From feeec150a3e7eb61de24a91cebce2247a08c3574 Mon Sep 17 00:00:00 2001 From: Carlos Date: Thu, 23 Oct 2025 15:21:20 +0200 Subject: [PATCH 1/6] feat(helm): add HPA and PDB support for Django and Celery Beat - Add PodDisruptionBudget for Django pods - Add HorizontalPodAutoscaler for Django pods - Add PodDisruptionBudget for Celery Beat pods - Add HorizontalPodAutoscaler for Celery Beat pods - All resources default to disabled (enabled: false) - Configurable via values.yaml Fixes #13391 --- docs/content/en/open_source/upgrading/2.52.md | 4 + helm/defectdojo/README.md | 6 + .../defectdojo/templates/celery-beat-hpa.yaml | 51 ++++++++ .../defectdojo/templates/celery-beat-pdb.yaml | 31 +++++ .../templates/celery-worker-hpa.yaml | 51 ++++++++ .../templates/celery-worker-pdb.yaml | 31 +++++ helm/defectdojo/templates/django-hpa.yaml | 53 ++++++++ helm/defectdojo/templates/django-pdb.yaml | 32 +++++ helm/defectdojo/values.schema.json | 117 ++++++++++++++++++ helm/defectdojo/values.yaml | 39 ++++++ 10 files changed, 415 insertions(+) create mode 100644 helm/defectdojo/templates/celery-beat-hpa.yaml create mode 100644 helm/defectdojo/templates/celery-beat-pdb.yaml create mode 100644 helm/defectdojo/templates/celery-worker-hpa.yaml create mode 100644 helm/defectdojo/templates/celery-worker-pdb.yaml create mode 100644 helm/defectdojo/templates/django-hpa.yaml create mode 100644 helm/defectdojo/templates/django-pdb.yaml diff --git a/docs/content/en/open_source/upgrading/2.52.md b/docs/content/en/open_source/upgrading/2.52.md index c9f6b38418f..8da8166785d 100644 --- a/docs/content/en/open_source/upgrading/2.52.md +++ b/docs/content/en/open_source/upgrading/2.52.md @@ -32,6 +32,10 @@ Additionally, each deployment can specify its own pod and container security con Now each container can specify the resource requests and limits. +#### New values + +Added Helm chart support for Celery and Django deployments for Horizontal Pod Autoscaler using `.autoscaling` fields under each section. And Pod Disruption Budget using `.podDisruptionBudget` for any of Celery Beat/Worker or Django deployments. + #### Moved values The following Helm chart values have been modified in this release: diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index b6ac3127dd1..d7db4763962 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -529,6 +529,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.beat.affinity | object | `{}` | | | celery.beat.annotations | object | `{}` | Annotations for the Celery beat deployment. | | celery.beat.automountServiceAccountToken | bool | `false` | | +| celery.beat.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery beat deployment. | | celery.beat.containerSecurityContext | object | `{}` | Container security context for the Celery beat containers. | | celery.beat.extraEnv | list | `[]` | Additional environment variables injected to Celery beat containers. | | celery.beat.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery beat containers. | @@ -538,6 +539,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.beat.livenessProbe | object | `{}` | Enable liveness probe for Celery beat container. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` | | celery.beat.nodeSelector | object | `{}` | | | celery.beat.podAnnotations | object | `{}` | Annotations for the Celery beat pods. | +| celery.beat.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget | | celery.beat.podSecurityContext | object | `{}` | Pod security context for the Celery beat pods. | | celery.beat.readinessProbe | object | `{}` | Enable readiness probe for Celery beat container. | | celery.beat.replicas | int | `1` | | @@ -553,6 +555,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.annotations | object | `{}` | Annotations for the Celery worker deployment. | | celery.worker.appSettings.poolType | string | `"solo"` | Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) poolType: prefork autoscaleMin: 2 autoscaleMax: 8 concurrency: 8 prefetchMultiplier: 128 | | celery.worker.automountServiceAccountToken | bool | `false` | | +| celery.worker.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery worker deployment. | | celery.worker.containerSecurityContext | object | `{}` | Container security context for the Celery worker containers. | | celery.worker.extraEnv | list | `[]` | Additional environment variables injected to Celery worker containers. | | celery.worker.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery worker containers. | @@ -562,6 +565,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.livenessProbe | object | `{}` | Enable liveness probe for Celery worker containers. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` | | celery.worker.nodeSelector | object | `{}` | | | celery.worker.podAnnotations | object | `{}` | Annotations for the Celery beat pods. | +| celery.worker.