chore: move external db values to separate fields, add release notes

fernandezcuesta · fernandezcuesta · commit 4f07742b6a3b · 2025-08-27T09:13:17.000+02:00
diff --git a/docs/content/en/open_source/upgrading/2.50.md b/docs/content/en/open_source/upgrading/2.50.md
@@ -2,6 +2,49 @@
 title: 'Upgrading to DefectDojo Version 2.50.x'
 toc_hide: true
 weight: -20250804
-description: No special instructions.
+description: Helm chart changes.
 ---
-There are no special instructions for upgrading to 2.50.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.50.0) for the contents of the release.
+
+## Helm Chart Changes
+
+This release introduces several important changes to the Helm chart configuration:
+
+## Breaking changes
+
+### Volume Management Improvements
+
+- **Streamlined volume configuration**: The existing volume logic has been removed and replaced with more flexible `extraVolumes` and `extraVolumeMounts` options that provide deployment-agnostic volume management.
+
+> The previous volume implementation prevented mounting projected volumes (such as secret mounts with renamed key names) and per-container volume mounts (like nginx emptyDir when readOnlyRootFs is enforced).
+> The new approach resolves these limitations.
+
+### Moved values
+
+The following Helm chart values have been modified in this release:
+
+- `redis.transportEncryption.enabled` → `redis.tls.enabled` (aligned with upstream Helm chart)
+- `redis.scheme` → `redis.sentinel.enabled` (controls deployment mode and aligns with upstream chart)
+- `redis.redisServer` → `redisServer` (prevents potential schema conflicts with upstream chart)
+- `redis.transportEncryption.params` → `redisParams` (prevents potential schema conflicts with upstream chart)
+- `postgresql.postgresServer` → `postgresServer` (prevents potential schema conflicts with upstream chart)
+
+## New features
+
+### Container and Environment Enhancements
+
+- **Added extraInitContainers support**: Both Celery and Django deployments now support additional init containers through the `extraInitContainers` configuration option.
+- **Enhanced probe configuration for Celery**: Added support for customizing liveness, readiness, and startup probes in both Celery beat and worker deployments.
+- **Enhanced environment variable management**: All deployments now include `extraEnv` support for adding custom environment variables. For backwards compatibility, `.Values.extraEnv` can be used to inject common environment variables to all workloads.
+
+## Other changes
+
+- **Celery pod annotations**: Now we can add annotations to Celery beat/worker pods separately.
+- **Flexible secret deployment**: Added the capability to deploy secrets as regular (non-hooked) resources to address compatibility issues encountered with CI/CD tools (such as ArgoCD).
+- **Optional secret references**: Some secret references are now optional, allowing the chart to function even when certain secrets are not created.
+- **Fixed secret mounting**: Resolved issues with optional secret mounts and references.
+- **Updated Bitnami chart reference**: Migrated to OCI (Open Container Initiative) format for the Bitnami chart dependency.
+- **Improved code organization**: Minor Helm chart refactoring to enhance readability and maintainability.
+
+---
+
+Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.50.0) for the contents of the release.
diff --git a/helm/defectdojo/templates/_helpers.tpl b/helm/defectdojo/templates/_helpers.tpl
@@ -53,15 +53,16 @@ Create the name of the service account to use
 {{-   printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
 {{-  end -}}
 {{- else -}}
-{{-  printf "%s" ( .Values.postgresql.postgresServer | default "127.0.0.1" ) -}}
+{{- .Values.postgresServer | default "127.0.0.1" | quote -}}
 {{- end -}}
 {{- end -}}
+
 {{- define "redis.hostname" -}}
 {{- if eq .Values.celery.broker "redis" -}}
 {{- if .Values.redis.enabled -}}
 {{- printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
-{{ .Values.celery.brokerHost }}
+{{- .Values.redisServer | default "127.0.0.1" | quote -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
diff --git a/helm/defectdojo/templates/configmap.yaml b/helm/defectdojo/templates/configmap.yaml
@@ -29,7 +29,7 @@ data:
   DD_CELERY_BROKER_USER: ''
   DD_CELERY_BROKER_HOST: {{ if eq .Values.celery.broker "redis" }}{{ template "redis.hostname" . }}{{ end }}
   DD_CELERY_BROKER_PORT: '{{ if eq .Values.celery.broker "redis" }}{{- if ( hasKey .Values.redis "master" ) -}}{{ .Values.redis.master.service.ports.redis }}{{ else }}6379{{ end }}{{- end -}}'
-  DD_CELERY_BROKER_PARAMS: '{{ .Values.celery.brokerParams | default $defaultBrokerParams }}'
+  DD_CELERY_BROKER_PARAMS: '{{ .Values.redisParams | default $defaultBrokerParams }}'
   DD_CELERY_BROKER_PATH: '{{ .Values.celery.path | default "//" }}'
   DD_CELERY_LOG_LEVEL: {{ .Values.celery.logLevel }}
   DD_CELERY_WORKER_POOL_TYPE: {{ .Values.celery.worker.appSettings.poolType | default "solo" }}
diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml
@@ -148,10 +148,6 @@ secrets:
 # Components
 celery:
   broker: redis
-  # To use an external celery broker, set the hostname here
-  brokerHost: ""
-  # Parameters attached to the broker URL, defaults to "ssl_cert_reqs=optional" if redis.tls.enabled
-  brokerParams: ""
   logLevel: INFO
   # Common annotations to worker and beat deployments and pods.
   annotations: {}
@@ -395,9 +391,7 @@ initializer:
 
 # For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
 postgresql:
-  # To use an external PostgreSQL instance (like CloudSQL), set enabled to false, set items in auth part for authentication,
-  # and uncomment the line below:
-  # postgresServer: "127.0.0.1"
+  # To use an external instance, switch enabled to `false` and set the address in `postgresServer` below
   enabled: true
   auth:
     username: defectdojo
@@ -469,7 +463,7 @@ gke:
 
 # For more advance options check the bitnami chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/redis
 redis:
-  # To use an external Redis instance, switch enabled to false and set the address in .Values.celery.brokerHost
+  # To use an external instance, switch enabled to `false`` and set the address in `redisServer` below
   enabled: true
   auth:
     existingSecret: defectdojo-redis-specific
@@ -526,3 +520,14 @@ extraConfigs: {}
 #   MIDDLEWARE = [
 #       'debug_toolbar.middleware.DebugToolbarMiddleware',
 #   ] + MIDDLEWARE
+#
+# External database support.
+#
+# To use an external Redis instance, set `redis.enabled` to false and set the address here:
+redisServer: ~
+# Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redis.tls.enabled`
+redisParams: ""
+#
+# To use an external PostgreSQL instance (like CloudSQL), set `postgresql.enabled` to false,
+# set items in `postgresql.auth` part for authentication, and set the address here:
+postgresServer: ~
