diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 6989b44333a..564b2c49c38 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -23,7 +23,7 @@ annotations: - kind: changed description: DRY cloudsql-proxy - kind: changed - description: Each component allow to specific image + allow digest pinning + description: Each component allow to specific image + allow digest pinning + allow different tags for Django and Nginx - kind: added description: Convert existing comments to descriptors - kind: added diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 4b4b062b89b..b6ac3127dd1 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -534,10 +534,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.beat.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery beat containers. | | celery.beat.extraVolumeMounts | list | `[]` | Array of additional volume mount points for the celery beat containers. | | celery.beat.extraVolumes | list | `[]` | A list of extra volumes to mount @type: array | -| celery.beat.image.digest | string | `""` | | -| celery.beat.image.registry | string | `""` | | -| celery.beat.image.repository | string | `""` | | -| celery.beat.image.tag | string | `""` | | +| celery.beat.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | celery.beat.livenessProbe | object | `{}` | Enable liveness probe for Celery beat container. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` | | celery.beat.nodeSelector | object | `{}` | | | celery.beat.podAnnotations | object | `{}` | Annotations for the Celery beat pods. | @@ -561,10 +558,7 @@ A Helm chart for Kubernetes to install DefectDojo | celery.worker.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery worker containers. | | celery.worker.extraVolumeMounts | list | `[]` | Array of additional volume mount points for the celery worker containers. | | celery.worker.extraVolumes | list | `[]` | A list of extra volumes to mount. @type: array | -| celery.worker.image.digest | string | `""` | | -| celery.worker.image.registry | string | `""` | | -| celery.worker.image.repository | string | `""` | | -| celery.worker.image.tag | string | `""` | | +| celery.worker.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | celery.worker.livenessProbe | object | `{}` | Enable liveness probe for Celery worker containers. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` | | celery.worker.nodeSelector | object | `{}` | | | celery.worker.podAnnotations | object | `{}` | Annotations for the Celery beat pods. | @@ -595,10 +589,7 @@ A Helm chart for Kubernetes to install DefectDojo | dbMigrationChecker.enabled | bool | `true` | Enable/disable the DB migration checker. | | dbMigrationChecker.extraEnv | list | `[]` | Additional environment variables for DB migration checker. | | dbMigrationChecker.extraVolumeMounts | list | `[]` | Array of additional volume mount points for DB migration checker. | -| dbMigrationChecker.image.digest | string | `""` | | -| dbMigrationChecker.image.registry | string | `""` | | -| dbMigrationChecker.image.repository | string | `""` | | -| dbMigrationChecker.image.tag | string | `""` | | +| dbMigrationChecker.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | dbMigrationChecker.resources | object | `{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"100Mi"}}` | Resource requests/limits for the DB migration checker. | | disableHooks | bool | `false` | Avoid using pre-install hooks, which might cause issues with ArgoCD | | django.affinity | object | `{}` | | @@ -623,10 +614,7 @@ A Helm chart for Kubernetes to install DefectDojo | django.nginx.containerSecurityContext.runAsUser | int | `1001` | nginx dockerfile sets USER=1001 | | django.nginx.extraEnv | list | `[]` | To extra environment variables to the nginx container, you can use extraEnv. For example: extraEnv: - name: FOO valueFrom: configMapKeyRef: name: foo key: bar | | django.nginx.extraVolumeMounts | list | `[]` | Array of additional volume mount points for nginx containers. | -| django.nginx.image.digest | string | `""` | | -| django.nginx.image.registry | string | `""` | | -| django.nginx.image.repository | string | `""` | | -| django.nginx.image.tag | string | `""` | | +| django.nginx.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.nginx.image | | django.nginx.resources.limits.cpu | string | `"2000m"` | | | django.nginx.resources.limits.memory | string | `"256Mi"` | | | django.nginx.resources.requests.cpu | string | `"100m"` | | @@ -651,10 +639,7 @@ A Helm chart for Kubernetes to install DefectDojo | django.uwsgi.enableDebug | bool | `false` | this also requires DD_DEBUG to be set to True | | django.uwsgi.extraEnv | list | `[]` | To add (or override) extra variables which need to be pulled from another configMap, you can use extraEnv. For example: extraEnv: - name: DD_DATABASE_HOST valueFrom: configMapKeyRef: name: my-other-postgres-configmap key: cluster_endpoint | | django.uwsgi.extraVolumeMounts | list | `[]` | Array of additional volume mount points for uwsgi containers. | -| django.uwsgi.image.digest | string | `""` | | -| django.uwsgi.image.registry | string | `""` | | -| django.uwsgi.image.repository | string | `""` | | -| django.uwsgi.image.tag | string | `""` | | +| django.uwsgi.