feat(helm): add HPA and PDB support for Django and Celery Beat

- Add PodDisruptionBudget for Django pods
- Add HorizontalPodAutoscaler for Django pods
- Add PodDisruptionBudget for Celery Beat pods
- Add HorizontalPodAutoscaler for Celery Beat pods
- All resources default to disabled (enabled: false)
- Configurable via values.yaml

Fixes #13391

Author: carlosmt86

docs/content/en/open_source/upgrading/2.52.md

@@ -32,6 +32,10 @@ Additionally, each deployment can specify its own pod and container security con
 
 Now each container can specify the resource requests and limits.
 
+#### New values
+
+Added Helm chart support for Celery and Django deployments for Horizontal Pod Autoscaler using `.autoscaling` fields under each section. And Pod Disruption Budget using `.podDisruptionBudget` for any of Celery Beat/Worker or Django deployments.
+
 #### Moved values
 
 The following Helm chart values have been modified in this release:

helm/defectdojo/README.md

@@ -529,6 +529,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | celery.beat.affinity | object | `{}` |  |
 | celery.beat.annotations | object | `{}` | Annotations for the Celery beat deployment. |
 | celery.beat.automountServiceAccountToken | bool | `false` |  |
+| celery.beat.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":{}}` | Autoscaling configuration for Celery beat deployment. |
 | celery.beat.containerSecurityContext | object | `{}` | Container security context for the Celery beat containers. |
 | celery.beat.extraEnv | list | `[]` | Additional environment variables injected to Celery beat containers. |
 | celery.beat.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery beat containers. |
@@ -538,6 +539,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | celery.beat.livenessProbe | object | `{}` | Enable liveness probe for Celery beat container. ``` exec:   command:     - bash     - -c     - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` |
 | celery.beat.nodeSelector | object | `{}` |  |
 | celery.beat.podAnnotations | object | `{}` | Annotations for the Celery beat pods. |
+| celery.beat.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
 | celery.beat.podSecurityContext | object | `{}` | Pod security context for the Celery beat pods. |
 | celery.beat.readinessProbe | object | `{}` | Enable readiness probe for Celery beat container. |
 | celery.beat.replicas | int | `1` |  |
@@ -553,6 +555,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | celery.worker.annotations | object | `{}` | Annotations for the Celery worker deployment. |
 | celery.worker.appSettings.poolType | string | `"solo"` | Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) poolType: prefork autoscaleMin: 2 autoscaleMax: 8 concurrency: 8 prefetchMultiplier: 128 |
 | celery.worker.automountServiceAccountToken | bool | `false` |  |
+| celery.worker.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":{}}` | Autoscaling configuration for Celery worker deployment. |
 | celery.worker.containerSecurityContext | object | `{}` | Container security context for the Celery worker containers. |
 | celery.worker.extraEnv | list | `[]` | Additional environment variables injected to Celery worker containers. |
 | celery.worker.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery worker containers. |
@@ -562,6 +565,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | celery.worker.livenessProbe | object | `{}` | Enable liveness probe for Celery worker containers. ``` exec:   command:     - bash     - -c     - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` |
 | celery.worker.nodeSelector | object | `{}` |  |
 | celery.worker.podAnnotations | object | `{}` | Annotations for the Celery beat pods. |
+| celery.worker.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
 | celery.worker.podSecurityContext | object | `{}` | Pod security context for the Celery worker pods. |
 | celery.worker.readinessProbe | object | `{}` | Enable readiness probe for Celery worker container. |
 | celery.worker.replicas | int | `1` |  |
@@ -595,6 +599,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | django.affinity | object | `{}` |  |
 | django.annotations | object | `{}` |  |
 | django.automountServiceAccountToken | bool | `false` |  |
+| django.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":{}}` | Autoscaling configuration for the Django deployment. |
 | django.extraEnv | list | `[]` | Additional environment variables injected to all Django containers and initContainers. |
 | django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. |
 | django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. |
@@ -622,6 +627,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | django.nginx.tls.enabled | bool | `false` |  |
 | django.nginx.tls.generateCertificate | bool | `false` |  |
 | django.nodeSelector | object | `{}` |  |
+| django.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
 | django.podSecurityContext | object | `{"fsGroup":1001}` | Pod security context for the Django pods. |
 | django.replicas | int | `1` |  |
 | django.service.annotations | object | `{}` |  |

