feat(helm): add HPA and PDB support for Django and Celery Beat

carlosmt86 · carlosmt86 · commit 6ad7153842de · 2025-10-23T16:28:33.000+02:00
- Add PodDisruptionBudget for Django pods - Add HorizontalPodAutoscaler for Django pods - Add PodDisruptionBudget for Celery Beat pods - Add HorizontalPodAutoscaler for Celery Beat pods - All resources default to disabled (enabled: false) - Configurable via values.yaml Fixes #13391
diff --git a/docs/content/en/open_source/upgrading/2.52.md b/docs/content/en/open_source/upgrading/2.52.md
@@ -32,6 +32,10 @@ Additionally, each deployment can specify its own pod and container security con
 
 Now each container can specify the resource requests and limits.
 
+#### New values
+
+Added Helm chart support for Celery Beat and Django for Horizontal Pod Autoscaler using `celery.beat.autoscaling` and `django.autoscaling`. And Pod Disruption Budget using `celery.beat.podDisruptionBudget` and `django.podDisruptionBudget`
+
 #### Moved values
 
 The following Helm chart values have been modified in this release:
diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md
@@ -529,6 +529,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | celery.beat.affinity | object | `{}` |  |
 | celery.beat.annotations | object | `{}` | Annotations for the Celery beat deployment. |
 | celery.beat.automountServiceAccountToken | bool | `false` |  |
+| celery.beat.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":{}}` | Autoscaling configuration for Celery beat deployment. |
 | celery.beat.containerSecurityContext | object | `{}` | Container security context for the Celery beat containers. |
 | celery.beat.extraEnv | list | `[]` | Additional environment variables injected to Celery beat containers. |
 | celery.beat.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery beat containers. |
@@ -538,6 +539,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | celery.beat.livenessProbe | object | `{}` | Enable liveness probe for Celery beat container. ``` exec:   command:     - bash     - -c     - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` |
 | celery.beat.nodeSelector | object | `{}` |  |
 | celery.beat.podAnnotations | object | `{}` | Annotations for the Celery beat pods. |
+| celery.beat.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
 | celery.beat.podSecurityContext | object | `{}` | Pod security context for the Celery beat pods. |
 | celery.beat.readinessProbe | object | `{}` | Enable readiness probe for Celery beat container. |
 | celery.beat.replicas | int | `1` |  |
@@ -595,6 +597,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | django.affinity | object | `{}` |  |
 | django.annotations | object | `{}` |  |
 | django.automountServiceAccountToken | bool | `false` |  |
+| django.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":{}}` | Autoscaling configuration for the Django deployment. |
 | django.extraEnv | list | `[]` | Additional environment variables injected to all Django containers and initContainers. |
 | django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. |
 | django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. |
@@ -622,6 +625,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | django.nginx.tls.enabled | bool | `false` |  |
 | django.nginx.tls.generateCertificate | bool | `false` |  |
 | django.nodeSelector | object | `{}` |  |
+| django.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
 | django.podSecurityContext | object | `{"fsGroup":1001}` | Pod security context for the Django pods. |
 | django.replicas | int | `1` |  |
 | django.service.annotations | object | `{}` |  |
diff --git a/helm/defectdojo/templates/celery-beat-hpa.yaml b/helm/defectdojo/templates/celery-beat-hpa.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.celery.beat.autoscaling.enabled -}}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+  name: {{ $fullName }}-celery-beat
+  namespace: {{ .Release.Namespace }}
+  labels:
+    defectdojo.org/component: celery
+    defectdojo.org/subcomponent: beat
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: "Deployment"
+    name: {{ $fullName }}-celery-beat
+  minReplicas: {{ .Values.celery.beat.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.celery.beat.autoscaling.maxReplicas }}
+  metrics:
+    {{- with .Values.celery.beat.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+    {{- with .Values.celery.beat.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+  {{- if .Values.celery.beat.autoscaling.autoscaleBehavior }}
+  behavior: {{ toYaml .Values.celery.beat.autoscaling.autoscaleBehavior | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/helm/defectdojo/templates/celery-beat-pdb.yaml b/helm/defectdojo/templates/celery-beat-pdb.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.celery.beat.podDisruptionBudget.enabled }}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  {{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }}
+  annotations:
+    {{- range $key, $value := . }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  {{- end }}
+  labels:
+    defectdojo.org/component: celery
+    defectdojo.org/subcomponent: beat
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  name: {{ $fullName }}-celery-beat
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Release.Name }}
+      defectdojo.org/component: celery
+      defectdojo.org/subcomponent: beat
+{{ toYaml (omit .Values.celery.beat.podDisruptionBudget "enabled" ) | indent 2 }}
+{{- end }}
diff --git a/helm/defectdojo/templates/django-hpa.yaml b/helm/defectdojo/templates/django-hpa.yaml
@@ -0,0 +1,53 @@
+{{- if .Values.django.autoscaling.enabled -}}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  {{- if or .Values.extraAnnotations .Values.django.autoscaling.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.extraAnnotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- range $key, $value := .Values.django.annotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- end }}
+  name: {{ $fullName }}-django
+  namespace: {{ .Release.Namespace }}
+  labels:
+    defectdojo.org/component: django
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: "Deployment"
+    name: {{ $fullName }}-django
+  minReplicas: {{ .Values.django.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.django.autoscaling.maxReplicas }}
+  metrics:
+    {{- with .Values.django.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+    {{- with .Values.django.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          averageUtilization: {{ . }}
+          type: Utilization
+    {{- end }}
+  {{- if .Values.django.autoscaling.autoscaleBehavior }}