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | django.uwsgi.livenessProbe.enabled | bool | `true` | Enable liveness checks on uwsgi container. | | django.uwsgi.livenessProbe.failureThreshold | int | `6` | | | django.uwsgi.livenessProbe.initialDelaySeconds | int | `0` | | @@ -689,14 +674,14 @@ A Helm chart for Kubernetes to install DefectDojo | host | string | `"defectdojo.default.minikube.local"` | Primary hostname of instance | | imagePullPolicy | string | `"Always"` | | | imagePullSecrets | string | `nil` | When using a private registry, name of the secret that holds the registry secret (eg deploy token from gitlab-ci project) Create secrets as: kubectl create secret docker-registry defectdojoregistrykey --docker-username=registry_username --docker-password=registry_password --docker-server='https://index.docker.io/v1/' | -| images.django.image.digest | string | `""` | | +| images.django.image.digest | string | `""` | Prefix "sha@" is expected in this place | | images.django.image.registry | string | `""` | | | images.django.image.repository | string | `"defectdojo/defectdojo-django"` | | -| images.django.image.tag | string | `""` | | -| images.nginx.image.digest | string | `""` | | +| images.django.image.tag | string | `""` | If empty, use appVersion. Another possible values are: latest, X.X.X, X.X.X-debian, X.X.X-alpine (where X.X.X is version of DD). For dev builds (only for testing purposes): nightly-dev, nightly-dev-debian, nightly-dev-alpine. To see all, check https://hub.docker.com/r/defectdojo/defectdojo-django/tags. | +| images.nginx.image.digest | string | `""` | Prefix "sha@" is expected in this place | | images.nginx.image.registry | string | `""` | | | images.nginx.image.repository | string | `"defectdojo/defectdojo-nginx"` | | -| images.nginx.image.tag | string | `""` | | +| images.nginx.image.tag | string | `""` | If empty, use appVersion. Another possible values are: latest, X.X.X, X.X.X-alpine (where X.X.X is version of DD). For dev builds (only for testing purposes): nightly-dev, nightly-dev-alpine. To see all, check https://hub.docker.com/r/defectdojo/defectdojo-nginx/tags. | | initializer.affinity | object | `{}` | | | initializer.annotations | object | `{}` | | | initializer.automountServiceAccountToken | bool | `false` | | @@ -704,10 +689,7 @@ A Helm chart for Kubernetes to install DefectDojo | initializer.extraEnv | list | `[]` | Additional environment variables injected to the initializer job pods. | | initializer.extraVolumeMounts | list | `[]` | Array of additional volume mount points for the initializer job (init)containers. | | initializer.extraVolumes | list | `[]` | A list of extra volumes to attach to the initializer job pods. | -| initializer.image.digest | string | `""` | | -| initializer.image.registry | string | `""` | | -| initializer.image.repository | string | `""` | | -| initializer.image.tag | string | `""` | | +| initializer.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | initializer.jobAnnotations | object | `{}` | | | initializer.keepSeconds | int | `60` | A positive integer will keep this Job and Pod deployed for the specified number of seconds, after which they will be removed. For all other values, the Job and Pod will remain deployed. | | initializer.labels | object | `{}` | | @@ -759,10 +741,7 @@ A Helm chart for Kubernetes to install DefectDojo | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | siteUrl | string | `""` | The full URL to your defectdojo instance, depends on the domain where DD is deployed, it also affects links in Jira. Use syntax: `siteUrl: 'https://'` | | tests.unitTests.automountServiceAccountToken | bool | `false` | | -| tests.unitTests.image.digest | string | `""` | | -| tests.unitTests.image.registry | string | `""` | | -| tests.unitTests.image.repository | string | `""` | | -| tests.unitTests.image.tag | string | `""` | | +| tests.unitTests.