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget | | celery.worker.podSecurityContext | object | `{}` | Pod security context for the Celery worker pods. | | celery.worker.readinessProbe | object | `{}` | Enable readiness probe for Celery worker container. | | celery.worker.replicas | int | `1` | | @@ -595,6 +599,7 @@ A Helm chart for Kubernetes to install DefectDojo | django.affinity | object | `{}` | | | django.annotations | object | `{}` | | | django.automountServiceAccountToken | bool | `false` | | +| django.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for the Django deployment. | | django.extraEnv | list | `[]` | Additional environment variables injected to all Django containers and initContainers. | | django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. | | django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. | @@ -622,6 +627,7 @@ A Helm chart for Kubernetes to install DefectDojo | django.nginx.tls.enabled | bool | `false` | | | django.nginx.tls.generateCertificate | bool | `false` | | | django.nodeSelector | object | `{}` | | +| django.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget | | django.podSecurityContext | object | `{"fsGroup":1001}` | Pod security context for the Django pods. | | django.replicas | int | `1` | | | django.service.annotations | object | `{}` | | diff --git a/helm/defectdojo/templates/celery-beat-hpa.yaml b/helm/defectdojo/templates/celery-beat-hpa.yaml new file mode 100644 index 00000000000..aff7dcdd07c --- /dev/null +++ b/helm/defectdojo/templates/celery-beat-hpa.yaml @@ -0,0 +1,51 @@ +{{- if .Values.celery.beat.autoscaling.enabled -}} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + name: {{ $fullName }}-celery-beat + namespace: {{ .Release.Namespace }} + labels: + defectdojo.org/component: celery + defectdojo.org/subcomponent: beat + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: "Deployment" + name: {{ $fullName }}-celery-beat + minReplicas: {{ .Values.celery.beat.autoscaling.minReplicas }} + maxReplicas: {{ .Values.celery.beat.autoscaling.maxReplicas }} + metrics: + {{- with .Values.celery.beat.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.celery.beat.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- if .Values.celery.beat.autoscaling.autoscaleBehavior }} + behavior: {{ toYaml .Values.celery.beat.autoscaling.autoscaleBehavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/defectdojo/templates/celery-beat-pdb.yaml b/helm/defectdojo/templates/celery-beat-pdb.yaml new file mode 100644 index 00000000000..714ca571bc2 --- /dev/null +++ b/helm/defectdojo/templates/celery-beat-pdb.yaml @@ -0,0 +1,31 @@ +{{- if .Values.celery.beat.podDisruptionBudget.enabled }} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + labels: + defectdojo.org/component: celery + defectdojo.org/subcomponent: beat + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} + name: {{ $fullName }}-celery-beat + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Release.Name }} + defectdojo.org/component: celery + defectdojo.org/subcomponent: beat +{{ toYaml (omit .Values.celery.beat.podDisruptionBudget "enabled" ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/helm/defectdojo/templates/celery-worker-hpa.yaml b/helm/defectdojo/templates/celery-worker-hpa.yaml new file mode 100644 index 00000000000..df55c829356 --- /dev/null +++ b/helm/defectdojo/templates/celery-worker-hpa.yaml @@ -0,0 +1,51 @@ +{{- if .Values.celery.worker.autoscaling.enabled -}} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + name: {{ $fullName }}-celery-worker + namespace: {{ .Release.Namespace }} + labels: + defectdojo.org/component: celery + defectdojo.org/subcomponent: worker + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: "Deployment" + name: {{ $fullName }}-celery-worker + minReplicas: {{ .Values.celery.worker.autoscaling.minReplicas }} + maxReplicas: {{ .Values.celery.worker.autoscaling.maxReplicas }} + metrics: + {{- with .Values.celery.worker.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.celery.worker.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- if .Values.celery.worker.autoscaling.autoscaleBehavior }} + behavior: {{ toYaml .Values.celery.worker.autoscaling.autoscaleBehavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/defectdojo/templates/celery-worker-pdb.yaml b/helm/defectdojo/templates/celery-worker-pdb.yaml new file mode 100644 index 00000000000..f40c1909995 --- /dev/null +++ b/helm/defectdojo/templates/celery-worker-pdb.yaml @@ -0,0 +1,31 @@ +{{- if .Values.celery.worker.podDisruptionBudget.enabled }} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + labels: + defectdojo.org/component: celery + defectdojo.org/subcomponent: worker + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} + name: {{ $fullName }}-celery-worker + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Release.Name }} + defectdojo.org/component: celery + defectdojo.org/subcomponent: worker +{{ toYaml (omit .Values.celery.worker.podDisruptionBudget "enabled" ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/helm/defectdojo/templates/django-hpa.yaml