Skip to content

Feat: Add HPA & PDB Helm Chart Support #13391 #13512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 11 commits into
base: dev
Choose a base branch
from
+303 −5
Open

Feat: Add HPA & PDB Helm Chart Support #13391 #13512

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
feeec15
feat(helm): add HPA and PDB support for Django and Celery Beat
carlosmt86 Oct 23, 2025
f81de67
add changes requested
carlosmt86 Oct 28, 2025
4544224
Merge branch 'dev' into feat/chart_hpa_pdb_13391
carlosmt86 Oct 29, 2025
98da46a
fix .Values.django.replicas
carlosmt86 Oct 31, 2025
4c70a7b
add changes requested
carlosmt86 Nov 3, 2025
b5bb985
Merge branch 'dev' into feat/chart_hpa_pdb_13391
carlosmt86 Nov 3, 2025
80f2d5c
fix lint
carlosmt86 Nov 3, 2025
0cd2da2
move doc to v2.53
carlosmt86 Nov 7, 2025
8bce01c
Merge branch 'dev' into feat/chart_hpa_pdb_13391
carlosmt86 Nov 7, 2025
50d0fdc
fix Chart.yaml
carlosmt86 Nov 11, 2025
e9bb3ad
Merge branch 'dev' into feat/chart_hpa_pdb_13391
carlosmt86 Nov 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/content/en/open_source/upgrading/2.52.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@ Additionally, each deployment can specify its own pod and container security con

Now each container can specify the resource requests and limits.

#### New values

Added Helm chart support for Celery and Django deployments for Horizontal Pod Autoscaler using `.autoscaling` fields under each section. And Pod Disruption Budget using `.podDisruptionBudget` for any of Celery Beat/Worker or Django deployments.