helm/defectdojo/templates/celery-beat-hpa.yaml

@@ -0,0 +1,51 @@
+{{- if .Values.celery.beat.autoscaling.enabled -}}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+  name: {{ $fullName }}-celery-beat
+  namespace: {{ .Release.Namespace }}
+  labels:
+    defectdojo.org/component: celery
+    defectdojo.org/subcomponent: beat
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: "Deployment"
+    name: {{ $fullName }}-celery-beat
+  minReplicas: {{ .Values.celery.beat.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.celery.beat.autoscaling.maxReplicas }}
+  metrics:
+    {{- with .Values.celery.beat.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+    {{- with .Values.celery.beat.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+  {{- if .Values.celery.beat.autoscaling.autoscaleBehavior }}
+  behavior: {{ toYaml .Values.celery.beat.autoscaling.autoscaleBehavior | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/defectdojo/templates/celery-beat-pdb.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.celery.beat.podDisruptionBudget.enabled }}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+  labels:
+    defectdojo.org/component: celery
+    defectdojo.org/subcomponent: beat
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  name: {{ $fullName }}-celery-beat
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Release.Name }}
+      defectdojo.org/component: celery
+      defectdojo.org/subcomponent: beat
+{{ toYaml (omit .Values.celery.beat.podDisruptionBudget "enabled" ) | indent 2 }}
+{{- end }}

helm/defectdojo/templates/celery-worker-hpa.yaml

@@ -0,0 +1,51 @@
+{{- if .Values.celery.worker.autoscaling.enabled -}}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+  name: {{ $fullName }}-celery-worker
+  namespace: {{ .Release.Namespace }}
+  labels:
+    defectdojo.org/component: celery
+    defectdojo.org/subcomponent: worker
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: "Deployment"
+    name: {{ $fullName }}-celery-worker
+  minReplicas: {{ .Values.celery.worker.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.celery.worker.autoscaling.maxReplicas }}
+  metrics:
+    {{- with .Values.celery.worker.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+    {{- with .Values.celery.worker.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+  {{- if .Values.celery.worker.autoscaling.autoscaleBehavior }}
+  behavior: {{ toYaml .Values.celery.worker.autoscaling.autoscaleBehavior | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/defectdojo/templates/celery-worker-pdb.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.celery.worker.podDisruptionBudget.enabled }}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+  labels:
+    defectdojo.org/component: celery
+    defectdojo.org/subcomponent: worker
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  name: {{ $fullName }}-celery-worker
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Release.Name }}
+      defectdojo.org/component: celery
+      defectdojo.org/subcomponent: worker
+{{ toYaml (omit .Values.celery.worker.podDisruptionBudget "enabled" ) | indent 2 }}
+{{- end }}

helm/defectdojo/templates/django-hpa.yaml

@@ -0,0 +1,53 @@
+{{- if .Values.django.autoscaling.enabled -}}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  {{- if or .Values.extraAnnotations .Values.django.autoscaling.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.extraAnnotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- range $key, $value := .Values.django.annotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- end }}
+  name: {{ $fullName }}-django
+  namespace: {{ .Release.Namespace }}
+  labels:
+    defectdojo.org/component: django
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: "Deployment"
+    name: {{ $fullName }}-django
+  minReplicas: {{ .Values.django.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.django.autoscaling.maxReplicas }}
+  metrics:
+    {{- with .Values.django.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+    {{- with .Values.django.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+  {{- if .Values.django.autoscaling.autoscaleBehavior }}
+  behavior: {{ toYaml .Values.django.autoscaling.autoscaleBehavior | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/defectdojo/templates/django-pdb.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.django.podDisruptionBudget.enabled }}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  {{- if or .Values.extraAnnotations .Values.django.podDisruptionBudget.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.extraAnnotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- range $key, $value := .Values.django.annotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- end }}
+  labels:
+    defectdojo.org/component: django
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  name: {{ $fullName }}-django
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Release.Name }}
+      defectdojo.org/component: django
+{{ toYaml (omit .Values.django.podDisruptionBudget "enabled" ) | indent 2 }}
+{{- end }}