b/helm/defectdojo/templates/django-hpa.yaml new file mode 100644 index 00000000000..c1385bce2da --- /dev/null +++ b/helm/defectdojo/templates/django-hpa.yaml @@ -0,0 +1,53 @@ +{{- if .Values.django.autoscaling.enabled -}} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + {{- if or .Values.extraAnnotations .Values.django.autoscaling.annotations }} + annotations: + {{- range $key, $value := .Values.extraAnnotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- range $key, $value := .Values.django.annotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + name: {{ $fullName }}-django + namespace: {{ .Release.Namespace }} + labels: + defectdojo.org/component: django + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: "Deployment" + name: {{ $fullName }}-django + minReplicas: {{ .Values.django.autoscaling.minReplicas }} + maxReplicas: {{ .Values.django.autoscaling.maxReplicas }} + metrics: + {{- with .Values.django.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.django.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- if .Values.django.autoscaling.autoscaleBehavior }} + behavior: {{ toYaml .Values.django.autoscaling.autoscaleBehavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/defectdojo/templates/django-pdb.yaml b/helm/defectdojo/templates/django-pdb.yaml new file mode 100644 index 00000000000..bd66c90cb95 --- /dev/null +++ b/helm/defectdojo/templates/django-pdb.yaml @@ -0,0 +1,32 @@ +{{- if .Values.django.podDisruptionBudget.enabled }} +{{- $fullName := include "defectdojo.fullname" . -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + {{- if or .Values.extraAnnotations .Values.django.podDisruptionBudget.annotations }} + annotations: + {{- range $key, $value := .Values.extraAnnotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- range $key, $value := .Values.django.annotations }} + {{ $key }}: {{ quote $value }} + {{- end }} + {{- end }} + labels: + defectdojo.org/component: django + app.kubernetes.io/name: {{ include "defectdojo.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- range $key, $value := .Values.extraLabels }} + {{ $key }}: {{ quote $value }} + {{- end }} + name: {{ $fullName }}-django + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ .Release.Name }} + defectdojo.org/component: django +{{ toYaml (omit .Values.django.podDisruptionBudget "enabled" ) | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index d091be4e1a2..d122f766132 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -55,6 +55,30 @@ "automountServiceAccountToken": { "type": "boolean" }, + "autoscaling": { + "description": "Autoscaling configuration for Celery beat deployment.", + "type": "object", + "properties": { + "autoscaleBehavior": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + } + }, "containerSecurityContext": { "description": "Container security context for the Celery beat containers.", "type": "object" @@ -104,6 +128,21 @@ "description": "Annotations for the Celery beat pods.", "type": "object" }, + "podDisruptionBudget": { + "description": "Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "string" + }, + "unhealthyPodEvictionPolicy": { + "type": "string" + } + } + }, "podSecurityContext": { "description": "Pod security context for the Celery beat pods.", "type": "object" @@ -179,6 +218,30 @@ "automountServiceAccountToken": { "type": "boolean" }, + "autoscaling": { + "description": "Autoscaling configuration for Celery worker deployment.", + "type": "object", + "properties": { + "autoscaleBehavior": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + } + }, "containerSecurityContext": { "description": "Container security context for the Celery worker containers.", "type": "object" @@ -228,6 +291,21 @@ "description": "Annotations for the Celery beat pods.", "type": "object" }, + "podDisruptionBudget": { + "description": "Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "string" + }, + "unhealthyPodEvictionPolicy": { + "type": "string" + } + } + }, "podSecurityContext": { "description": "Pod security context for the Celery worker pods.", "type": "object" @@ -429,6 +507,30 @@ "automountServiceAccountToken": { "type": "boolean" }, + "autoscaling": { + "description": "Autoscaling configuration for the Django deployment.", + "type": "object", + "properties": { + "autoscaleBehavior": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + }, + "targetMemoryUtilizationPercentage": { + "type": "integer" + } + } + }, "extraEnv": { "description": "Additional environment variables injected to all Django containers and initContainers.", "type": "array" @@ -594,6 +696,21 @@ "nodeSelector": { "type": "object" }, + "podDisruptionBudget": { + "description": "Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "string" + }, + "unhealthyPodEvictionPolicy": { + "type": "string" + } + } + }, "podSecurityContext": { "description": "Pod security context for the Django pods.", "type": "object", diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 