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | tests.unitTests.resources.limits.cpu | string | `"500m"` | | | tests.unitTests.resources.limits.memory | string | `"512Mi"` | | | tests.unitTests.resources.requests.cpu | string | `"100m"` | | diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index 03fb1dcc70a..d091be4e1a2 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -76,6 +76,7 @@ "type": "array" }, "image": { + "description": "If empty, uses values from images.django.image", "type": "object", "properties": { "digest": { @@ -199,6 +200,7 @@ "type": "array" }, "image": { + "description": "If empty, uses values from images.django.image", "type": "object", "properties": { "digest": { @@ -364,6 +366,7 @@ "type": "array" }, "image": { + "description": "If empty, uses values from images.django.image", "type": "object", "properties": { "digest": { @@ -531,6 +534,7 @@ "type": "array" }, "image": { + "description": "If empty, uses values from images.nginx.image", "type": "object", "properties": { "digest": { @@ -677,6 +681,7 @@ "type": "array" }, "image": { + "description": "If empty, uses values from images.django.image", "type": "object", "properties": { "digest": { @@ -858,6 +863,7 @@ "type": "object", "properties": { "digest": { + "description": "Prefix \"sha@\" is expected in this place", "type": "string" }, "registry": { @@ -867,6 +873,7 @@ "type": "string" }, "tag": { + "description": "If empty, use appVersion. Another possible values are: latest, X.X.X, X.X.X-debian, X.X.X-alpine (where X.X.X is version of DD). For dev builds (only for testing purposes): nightly-dev, nightly-dev-debian, nightly-dev-alpine. To see all, check https://hub.docker.com/r/defectdojo/defectdojo-django/tags.", "type": "string" } } @@ -880,6 +887,7 @@ "type": "object", "properties": { "digest": { + "description": "Prefix \"sha@\" is expected in this place", "type": "string" }, "registry": { @@ -889,6 +897,7 @@ "type": "string" }, "tag": { + "description": "If empty, use appVersion. Another possible values are: latest, X.X.X, X.X.X-alpine (where X.X.X is version of DD). For dev builds (only for testing purposes): nightly-dev, nightly-dev-alpine. To see all, check https://hub.docker.com/r/defectdojo/defectdojo-nginx/tags.", "type": "string" } } @@ -926,6 +935,7 @@ "type": "array" }, "image": { + "description": "If empty, uses values from images.django.image", "type": "object", "properties": { "digest": { @@ -1353,6 +1363,7 @@ "type": "boolean" }, "image": { + "description": "If empty, uses values from images.django.image", "type": "object", "properties": { "digest": { diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 5fd9603b82c..419fe3fe743 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -32,13 +32,23 @@ images: image: registry: "" repository: defectdojo/defectdojo-django - tag: "" # If empty, use appVersion + # -- If empty, use appVersion. + # Another possible values are: latest, X.X.X, X.X.X-debian, X.X.X-alpine (where X.X.X is version of DD). + # For dev builds (only for testing purposes): nightly-dev, nightly-dev-debian, nightly-dev-alpine. + # To see all, check https://hub.docker.com/r/defectdojo/defectdojo-django/tags. + tag: "" + # -- Prefix "sha@" is expected in this place digest: "" nginx: image: registry: "" repository: defectdojo/defectdojo-nginx - tag: "" # If empty, use appVersion + # -- If empty, use appVersion. + # Another possible values are: latest, X.X.X, X.X.X-alpine (where X.X.X is version of DD). + # For dev builds (only for testing purposes): nightly-dev, nightly-dev-alpine. + # To see all, check https://hub.docker.com/r/defectdojo/defectdojo-nginx/tags. + tag: "" + # -- Prefix "sha@" is expected in this place digest: "" # -- Enables application network policy @@ -124,7 +134,8 @@ serviceAccount: labels: {} dbMigrationChecker: - image: # If empty, uses values from images.django.image + # -- If empty, uses values from images.django.image + image: registry: "" repository: "" tag: "" @@ -148,7 +159,8 @@ dbMigrationChecker: tests: unitTests: - image: # If empty, uses values from images.django.image + # -- If empty, uses values from images.django.image + image: registry: "" repository: "" tag: "" @@ -203,7 +215,8 @@ celery: # -- Common annotations to worker and beat deployments and pods. annotations: {} beat: - image: # If empty, uses values from images.django.image + # -- If empty, uses values from images.django.image + image: registry: "" repository: "" tag: "" @@ -254,7 +267,8 @@ celery: startupProbe: {} tolerations: [] worker: - image: # If empty, uses values from images.django.image + # -- If empty, uses values from images.django.image + image: registry: "" repository: "" tag: "" @@ -335,7 +349,8 @@ django: # `nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"` annotations: {} nginx: - image: # If empty, uses values from images.nginx.image + # -- If empty, uses values from images.nginx.image + image: registry: "" repository: "" tag: "" @@ -369,7 +384,8 @@ django: strategy: {} tolerations: [] uwsgi: - image: # If empty, uses values from images.django.image + # -- If empty, uses values from images.django.image + image: registry: "" repository: "" tag: "" @@ -475,7 +491,8 @@ initializer: affinity: {} nodeSelector: {} tolerations: [] - image: # If empty, uses values from images.django.image + # -- If empty, uses values from images.django.image + image: registry: "" repository: "" tag: ""