | For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/redis | -| redis.enabled | bool | `true` | To use an external instance, switch enabled to `false`` and set the address in `redisServer` below | -| redis.tls.enabled | bool | `false` | If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret. | | redisParams | string | `""` | Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redis.tls.enabled` | | redisServer | string | `nil` | To use an external Redis instance, set `redis.enabled` to false and set the address here: | | revisionHistoryLimit | int | `10` | Allow overriding of revisionHistoryLimit across all deployments. | @@ -747,6 +743,10 @@ A Helm chart for Kubernetes to install DefectDojo | tests.unitTests.resources.requests.cpu | string | `"100m"` | | | tests.unitTests.resources.requests.memory | string | `"128Mi"` | | | trackConfig | string | `"disabled"` | Track configuration (trackConfig): will automatically respin application pods in case of config changes detection can be: 1. disabled (default) 2. enabled, enables tracking configuration changes based on SHA256 | +| valkey | object | `{"auth":{"existingSecret":"defectdojo-valkey-specific","existingSecretPasswordKey":"valkey-password","password":""},"enabled":true,"sentinel":{"enabled":false},"service":{"port":6379},"tls":{"enabled":false}}` | For more advance options check the bitnami chart documentation: https://artifacthub.io/packages/helm/cloudpirates-valkey/valkey | +| valkey.enabled | bool | `true` | To use an external instance, switch enabled to `false` and set the address in `redisServer` below | +| valkey.service | object | `{"port":6379}` | To use a different port for Redis (default: 6379) | +| valkey.tls.enabled | bool | `false` | If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret. | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helm/defectdojo/README.md.gotmpl b/helm/defectdojo/README.md.gotmpl index e4ab067a647..8bc538e756f 100644 --- a/helm/defectdojo/README.md.gotmpl +++ b/helm/defectdojo/README.md.gotmpl @@ -94,7 +94,7 @@ helm install \ --set django.ingress.enabled=${DJANGO_INGRESS_ENABLED} \ --set django.ingress.activateTLS=${DJANGO_INGRESS_ACTIVATE_TLS} \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true ``` @@ -280,10 +280,10 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.ingress.secretName="minikube-tls" \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true -# For high availability deploy multiple instances of Django, Celery and Redis +# For high availability deploy multiple instances of Django, Celery and Valkey helm install \ defectdojo \ ./helm/defectdojo \ @@ -292,9 +292,10 @@ helm install \ --set django.ingress.secretName="minikube-tls" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Run highly available PostgreSQL cluster @@ -306,13 +307,14 @@ helm install \ --set host="defectdojo.${TLS_CERT_DOMAIN}" \ --set django.replicas=3 \ --set celery.worker.replicas=3 \ - --set redis.replicas=3 \ + --set valkey.architecture=replication \ + --set valkey.replicaCount=3 \ --set django.ingress.secretName="minikube-tls" \ --set postgresql.enabled=true \ --set postgresql.replication.enabled=true \ --set postgresql.replication.slaveReplicas=3 \ --set createSecret=true \ - --set createRedisSecret=true \ + --set createValkeySecret=true \ --set createPostgresqlSecret=true # Note: If you run `helm install defectdojo before, you will get an error @@ -359,16 +361,13 @@ You will still need to set a host value as well. If you want to use a redis-sentinel setup as the Celery broker, you will need to set the following. -1. Set redis.scheme to "sentinel" in values.yaml +1. Set valkey.scheme to "sentinel" in values.yaml 2. Set two additional extraEnv vars specifying the sentinel master name and port in values.yaml ```yaml -celery: - broker: 'redis' - -redis: - redisServer: 'PutYourRedisSentinelAddress' +valkey: scheme: 'sentinel' +redisServer: 'PutYourRedisSentinelAddress' extraEnv: - name: DD_CELERY_BROKER_TRANSPORT_OPTIONS @@ -451,10 +450,10 @@ extraEnv: #### Step 4: Deploy DefectDojo -After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Redis: +After modifying the `values.yaml` file as needed, deploy DefectDojo using Helm. This