419fe3fe743..f07c5da2039 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -221,6 +221,14 @@ celery: repository: "" tag: "" digest: "" + # -- Autoscaling configuration for Celery beat deployment. + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + autoscaleBehavior: {} automountServiceAccountToken: false # -- Annotations for the Celery beat deployment. annotations: {} @@ -251,6 +259,11 @@ celery: nodeSelector: {} # -- Annotations for the Celery beat pods. podAnnotations: {} + # -- Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + podDisruptionBudget: + enabled: false + minAvailable: 50% + unhealthyPodEvictionPolicy: AlwaysAllow # -- Pod security context for the Celery beat pods. podSecurityContext: {} # -- Enable readiness probe for Celery beat container. @@ -273,6 +286,14 @@ celery: repository: "" tag: "" digest: "" + # -- Autoscaling configuration for Celery worker deployment. + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + autoscaleBehavior: {} automountServiceAccountToken: false # -- Annotations for the Celery worker deployment. annotations: {} @@ -303,6 +324,11 @@ celery: nodeSelector: {} # -- Annotations for the Celery beat pods. podAnnotations: {} + # -- Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + podDisruptionBudget: + enabled: false + minAvailable: 50% + unhealthyPodEvictionPolicy: AlwaysAllow # -- Pod security context for the Celery worker pods. podSecurityContext: {} # -- Enable readiness probe for Celery worker container. @@ -328,6 +354,14 @@ celery: poolType: solo django: + # -- Autoscaling configuration for the Django deployment. + autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + autoscaleBehavior: {} automountServiceAccountToken: false annotations: {} service: @@ -380,6 +414,11 @@ django: cpu: 2000m memory: 256Mi nodeSelector: {} + # -- Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + podDisruptionBudget: + enabled: false + minAvailable: 50% + unhealthyPodEvictionPolicy: AlwaysAllow replicas: 1 strategy: {} tolerations: [] From f81de67cae072ab00460c63f5f67cd115b7cc90d Mon Sep 17 00:00:00 2001 From: Carlos Date: Tue, 28 Oct 2025 17:17:52 +0100 Subject: [PATCH 2/6] add changes requested --- helm/defectdojo/README.md | 6 +-- .../defectdojo/templates/celery-beat-hpa.yaml | 51 ------------------- .../defectdojo/templates/celery-beat-pdb.yaml | 31 ----------- .../templates/celery-worker-deployment.yaml | 4 ++ .../templates/celery-worker-pdb.yaml | 4 +- .../templates/django-deployment.yaml | 4 ++ helm/defectdojo/templates/django-hpa.yaml | 9 ++-- helm/defectdojo/templates/django-pdb.yaml | 13 ++--- helm/defectdojo/values.schema.json | 49 ++++-------------- helm/defectdojo/values.yaml | 19 ++----- 10 files changed, 35 insertions(+), 155 deletions(-) delete mode 100644 helm/defectdojo/templates/celery-beat-hpa.yaml delete mode 100644 helm/defectdojo/templates/celery-beat-pdb.yaml diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index d7db4763962..d9deb8de933 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -529,7 +529,6 @@ A Helm chart for Kubernetes to install DefectDojo | celery.beat.affinity | object | `{}` | | | celery.beat.annotations | object | `{}` | Annotations for the Celery beat deployment. | | celery.beat.automountServiceAccountToken | bool | `false` | | -| celery.beat.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery beat deployment. | | celery.beat.containerSecurityContext | object | `{}` | Container security context for the Celery beat containers. | | celery.beat.extraEnv | list | `[]` | Additional environment variables injected to Celery beat containers. | | celery.beat.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery beat containers. | @@ -539,7 +538,6 @@ A Helm chart for Kubernetes to install DefectDojo | celery.beat.livenessProbe | object | `{}` | Enable liveness probe for Celery beat container. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` | | celery.beat.nodeSelector | object | `{}` | | | celery.beat.podAnnotations | object | `{}` | Annotations for the Celery beat pods. | -| celery.beat.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget | | celery.beat.podSecurityContext | object | `{}` | Pod security context for the Celery beat pods. | | celery.beat.readinessProbe | object | `{}` | Enable readiness probe for Celery beat container. | | celery.beat.replicas | int | `1` | | @@ -564,7 +562,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | celery.worker.livenessProbe | object | `{}` | Enable liveness probe for Celery worker containers. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` | | celery.worker.nodeSelector | object | `{}` | | -| celery.worker.podAnnotations | object | `{}` | Annotations for the Celery beat pods. | +| celery.worker.podAnnotations | object | `{}` | Annotations for the Celery worker pods. | | celery.worker.