From 2f9cce5de6e5bdb3e86cc74817cecc7230d3b047 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Wed, 26 Nov 2025 15:41:58 +0100 Subject: [PATCH] feat(helm): Make probes more customizable Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com> --- helm/defectdojo/README.md | 8 ++- .../templates/django-deployment.yaml | 41 +++++++------- helm/defectdojo/values.schema.json | 56 ++++++++++++++++++- helm/defectdojo/values.yaml | 21 ++++++- 4 files changed, 99 insertions(+), 27 deletions(-) diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index f7e7025e192..9662b5087f9 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -665,7 +665,10 @@ A Helm chart for Kubernetes to install DefectDojo | django.uwsgi.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image | | django.uwsgi.livenessProbe.enabled | bool | `true` | Enable liveness checks on uwsgi container. | | django.uwsgi.livenessProbe.failureThreshold | int | `6` | | -| django.uwsgi.livenessProbe.initialDelaySeconds | int | `0` | | +| django.uwsgi.livenessProbe.httpGet.httpHeaders[0].name | string | `"Host"` | | +| django.uwsgi.livenessProbe.httpGet.httpHeaders[0].value | string | `"defectdojo.default.minikube.local"` | | +| django.uwsgi.livenessProbe.httpGet.path | string | `"/login?force_login_form&next=/"` | | +| django.uwsgi.livenessProbe.httpGet.port | string | `"http-uwsgi"` | | | django.uwsgi.livenessProbe.periodSeconds | int | `10` | | | django.uwsgi.livenessProbe.successThreshold | int | `1` | | | django.uwsgi.livenessProbe.timeoutSeconds | int | `5` | | @@ -736,7 +739,10 @@ A Helm chart for Kubernetes to install DefectDojo | monitoring.prometheus.image.repository | string | `"nginx/nginx-prometheus-exporter"` | | | monitoring.prometheus.image.tag | string | `"1.4.2"` | | | monitoring.prometheus.imagePullPolicy | string | `"IfNotPresent"` | | +| monitoring.prometheus.livenessProbe | object | `{"httpGet":{"path":"/metrics","port":"http-metrics"},"initialDelaySeconds":15,"periodSeconds":20,"timeoutSeconds":5}` | Set liveness probe for Monitoring prometheus container. | +| monitoring.prometheus.readinessProbe | object | `{}` | | | monitoring.prometheus.resources | object | `{}` | Optional: add resource requests/limits for the nginx prometheus exporter container | +| monitoring.prometheus.startupProbe | object | `{}` | | | networkPolicy | object | `{"annotations":{},"egress":[],"enabled":false,"ingress":[],"ingressExtend":[]}` | Enables application network policy For more info follow https://kubernetes.io/docs/concepts/services-networking/network-policies/ | | networkPolicy.egress | list | `[]` | ``` egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 443 ``` | | networkPolicy.ingress | list | `[]` | For more detailed configuration with ports and peers. It will ignore ingressExtend ``` ingress: - from: - podSelector: matchLabels: app.kubernetes.io/instance: defectdojo - podSelector: matchLabels: app.kubernetes.io/instance: defectdojo-prometheus ports: - protocol: TCP port: 8443 ``` | diff --git a/helm/defectdojo/templates/django-deployment.yaml b/helm/defectdojo/templates/django-deployment.yaml index ff2285908ee..33a37cdf46c 100644 --- a/helm/defectdojo/templates/django-deployment.yaml +++ b/helm/defectdojo/templates/django-deployment.yaml @@ -129,13 +129,15 @@ spec: - name: http-metrics protocol: TCP containerPort: 9113 - livenessProbe: - httpGet: - path: /metrics - port: http-metrics - periodSeconds: 20 - initialDelaySeconds: 15 - timeoutSeconds: 5 + {{- with .Values.monitoring.prometheus.livenessProbe }} + livenessProbe: {{ toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.monitoring.prometheus.readinessProbe }} + readinessProbe: {{ toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.monitoring.prometheus.startupProbe }} + startupProbe: {{ toYaml . | nindent 10 }} + {{- end }} {{- with .Values.monitoring.prometheus.resources }} resources: {{- . | toYaml | nindent 10 }} {{- end }} @@ -238,20 +240,17 @@ spec: {{- . | toYaml | nindent 8 }} {{- end }} {{- if .Values.django.uwsgi.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /login?force_login_form&next=/ - port: http-uwsgi - httpHeaders: - - name: Host - value: {{ .Values.host }} - failureThreshold: {{ .Values.django.uwsgi.livenessProbe.failureThreshold }} - {{- if .Values.django.uwsgi.livenessProbe.initialDelaySeconds }} - initialDelaySeconds: {{ .Values.django.uwsgi.livenessProbe.initialDelaySeconds }} - {{- end }} - periodSeconds: {{ .Values.django.uwsgi.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.django.uwsgi.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.django.uwsgi.livenessProbe.timeoutSeconds }} + {{- with .Values.django.uwsgi.livenessProbe }} + livenessProbe: {{ toYaml . | nindent 10 }} + {{- end }} + {{- end }} + {{- with .Values.django.uwsgi.readinessProbe }} + readinessProbe: {{ toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.django.uwsgi.startupProbe }} + startupProbe: {{ toYaml . | nindent 10 }} + {{- end }} + {{- if .Values.django.uwsgi.livenessProbe.enabled }} {{- end }} resources: {{- toYaml .Values.django.uwsgi.resources | nindent 10 }} diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index cbd0f7cbfec..e7b9a8d313e 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -796,8 +796,28 @@ "failureThreshold": { "type": "integer" }, - "initialDelaySeconds": { - "type": "integer" + "httpGet": { + "type": "object", + "properties": { + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": {} + } + } + }, + "path": { + "type": "string" + }, + "port": { + "type": "string" + } + } }, "periodSeconds": { "type": "integer" @@ -1145,9 +1165,41 @@ "imagePullPolicy": { "type": "string" }, + "livenessProbe": { + "description": "Set liveness probe for Monitoring prometheus container.", + "type": "object", + "properties": { + "httpGet": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "port": { + "type": "string" + } + } + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "readinessProbe": { + "type": "object" + }, "resources": { "description": "Optional: add resource requests/limits for the nginx prometheus exporter container", "type": "object" + }, + "startupProbe": { + "type": "object" } } } diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 9d98e842c92..f4790aadfcf 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -92,7 +92,7 @@ networkPolicy: annotations: {} # -- Primary hostname of instance -host: defectdojo.default.minikube.local +host: &host defectdojo.default.minikube.local # -- The full URL to your defectdojo instance, depends on the domain where DD is deployed, it also affects links in Jira. # Use syntax: `siteUrl: 'https://'` @@ -203,7 +203,16 @@ monitoring: extraVolumeMounts: [] # -- Optional: add resource requests/limits for the nginx prometheus exporter container resources: {} - + # -- Set liveness probe for Monitoring prometheus container. + livenessProbe: + httpGet: + path: /metrics + port: http-metrics + periodSeconds: 20 + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: {} + startupProbe: {} secrets: # -- Add annotations for secret resources annotations: {} @@ -439,8 +448,14 @@ django: livenessProbe: # -- Enable liveness checks on uwsgi container. enabled: true + httpGet: + path: /login?force_login_form&next=/ + port: http-uwsgi + httpHeaders: + - name: Host + value: *host failureThreshold: 6 - initialDelaySeconds: 0 + # initialDelaySeconds: ~ periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5