command also generates the required secrets for the DefectDojo admin UI and Valkey: ```bash -helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createRedisSecret=true +helm install defectdojo defectdojo -f values.yaml -n defectdojo --set createSecret=true --set createValkeySecret=true ``` diff --git a/helm/defectdojo/templates/_helpers.tpl b/helm/defectdojo/templates/_helpers.tpl index b6243d6ac19..0395afb3e26 100644 --- a/helm/defectdojo/templates/_helpers.tpl +++ b/helm/defectdojo/templates/_helpers.tpl @@ -58,29 +58,25 @@ {{- end -}} {{- define "redis.hostname" -}} -{{- if eq .Values.celery.broker "redis" -}} -{{- if .Values.redis.enabled -}} -{{- printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" -}} +{{- if .Values.valkey.enabled -}} +{{- printf "%s-%s" .Release.Name "valkey" | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- .Values.redisServer | default "127.0.0.1" | quote -}} {{- end -}} {{- end -}} -{{- end -}} {{- /* Determine the protocol to use for Redis. */}} {{- define "redis.scheme" -}} -{{- if eq .Values.celery.broker "redis" -}} -{{- if .Values.redis.tls.enabled -}} +{{- if .Values.valkey.tls.enabled -}} {{- printf "rediss" -}} -{{- else if .Values.redis.sentinel.enabled -}} +{{- else if .Values.valkey.sentinel.enabled -}} {{- printf "sentinel" -}} {{- else -}} {{- printf "redis" -}} {{- end -}} {{- end -}} -{{- end -}} {{- /* Builds the repository names for use with local or private registries diff --git a/helm/defectdojo/templates/celery-beat-deployment.yaml b/helm/defectdojo/templates/celery-beat-deployment.yaml index b1832f71e29..be3c5e84ef0 100644 --- a/helm/defectdojo/templates/celery-beat-deployment.yaml +++ b/helm/defectdojo/templates/celery-beat-deployment.yaml @@ -144,10 +144,8 @@ spec: - name: DD_CELERY_BROKER_PASSWORD valueFrom: secretKeyRef: - {{- if eq .Values.celery.broker "redis" }} - name: {{ .Values.redis.auth.existingSecret | default "defectdojo-redis-specific" }} - key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }} - {{- end }} + name: {{ .Values.valkey.auth.existingSecret | default "defectdojo-valkey-specific" }} + key: {{ .Values.valkey.auth.existingSecretPasswordKey | default "valkey-password" }} - name: DD_DATABASE_PASSWORD valueFrom: secretKeyRef: diff --git a/helm/defectdojo/templates/celery-worker-deployment.yaml b/helm/defectdojo/templates/celery-worker-deployment.yaml index 14ddcf79f4b..28798cbc625 100644 --- a/helm/defectdojo/templates/celery-worker-deployment.yaml +++ b/helm/defectdojo/templates/celery-worker-deployment.yaml @@ -139,10 +139,8 @@ spec: - name: DD_CELERY_BROKER_PASSWORD valueFrom: secretKeyRef: - {{- if eq .Values.celery.broker "redis" }} - name: {{ .Values.redis.auth.existingSecret| default "defectdojo-redis-specific" }} - key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }} - {{- end }} + name: {{ .Values.valkey.auth.existingSecret| default "defectdojo-valkey-specific" }} + key: {{ .Values.valkey.auth.existingSecretPasswordKey | default "valkey-password" }} - name: DD_DATABASE_PASSWORD valueFrom: secretKeyRef: diff --git a/helm/defectdojo/templates/configmap.yaml b/helm/defectdojo/templates/configmap.yaml index d25926c2c3f..a80918c0506 100644 --- a/helm/defectdojo/templates/configmap.yaml +++ b/helm/defectdojo/templates/configmap.yaml @@ -1,5 +1,5 @@ {{- $fullName := include "defectdojo.fullname" . -}} -{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" .Values.redis.tls.enabled -}} +{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" .Values.valkey.tls.enabled -}} apiVersion: v1 kind: ConfigMap metadata: @@ -26,10 +26,10 @@ data: DD_ADMIN_LAST_NAME: {{ .Values.admin.LastName | default "User" }} DD_ALLOWED_HOSTS: {{ include "django.allowed_hosts" . }} DD_SITE_URL: {{ .Values.siteUrl | default "http://localhost:8080" }} - DD_CELERY_BROKER_SCHEME: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.scheme" . }}{{ end }} + DD_CELERY_BROKER_SCHEME: {{ template "redis.scheme" . }} DD_CELERY_BROKER_USER: '' - DD_CELERY_BROKER_HOST: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.hostname" . }}{{ end }} - DD_CELERY_BROKER_PORT: '{{ if eq .Values.celery.broker "redis" }}{{- if ( hasKey .Values.redis "master" ) -}}{{ .Values.redis.master.service.ports.redis }}{{ else }}6379{{ end }}{{- end -}}' + DD_CELERY_BROKER_HOST: {{ template "redis.hostname" . }} + DD_CELERY_BROKER_PORT: '{{ .Values.valkey.service.port }}' DD_CELERY_BROKER_PARAMS: '{{ .Values.redisParams | default $defaultBrokerParams }}' DD_CELERY_BROKER_PATH: '{{ .Values.celery.path | default "//" }}' DD_CELERY_LOG_LEVEL: {{ .Values.celery.logLevel }} diff --git a/helm/defectdojo/templates/django-deployment.yaml b/helm/defectdojo/templates/django-deployment.yaml index b4eee529383..f60f69bfe76 100644 --- a/helm/defectdojo/templates/django-deployment.yaml +++ b/helm/defectdojo/templates/django-deployment.yaml @@ -199,10 +199,8 @@ spec: - name: DD_CELERY_BROKER_PASSWORD valueFrom: secretKeyRef: - {{- if eq .Values.celery.broker "redis" }} - name: {{ .Values.redis.auth.existingSecret | default "defectdojo-redis-specific" }} - key: {{ .Values.redis.auth.existingSecretPasswordKey | default "redis-password" }} - {{- end }} + name: {{ .Values.valkey.auth.existingSecret | default "defectdojo-valkey-specific" }} + key: {{ .Values.valkey.auth.existingSecretPasswordKey | default "valkey-password" }} {{- if .Values.django.uwsgi.enableDebug }} - name: DD_DEBUG value: 'True' diff --git a/helm/defectdojo/templates/secret-redis.yaml b/helm/defectdojo/templates/secret-valkey.yaml similarity index 58% rename from helm/defectdojo/templates/secret-redis.yaml rename to helm/defectdojo/templates/secret-valkey.yaml index b2a5a3a84c2..f9518d7d63f 100644 --- a/helm/defectdojo/templates/secret-redis.yaml +++ b/helm/defectdojo/templates/secret-valkey.yaml @@ -1,4 +1,4 @@ -{{- if .Values.createRedisSecret -}} +{{- if .Values.createValkeySecret -}} apiVersion: v1 kind: Secret metadata: @@ -19,13 +19,18 @@ metadata: {{- range $key, $value := .Values.extraLabels }} {{ $key }}: {{ quote $value }} {{- end }} - name: {{ .Values.redis.auth.existingSecret }} + name: {{ .Values.valkey.auth.existingSecret }} namespace: {{ .Release.Namespace }} type: Opaque data: -{{- if .Values.redis.auth.password }} - {{ .Values.redis.auth.existingSecretPasswordKey }}: {{ .Values.redis.auth.password | b64enc | quote }} +{{- if .Values.valkey.auth.password }} + {{ .Values.valkey.auth.existingSecretPasswordKey }}: {{ .Values.valkey.auth.password | b64enc | quote }} {{- else }} - {{ .Values.redis.auth.existingSecretPasswordKey }}: {{ randAlphaNum 10 | b64enc | quote }} + {{ .Values.valkey.auth.existingSecretPasswordKey }}: {{ randAlphaNum 10 | b64enc | quote }} +{{- end }} {{- end }} + +--- +{{- if .Values.createRedisSecret -}} +{{- fail "Error: 'createRedisSecret' value is not supported anymore. Because of license reason, DefectDojo migrated to Valkey. Use 'createValkeySecret' instead. To be sure that you Redis is migrated to Valkey correctly, please follow release notes." }} {{- end }} diff --git a/helm/defectdojo/templates/tests/unit-tests.yaml b/helm/defectdojo/templates/tests/unit-tests.yaml index 01fa4cf1041..efa6b2c39c3 100644 --- a/helm/defectdojo/templates/tests/unit-tests.yaml +++ b/helm/defectdojo/templates/tests/unit-tests.yaml @@ -36,10 +36,8 @@ spec: valueFrom: secretKeyRef: # Use broker chart secret - # name: {{ $fullName }}-{{ .Values.celery.broker }} - # Use secret handled outside of the chart - name: defectdojo-{{ .Values.celery.broker }}-specific - key: {{ .Values.celery.broker }}-password + name: defectdojo-valkey-specific + key: valkey-password - name: DD_DATABASE_PASSWORD valueFrom: secretKeyRef: diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index 76b1411877d..772ed9aefa5 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -153,9 +153,6 @@ } } }, - "broker": { - "type": "string" - }, "logLevel": { "type": "string" }, @@ -341,13 +338,17 @@ "type": "boolean" }, "createRedisSecret": { - "description": "create redis secret in defectdojo chart, outside of redis chart", + "description": "this value is deprecated and will be removed in the future", "type": "boolean" }, "createSecret": { "description": "create defectdojo specific secret", "type": "boolean" }, + "createValkeySecret": { + "description": "create valkey secret in defectdojo chart, outside of valkey chart", + "type": "boolean" + }, "dbMigrationChecker": { "type": "object", "properties": { @@ -1237,50 +1238,6 @@ } } }, - "redis": { - "description": "For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/redis", - "type": "object", - "properties": { - "architecture": { - "type": "string" - }, - "auth": { - "type": "object", - "properties": { - "existingSecret": { - "type": "string" - }, - "existingSecretPasswordKey": { - "type": "string" - }, - "password": { - "type": "string" - } - } - }, - "enabled": { - "description": "To use an external instance, switch enabled to `false`` and set the address in `redisServer` below", - "type": "boolean" - }, - "sentinel": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tls": { - "type": "object", - "properties": { - "enabled": { - "description": "If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret.", - "type": "boolean" - } - } - } - } - }, "redisParams": { "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `redis.tls.enabled`", "type": "string" @@ -1416,6 +1373,56 @@ "trackConfig": { "description": "Track configuration (trackConfig): will automatically respin application pods in case of config changes detection can be: 1. disabled (default) 2. enabled, enables tracking configuration changes based on SHA256", "type": "string" + }, + "valkey": { + "description": "For more advance options check the bitnami chart documentation: https://artifacthub.io/packages/helm/cloudpirates-valkey/valkey", + "type": "object", + "properties": { + "auth": { + "type": "object", + "properties": { + "existingSecret": { + "type": "string" + }, + "existingSecretPasswordKey": { + "type": "string" + }, + "password": { + "type": "string" + } + } + }, + "enabled": { + "description": "To use an external instance, switch enabled to `false` and set the address in `redisServer` below", + "type": "boolean" + }, + "sentinel": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "service": { + "description": "To use a different port for Redis (default: 6379)", + "type": "object", + "properties": { + "port": { + "type": "integer" + } + } + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "description": "If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret.", + "type": "boolean" + } + } + } + } } } } diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index cd850ace3c1..dc319ae515e 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -9,7 +9,9 @@ securityContext: # -- create defectdojo specific secret createSecret: false -# -- create redis secret in defectdojo chart, outside of redis chart +# -- create valkey secret in defectdojo chart, outside of valkey chart +createValkeySecret: false +# -- this value is deprecated and will be removed in the future createRedisSecret: false # -- create postgresql secret in defectdojo chart, outside of postgresql chart createPostgresqlSecret: false @@ -210,7 +212,6 @@ secrets: # Components celery: - broker: redis logLevel: INFO # -- Common annotations to worker and beat deployments and pods. annotations: {} @@ -602,23 +603,21 @@ gke: # Only works with serviceAccount.create = true workloadIdentityEmail: "" -# -- For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/redis -redis: - # -- To use an external instance, switch enabled to `false`` and set the address in `redisServer` below +# -- For more advance options check the bitnami chart documentation: https://artifacthub.io/packages/helm/cloudpirates-valkey/valkey +valkey: + # -- To use an external instance, switch enabled to `false` and set the address in `redisServer` below enabled: true auth: - existingSecret: defectdojo-redis-specific - existingSecretPasswordKey: redis-password + existingSecret: defectdojo-valkey-specific + existingSecretPasswordKey: valkey-password password: "" - architecture: standalone - # To use a different port for Redis (default: 6379) add a port number and uncomment the lines below: - # master: - # service: - # ports: - # redis: xxxx + # -- To use a different port for Redis (default: 6379) + service: + port: 6379 # Sentinel configuration parameters sentinel: enabled: false + # TODO: CloudPirates do not support TLS right now. Let's see https://github.com/CloudPirates-io/helm-charts/issues/552 tls: # -- If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates # from an existing secret.