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget | | celery.worker.podSecurityContext | object | `{}` | Pod security context for the Celery worker pods. | | celery.worker.readinessProbe | object | `{}` | Enable readiness probe for Celery worker container. | @@ -574,6 +572,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.resources.requests.cpu | string | `"100m"` | | | celery.worker.resources.requests.memory | string | `"128Mi"` | | | celery.worker.startupProbe | object | `{}` | Enable startup probe for Celery worker container. | +| celery.worker.terminationGracePeriodSeconds | int | `300` | | | celery.worker.tolerations | list | `[]` | | | cloudsql | object | `{"containerSecurityContext":{},"enable_iam_login":false,"enabled":false,"extraEnv":[],"extraVolumeMounts":[],"image":{"pullPolicy":"IfNotPresent","repository":"gcr.io/cloudsql-docker/gce-proxy","tag":"1.37.9"},"instance":"","resources":{},"use_private_ip":false,"verbose":true}` | Google CloudSQL support in GKE via gce-proxy | | cloudsql.containerSecurityContext | object | `{}` | Optional: security context for the CloudSQL proxy container. | @@ -633,6 +632,7 @@ A Helm chart for Kubernetes to install DefectDojo | django.service.annotations | object | `{}` | | | django.service.type | string | `""` | | | django.strategy | object | `{}` | | +| django.terminationGracePeriodSeconds | int | `60` | | | django.tolerations | list | `[]` | | | django.uwsgi.appSettings.maxFd | int | `0` | Use this value to set the maximum number of file descriptors. If set to 0 will be detected by uwsgi e.g. 102400 | | django.uwsgi.appSettings.processes | int | `4` | | diff --git a/helm/defectdojo/templates/celery-beat-hpa.yaml b/helm/defectdojo/templates/celery-beat-hpa.yaml deleted file mode 100644 index aff7dcdd07c..00000000000 --- a/helm/defectdojo/templates/celery-beat-hpa.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.celery.beat.autoscaling.enabled -}} -{{- $fullName := include "defectdojo.fullname" . -}} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ quote $value }} - {{- end }} - {{- end }} - name: {{ $fullName }}-celery-beat - namespace: {{ .Release.Namespace }} - labels: - defectdojo.org/component: celery - defectdojo.org/subcomponent: beat - app.kubernetes.io/name: {{ include "defectdojo.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "defectdojo.chart" . }} - {{- range $key, $value := .Values.extraLabels }} - {{ $key }}: {{ quote $value }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: "Deployment" - name: {{ $fullName }}-celery-beat - minReplicas: {{ .Values.celery.beat.autoscaling.minReplicas }} - maxReplicas: {{ .Values.celery.beat.autoscaling.maxReplicas }} - metrics: - {{- with .Values.celery.beat.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ . }} - type: Utilization - {{- end }} - {{- with .Values.celery.beat.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ . }} - type: Utilization - {{- end }} - {{- if .Values.celery.beat.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.celery.beat.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/helm/defectdojo/templates/celery-beat-pdb.yaml b/helm/defectdojo/templates/celery-beat-pdb.yaml deleted file mode 100644 index 714ca571bc2..00000000000 --- a/helm/defectdojo/templates/celery-beat-pdb.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.celery.beat.podDisruptionBudget.enabled }} -{{- $fullName := include "defectdojo.fullname" . -}} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }} - annotations: - {{- range $key, $value := . }} - {{ $key }}: {{ quote $value }} - {{- end }} - {{- end }} - labels: - defectdojo.org/component: celery - defectdojo.org/subcomponent: beat - app.kubernetes.io/name: {{ include "defectdojo.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "defectdojo.chart" . }} - {{- range $key, $value := .Values.extraLabels }} - {{ $key }}: {{ quote $value }} - {{- end }} - name: {{ $fullName }}-celery-beat - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ .Release.Name }} - defectdojo.org/component: celery - defectdojo.org/subcomponent: beat -{{ toYaml (omit .Values.celery.beat.podDisruptionBudget "enabled" ) | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/helm/defectdojo/templates/celery-worker-deployment.yaml b/helm/defectdojo/templates/celery-worker-deployment.yaml index 14ddcf79f4b..9acf2cd49c6 100644 --- a/helm/defectdojo/templates/celery-worker-deployment.yaml +++ b/helm/defectdojo/templates/celery-worker-deployment.yaml @@ -170,6 +170,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.celery.worker.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.celery.worker.