#### Moved values

The following Helm chart values have been modified in this release:
Expand Down
8 changes: 7 additions & 1 deletion helm/defectdojo/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -553,6 +553,7 @@ A Helm chart for Kubernetes to install DefectDojo
| celery.worker.annotations | object | `{}` | Annotations for the Celery worker deployment. |
| celery.worker.appSettings.poolType | string | `"solo"` | Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) poolType: prefork autoscaleMin: 2 autoscaleMax: 8 concurrency: 8 prefetchMultiplier: 128 |
| celery.worker.automountServiceAccountToken | bool | `false` | |
| celery.worker.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery worker deployment. |
| celery.worker.containerSecurityContext | object | `{}` | Container security context for the Celery worker containers. |
| celery.worker.extraEnv | list | `[]` | Additional environment variables injected to Celery worker containers. |
| celery.worker.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery worker containers. |
Expand All @@ -561,7 +562,8 @@ A Helm chart for Kubernetes to install DefectDojo
| celery.worker.image | object | `{"digest":"","registry":"","repository":"","tag":""}` | If empty, uses values from images.django.image |
| celery.worker.livenessProbe | object | `{}` | Enable liveness probe for Celery worker containers. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` |
| celery.worker.nodeSelector | object | `{}` | |
| celery.worker.podAnnotations | object | `{}` | Annotations for the Celery beat pods. |
| celery.worker.podAnnotations | object | `{}` | Annotations for the Celery worker pods. |
| celery.worker.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
| celery.worker.podSecurityContext | object | `{}` | Pod security context for the Celery worker pods. |
| celery.worker.readinessProbe | object | `{}` | Enable readiness probe for Celery worker container. |
| celery.worker.replicas | int | `1` | |
Expand All @@ -570,6 +572,7 @@ A Helm chart for Kubernetes to install DefectDojo
| celery.worker.resources.requests.cpu | string | `"100m"` | |
| celery.worker.resources.requests.memory | string | `"128Mi"` | |
| celery.worker.startupProbe | object | `{}` | Enable startup probe for Celery worker container. |
| celery.worker.terminationGracePeriodSeconds | int | `300` | |
| celery.worker.tolerations | list | `[]` | |
| cloudsql | object | `{"containerSecurityContext":{},"enable_iam_login":false,"enabled":false,"extraEnv":[],"extraVolumeMounts":[],"image":{"pullPolicy":"IfNotPresent","repository":"gcr.io/cloudsql-docker/gce-proxy","tag":"1.37.9"},"instance":"","resources":{},"use_private_ip":false,"verbose":true}` | Google CloudSQL support in GKE via gce-proxy |
| cloudsql.containerSecurityContext | object | `{}` | Optional: security context for the CloudSQL proxy container. |
Expand All @@ -595,6 +598,7 @@ A Helm chart for Kubernetes to install DefectDojo
| django.affinity | object | `{}` | |
| django.annotations | object | `{}` | |
| django.automountServiceAccountToken | bool | `false` | |
| django.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for the Django deployment. |
| django.extraEnv | list | `[]` | Additional environment variables injected to all Django containers and initContainers. |
| django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. |
| django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. |
Expand Down Expand Up @@ -622,11 +626,13 @@ A Helm chart for Kubernetes to install DefectDojo
| django.nginx.tls.enabled | bool | `false` | |
| django.nginx.tls.generateCertificate | bool | `false` | |
| django.nodeSelector | object | `{}` | |
| django.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
| django.podSecurityContext | object | `{"fsGroup":1001}` | Pod security context for the Django pods. |
| django.replicas | int | `1` | |
| django.service.annotations | object | `{}` | |
| django.service.type | string | `""` | |
| django.strategy | object | `{}` | |
| django.terminationGracePeriodSeconds | int | `60` | |
| django.tolerations | list | `[]` | |
| django.uwsgi.appSettings.maxFd | int | `0` | Use this value to set the maximum number of file descriptors. If set to 0 will be detected by uwsgi e.g. 102400 |
| django.uwsgi.appSettings.processes | int | `4` | |
Expand Down
4 changes: 4 additions & 0 deletions helm/defectdojo/templates/celery-worker-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,10 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.celery.worker.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.celery.worker.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
Expand Down
51 changes: 51 additions & 0 deletions helm/defectdojo/templates/celery-worker-hpa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{{- if .Values.celery.worker.autoscaling.enabled -}}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
name: {{ $fullName }}-celery-worker
namespace: {{ .Release.Namespace }}
labels:
defectdojo.org/component: celery
defectdojo.org/subcomponent: worker
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: "Deployment"
name: {{ $fullName }}-celery-worker
minReplicas: {{ .Values.celery.worker.autoscaling.minReplicas }}
maxReplicas: {{ .Values.celery.worker.autoscaling.maxReplicas }}
metrics:
{{- with .Values.celery.worker.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- with .Values.celery.worker.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- if .Values.celery.worker.autoscaling.autoscaleBehavior }}
behavior: {{ toYaml .Values.celery.worker.autoscaling.autoscaleBehavior | nindent 4 }}