+  behavior: {{ toYaml .Values.django.autoscaling.autoscaleBehavior | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/helm/defectdojo/templates/django-pdb.yaml b/helm/defectdojo/templates/django-pdb.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.django.podDisruptionBudget.enabled }}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  {{- if or .Values.extraAnnotations .Values.django.podDisruptionBudget.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.extraAnnotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- range $key, $value := .Values.django.annotations }}
+    {{ $key }}: {{ quote $value }}
+  {{- end }}
+  {{- end }}
+  labels:
+    defectdojo.org/component: django
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+    {{- range $key, $value := .Values.extraLabels }}
+    {{ $key }}: {{ quote $value }}
+    {{- end }}
+  name: {{ $fullName }}-django
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ .Release.Name }}
+      defectdojo.org/component: django
+{{ toYaml (omit .Values.django.podDisruptionBudget "enabled" ) | indent 2 }}
+{{- end }}
diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json
@@ -55,6 +55,30 @@
                         "automountServiceAccountToken": {
                             "type": "boolean"
                         },
+                        "autoscaling": {
+                            "description": "Autoscaling configuration for Celery beat deployment.",
+                            "type": "object",
+                            "properties": {
+                                "autoscaleBehavior": {
+                                    "type": "object"
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxReplicas": {
+                                    "type": "integer"
+                                },
+                                "minReplicas": {
+                                    "type": "integer"
+                                },
+                                "targetCPUUtilizationPercentage": {
+                                    "type": "integer"
+                                },
+                                "targetMemoryUtilizationPercentage": {
+                                    "type": "object"
+                                }
+                            }
+                        },
                         "containerSecurityContext": {
                             "description": "Container security context for the Celery beat containers.",
                             "type": "object"
@@ -104,6 +128,21 @@
                             "description": "Annotations for the Celery beat pods.",
                             "type": "object"
                         },
+                        "podDisruptionBudget": {
+                            "description": "Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget",
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "minAvailable": {
+                                    "type": "string"
+                                },
+                                "unhealthyPodEvictionPolicy": {
+                                    "type": "string"
+                                }
+                            }
+                        },
                         "podSecurityContext": {
                             "description": "Pod security context for the Celery beat pods.",
                             "type": "object"
@@ -429,6 +468,30 @@
                 "automountServiceAccountToken": {
                     "type": "boolean"
                 },
+                "autoscaling": {
+                    "description": "Autoscaling configuration for the Django deployment.",
+                    "type": "object",
+                    "properties": {
+                        "autoscaleBehavior": {
+                            "type": "object"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "maxReplicas": {
+                            "type": "integer"
+                        },
+                        "minReplicas": {
+                            "type": "integer"
+                        },
+                        "targetCPUUtilizationPercentage": {
+                            "type": "integer"
+                        },
+                        "targetMemoryUtilizationPercentage": {
+                            "type": "object"
+                        }
+                    }
+                },
                 "extraEnv": {
                     "description": "Additional environment variables injected to all Django containers and initContainers.",
                     "type": "array"
@@ -594,6 +657,21 @@
                 "nodeSelector": {
                     "type": "object"
                 },
+                "podDisruptionBudget": {
+                    "description": "Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget",
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "minAvailable": {
+                            "type": "string"
+                        },
+                        "unhealthyPodEvictionPolicy": {
+                            "type": "string"
+                        }
+                    }
+                },
                 "podSecurityContext": {
                     "description": "Pod security context for the Django pods.",
                     "type": "object",
diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml
@@ -221,6 +221,14 @@ celery:
       repository: ""
       tag: ""
       digest: ""
+    # -- Autoscaling configuration for Celery beat deployment.
+    autoscaling:
+      enabled: false
+      minReplicas: 2
+      maxReplicas: 5
+      targetCPUUtilizationPercentage: 80
+      targetMemoryUtilizationPercentage: {}
+      autoscaleBehavior: {}
     automountServiceAccountToken: false
     # -- Annotations for the Celery beat deployment.
     annotations: {}
@@ -251,6 +259,12 @@ celery:
     nodeSelector: {}
     # -- Annotations for the Celery beat pods.
     podAnnotations: {}
+    # -- Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+    podDisruptionBudget:
+      enabled: false
+      minAvailable: 50%
+      # maxUnavailable: ""
+      unhealthyPodEvictionPolicy: AlwaysAllow
     # -- Pod security context for the Celery beat pods.
     podSecurityContext: {}
     # -- Enable readiness probe for Celery beat container.
@@ -328,6 +342,14 @@ celery:
       poolType: solo
 
 django:
+  # -- Autoscaling configuration for the Django deployment.
+  autoscaling:
+    enabled: false
+    minReplicas: 2
+    maxReplicas: 5
+    targetCPUUtilizationPercentage: 80
+    targetMemoryUtilizationPercentage: {}
+    autoscaleBehavior: {}
   automountServiceAccountToken: false
   annotations: {}
   service:
@@ -380,6 +402,12 @@ django:
         cpu: 2000m
         memory: 256Mi
   nodeSelector: {}
+  # -- Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
+  podDisruptionBudget:
+    enabled: false
+    minAvailable: 50%
+    # maxUnavailable: ""
+    unhealthyPodEvictionPolicy: AlwaysAllow
   replicas: 1
   strategy: {}
   tolerations: []