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/helm/defectdojo/templates/celery-worker-pdb.yaml b/helm/defectdojo/templates/celery-worker-pdb.yaml index f40c1909995..d91da9e7224 100644 --- a/helm/defectdojo/templates/celery-worker-pdb.yaml +++ b/helm/defectdojo/templates/celery-worker-pdb.yaml @@ -1,4 +1,4 @@ -{{- if .Values.celery.worker.podDisruptionBudget.enabled }} +{{- if and .Values.celery.worker.podDisruptionBudget.enabled (or (gt (int .Values.celery.worker.replicas) 1) .Values.celery.worker.autoscaling.enabled) }} {{- $fullName := include "defectdojo.fullname" . -}} apiVersion: policy/v1 kind: PodDisruptionBudget @@ -24,7 +24,7 @@ metadata: spec: selector: matchLabels: - app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "defectdojo.name" . }} defectdojo.org/component: celery defectdojo.org/subcomponent: worker {{ toYaml (omit .Values.celery.worker.podDisruptionBudget "enabled" ) | indent 2 }} diff --git a/helm/defectdojo/templates/django-deployment.yaml b/helm/defectdojo/templates/django-deployment.yaml index b4eee529383..ff2285908ee 100644 --- a/helm/defectdojo/templates/django-deployment.yaml +++ b/helm/defectdojo/templates/django-deployment.yaml @@ -372,6 +372,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.django.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.django.tolerations }} tolerations: {{- toYaml . | nindent 8 }} diff --git a/helm/defectdojo/templates/django-hpa.yaml b/helm/defectdojo/templates/django-hpa.yaml index c1385bce2da..2f3bfc59aaf 100644 --- a/helm/defectdojo/templates/django-hpa.yaml +++ b/helm/defectdojo/templates/django-hpa.yaml @@ -3,14 +3,11 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - {{- if or .Values.extraAnnotations .Values.django.autoscaling.annotations }} + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.django.annotations }} annotations: - {{- range $key, $value := .Values.extraAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ quote $value }} - {{- end }} - {{- range $key, $value := .Values.django.annotations }} - {{ $key }}: {{ quote $value }} - {{- end }} + {{- end }} {{- end }} name: {{ $fullName }}-django namespace: {{ .Release.Namespace }} diff --git a/helm/defectdojo/templates/django-pdb.yaml b/helm/defectdojo/templates/django-pdb.yaml index bd66c90cb95..b10f915dd47 100644 --- a/helm/defectdojo/templates/django-pdb.yaml +++ b/helm/defectdojo/templates/django-pdb.yaml @@ -1,16 +1,13 @@ -{{- if .Values.django.podDisruptionBudget.enabled }} +{{- if and .Values.django.podDisruptionBudget.enabled (or (gt (int .Values.django.replicaCount) 1) .Values.django.autoscaling.enabled) }} {{- $fullName := include "defectdojo.fullname" . -}} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - {{- if or .Values.extraAnnotations .Values.django.podDisruptionBudget.annotations }} + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.django.annotations }} annotations: - {{- range $key, $value := .Values.extraAnnotations }} + {{- range $key, $value := . }} {{ $key }}: {{ quote $value }} - {{- end }} - {{- range $key, $value := .Values.django.annotations }} - {{ $key }}: {{ quote $value }} - {{- end }} + {{- end }} {{- end }} labels: defectdojo.org/component: django @@ -26,7 +23,7 @@ metadata: spec: selector: matchLabels: - app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "defectdojo.name" . }} defectdojo.org/component: django {{ toYaml (omit .Values.django.podDisruptionBudget "enabled" ) | indent 2 }} {{- end }} \ No newline at end of file diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index d122f766132..ba2884baa5b 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -55,30 +55,6 @@ "automountServiceAccountToken": { "type": "boolean" }, - "autoscaling": { - "description": "Autoscaling configuration for Celery beat deployment.", - "type": "object", - "properties": { - "autoscaleBehavior": { - "type": "object" - }, - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - }, - "targetMemoryUtilizationPercentage": { - "type": "integer" - } - } - }, "containerSecurityContext": { "description": "Container security context for the Celery beat containers.", "type": "object" @@ -128,21 +104,6 @@ "description": "Annotations for the Celery beat pods.", "type": "object" }, - "podDisruptionBudget": { - "description": "Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget", - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "minAvailable": { - "type": "string" - }, - "unhealthyPodEvictionPolicy": { - "type": "string" - } - } - }, "podSecurityContext": { "description": "Pod security context for the Celery beat pods.", "type": "object" @@ -288,7 +249,7 @@ "type": "object" }, "podAnnotations": { - "description": "Annotations for the Celery beat pods.", + "description": "Annotations for the Celery worker pods.", "type": "object" }, "podDisruptionBudget": { @@ -348,6 +309,10 @@ "description": "Enable startup probe for Celery worker container.", "type": "object" }, + "terminationGracePeriodSeconds": { + "description": "Termination grace period seconds for Celery worker pods.", + "type": "integer" + }, "tolerations": { "type": "array" } @@ -737,6 +702,10 @@ "strategy": { "type": "object" }, + "terminationGracePeriodSeconds": { + "description": "Termination grace period seconds for django pods.", + "type": "integer" + }, "tolerations": { "type": "array" }, diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index f07c5da2039..0c176cea9b1 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -221,14 +221,6 @@ celery: repository: "" tag: "" digest: "" - # -- Autoscaling configuration for Celery beat deployment. - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 - autoscaleBehavior: {} automountServiceAccountToken: false # -- Annotations for the Celery beat deployment. annotations: {} @@ -259,11 +251,6 @@ celery: nodeSelector: {} # -- Annotations for the Celery beat pods. podAnnotations: {} - # -- Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - podDisruptionBudget: - enabled: false - minAvailable: 50% - unhealthyPodEvictionPolicy: AlwaysAllow # -- Pod security context for the Celery beat pods. podSecurityContext: {} # -- Enable readiness probe for Celery beat container. @@ -322,7 +309,7 @@ celery: # ``` livenessProbe: {} nodeSelector: {} - # -- Annotations for the Celery beat pods. + # -- Annotations for the Celery worker pods. podAnnotations: {} # -- Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget podDisruptionBudget: @@ -343,6 +330,8 @@ celery: memory: 512Mi # -- Enable startup probe for Celery worker container. startupProbe: {} + # -- Termination grace period seconds for Celery worker pods. + terminationGracePeriodSeconds: 300 tolerations: [] appSettings: # -- Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) @@ -421,6 +410,8 @@ django: unhealthyPodEvictionPolicy: AlwaysAllow replicas: 1 strategy: {} + # -- Termination grace period seconds for django pods. + terminationGracePeriodSeconds: 60 tolerations: [] uwsgi: # -- If empty, uses values from images.django.image From 98da46ac576152e167cf0ee4a0ab0818226ed0f0 Mon Sep 17 00:00:00 2001 From: Carlos Date: Fri, 31 Oct 2025 09:06:41 +0100 Subject: [PATCH 3/6] fix .Values.django.replicas --- helm/defectdojo/templates/django-pdb.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/defectdojo/templates/django-pdb.yaml b/helm/defectdojo/templates/django-pdb.yaml index b10f915dd47..f215ca58760 100644 --- a/helm/defectdojo/templates/django-pdb.yaml +++ b/helm/defectdojo/templates/django-pdb.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.django.podDisruptionBudget.enabled (or (gt (int .Values.django.replicaCount) 1) .Values.django.autoscaling.enabled) }} +{{- if and .Values.django.podDisruptionBudget.enabled (or (gt (int .Values.django.replicas) 1) .Values.django.autoscaling.enabled) }} {{- $fullName := include "defectdojo.fullname" . -}} apiVersion: policy/v1 kind: PodDisruptionBudget From 4c70a7b565734184a75912a5845a222df21a7b31 Mon Sep 17 00:00:00 2001 From: Carlos Date: Mon, 3 Nov 2025 09:43:56 +0100 Subject: [PATCH 4/6] add changes requested --- helm/defectdojo/Chart.yaml | 2 ++ helm/defectdojo/README.md | 4 ++-- helm/defectdojo/templates/celery-worker-hpa.yaml | 4 ++-- helm/defectdojo/templates/django-hpa.yaml | 4 ++-- helm/defectdojo/values.schema.json | 4 ++-- helm/defectdojo/values.yaml | 4 ++-- 6 files changed, 12 insertions(+), 10 deletions(-) diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index d7b18755fe9..511eeebf8b2 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -45,3 +45,5 @@ annotations: description: Testing on the oldest officially supported k8s - kind: added description: Checker for maximal number of celery beats + - kind: added + description: Added HPA and PDB for celery worker and Django \ No newline at end of file diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 26463713327..2b6645a484a 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -553,7 +553,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.annotations | object | `{}` | Annotations for the Celery worker deployment. | | celery.worker.appSettings.poolType | string | `"solo"` | Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) poolType: prefork autoscaleMin: 2 autoscaleMax: 8 concurrency: 8 prefetchMultiplier: 128 | | celery.worker.automountServiceAccountToken | bool | `false` | | -| celery.worker.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery worker deployment. | +| celery.worker.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery worker deployment. | | celery.worker.containerSecurityContext | object | `{}` | Container security context for the Celery worker containers. | | celery.worker.extraEnv | list | `[]` | Additional environment variables injected to Celery worker containers. | | celery.worker.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery worker containers. | @@ -598,7 +598,7 @@ A Helm chart for Kubernetes to install DefectDojo | django.affinity | object | `{}` | | | django.annotations | object | `{}` | | | django.automountServiceAccountToken | bool | `false` | | -| django.