{{- end }}
{{- end }}
31 changes: 31 additions & 0 deletions helm/defectdojo/templates/celery-worker-pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{{- if and .Values.celery.worker.podDisruptionBudget.enabled (or (gt (int .Values.celery.worker.replicas) 1) .Values.celery.worker.autoscaling.enabled) }}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
labels:
defectdojo.org/component: celery
defectdojo.org/subcomponent: worker
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
name: {{ $fullName }}-celery-worker
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
defectdojo.org/component: celery
defectdojo.org/subcomponent: worker
{{ toYaml (omit .Values.celery.worker.podDisruptionBudget "enabled" ) | indent 2 }}
{{- end }}
4 changes: 4 additions & 0 deletions helm/defectdojo/templates/django-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,10 @@ spec:
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.django.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.django.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
Expand Down
50 changes: 50 additions & 0 deletions helm/defectdojo/templates/django-hpa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{{- if .Values.django.autoscaling.enabled -}}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.django.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
name: {{ $fullName }}-django
namespace: {{ .Release.Namespace }}
labels:
defectdojo.org/component: django
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: "Deployment"
name: {{ $fullName }}-django
minReplicas: {{ .Values.django.autoscaling.minReplicas }}
maxReplicas: {{ .Values.django.autoscaling.maxReplicas }}
metrics:
{{- with .Values.django.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- with .Values.django.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- if .Values.django.autoscaling.autoscaleBehavior }}
behavior: {{ toYaml .Values.django.autoscaling.autoscaleBehavior | nindent 4 }}
{{- end }}
{{- end }}
29 changes: 29 additions & 0 deletions helm/defectdojo/templates/django-pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- if and .Values.django.podDisruptionBudget.enabled (or (gt (int .Values.django.replicas) 1) .Values.django.autoscaling.enabled) }}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.django.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
labels:
defectdojo.org/component: django
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
name: {{ $fullName }}-django
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
defectdojo.org/component: django
{{ toYaml (omit .Values.django.podDisruptionBudget "enabled" ) | indent 2 }}
{{- end }}
88 changes: 87 additions & 1 deletion helm/defectdojo/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,30 @@
"automountServiceAccountToken": {
"type": "boolean"
},
"autoscaling": {
"description": "Autoscaling configuration for Celery worker deployment.",
"type": "object",
"properties": {
"autoscaleBehavior": {
"type": "object"
},
"enabled": {
"type": "boolean"
},
"maxReplicas": {
"type": "integer"
},
"minReplicas": {
"type": "integer"
},
"targetCPUUtilizationPercentage": {
"type": "integer"
},
"targetMemoryUtilizationPercentage": {
"type": "integer"
}
}
},
"containerSecurityContext": {
"description": "Container security context for the Celery worker containers.",
"type": "object"
Expand Down Expand Up @@ -227,9 +251,24 @@
"type": "object"
},
"podAnnotations": {
"description": "Annotations for the Celery beat pods.",
"description": "Annotations for the Celery worker pods.",
"type": "object"
},
"podDisruptionBudget": {
"description": "Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget",
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"minAvailable": {
"type": "string"
},
"unhealthyPodEvictionPolicy": {
"type": "string"
}
}
},
"podSecurityContext": {
"description": "Pod security context for the Celery worker pods.",
"type": "object"
Expand Down Expand Up @@ -272,6 +311,10 @@
"description": "Enable startup probe for Celery worker container.",
"type": "object"
},
"terminationGracePeriodSeconds": {
"description": "Termination grace period seconds for Celery worker pods.",
"type": "integer"
},
"tolerations": {
"type": "array"
}
Expand Down Expand Up @@ -431,6 +474,30 @@
"automountServiceAccountToken": {
"type": "boolean"
},
"autoscaling": {
"description": "Autoscaling configuration for the Django deployment.",
"type": "object",
"properties": {
"autoscaleBehavior": {
"type": "object"
},
"enabled": {
"type": "boolean"
},
"maxReplicas": {
"type": "integer"
},
"minReplicas": {
"type": "integer"
},
"targetCPUUtilizationPercentage": {
"type": "integer"
},
"targetMemoryUtilizationPercentage": {
"type": "integer"
}
}
},
"extraEnv": {
"description": "Additional environment variables injected to all Django containers and initContainers.",
"type": "array"
Expand Down Expand Up @@ -596,6 +663,21 @@
"nodeSelector": {
"type": "object"
},
"podDisruptionBudget": {
"description": "Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget",
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"minAvailable": {
"type": "string"
},
"unhealthyPodEvictionPolicy": {
"type": "string"
}
}
},
"podSecurityContext": {
"description": "Pod security context for the Django pods.",
"type": "object",
Expand All @@ -622,6 +704,10 @@
"strategy": {
"type": "object"
},
"terminationGracePeriodSeconds": {
"description": "Termination grace period seconds for django pods.",
"type": "integer"
},
"tolerations": {
"type": "array"
},
Expand Down
Loading
Loading