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for the Django deployment. | +| django.autoscaling | object | `{"behavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for the Django deployment. | | django.extraEnv | list | `[]` | Additional environment variables injected to all Django containers and initContainers. | | django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. | | django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. | diff --git a/helm/defectdojo/templates/celery-worker-hpa.yaml b/helm/defectdojo/templates/celery-worker-hpa.yaml index df55c829356..a47fd64a111 100644 --- a/helm/defectdojo/templates/celery-worker-hpa.yaml +++ b/helm/defectdojo/templates/celery-worker-hpa.yaml @@ -45,7 +45,7 @@ spec: averageUtilization: {{ . }} type: Utilization {{- end }} - {{- if .Values.celery.worker.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.celery.worker.autoscaling.autoscaleBehavior | nindent 4 }} + {{- with .Values.celery.worker.autoscaling.behavior }} + behavior: {{ toYaml .Values.celery.worker.autoscaling.behavior | nindent 4 }} {{- end }} {{- end }} diff --git a/helm/defectdojo/templates/django-hpa.yaml b/helm/defectdojo/templates/django-hpa.yaml index 2f3bfc59aaf..64999a80031 100644 --- a/helm/defectdojo/templates/django-hpa.yaml +++ b/helm/defectdojo/templates/django-hpa.yaml @@ -44,7 +44,7 @@ spec: averageUtilization: {{ . }} type: Utilization {{- end }} - {{- if .Values.django.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.django.autoscaling.autoscaleBehavior | nindent 4 }} + {{- with .Values.django.autoscaling.behavior }} + behavior: {{ toYaml .Values.django.autoscaling.behavior | nindent 4 }} {{- end }} {{- end }} diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index 29b2439ddab..2f6e984f208 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -185,7 +185,7 @@ "description": "Autoscaling configuration for Celery worker deployment.", "type": "object", "properties": { - "autoscaleBehavior": { + "behavior": { "type": "object" }, "enabled": { @@ -478,7 +478,7 @@ "description": "Autoscaling configuration for the Django deployment.", "type": "object", "properties": { - "autoscaleBehavior": { + "behavior": { "type": "object" }, "enabled": { diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index aaa05cf02ae..c6c80e2e167 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -282,7 +282,7 @@ celery: maxReplicas: 5 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 - autoscaleBehavior: {} + behavior: {} automountServiceAccountToken: false # -- Annotations for the Celery worker deployment. annotations: {} @@ -352,7 +352,7 @@ django: maxReplicas: 5 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 - autoscaleBehavior: {} + behavior: {} automountServiceAccountToken: false annotations: {} service: From 80f2d5c94d41c1e787efa5b3bd29313a7575f8fb Mon Sep 17 00:00:00 2001 From: Carlos Date: Mon, 3 Nov 2025 10:45:40 +0100 Subject: [PATCH 5/6] fix lint --- helm/defectdojo/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 511eeebf8b2..2c2ba9c9495 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -46,4 +46,4 @@ annotations: - kind: added description: Checker for maximal number of celery beats - kind: added - description: Added HPA and PDB for celery worker and Django \ No newline at end of file + description: Added HPA and PDB for celery worker and Django From 0cd2da250670439e08b82c359c9e8028fd8ee9ea Mon Sep 17 00:00:00 2001 From: Carlos Date: Fri, 7 Nov 2025 09:50:37 +0100 Subject: [PATCH 6/6] move doc to v2.53 --- docs/content/en/open_source/upgrading/2.52.md | 4 ---- docs/content/en/open_source/upgrading/2.53.md | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 docs/content/en/open_source/upgrading/2.53.md diff --git a/docs/content/en/open_source/upgrading/2.52.md b/docs/content/en/open_source/upgrading/2.52.md index 96e8b6e6e31..20eef3fb214 100644 --- a/docs/content/en/open_source/upgrading/2.52.md +++ b/docs/content/en/open_source/upgrading/2.52.md @@ -75,10 +75,6 @@ Additionally, each deployment can specify its own pod and container security con Now each container can specify the resource requests and limits. -#### New values - -Added Helm chart support for Celery and Django deployments for Horizontal Pod Autoscaler using `.autoscaling` fields under each section. And Pod Disruption Budget using `.podDisruptionBudget` for any of Celery Beat/Worker or Django deployments. - #### Moved values The following Helm chart values have been modified in this release: diff --git a/docs/content/en/open_source/upgrading/2.53.md b/docs/content/en/open_source/upgrading/2.53.md new file mode 100644 index 00000000000..4cb595b2bb4 --- /dev/null +++ b/docs/content/en/open_source/upgrading/2.53.md @@ -0,0 +1,17 @@ +--- +title: 'Upgrading to DefectDojo Version 2.53.x' +toc_hide: true +weight: -20251107 +description: Helm chart changes +--- + +## Helm Chart Changes + +This release introduces changes to the Helm chart configuration: + +### New values + +Added Helm chart support for Celery and Django deployments for Horizontal Pod Autoscaler using `.autoscaling` fields under each section. And Pod Disruption Budget using `.podDisruptionBudget` for any of Celery Beat/Worker or Django deployments. + +## Release notes +Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.53.0) for the contents of the release. \ No newline at end of file