Skip to content

Feat: Add HPA & PDB Helm Chart Support #13391 #13512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
+298 −3
Open

Feat: Add HPA & PDB Helm Chart Support #13391 #13512

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
feeec15
feat(helm): add HPA and PDB support for Django and Celery Beat
carlosmt86 Oct 23, 2025
f81de67
add changes requested
carlosmt86 Oct 28, 2025
4544224
Merge branch 'dev' into feat/chart_hpa_pdb_13391
carlosmt86 Oct 29, 2025
98da46a
fix .Values.django.replicas
carlosmt86 Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/content/en/open_source/upgrading/2.52.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,10 @@ Additionally, each deployment can specify its own pod and container security con

Now each container can specify the resource requests and limits.

#### New values

Added Helm chart support for Celery and Django deployments for Horizontal Pod Autoscaler using `.autoscaling` fields under each section. And Pod Disruption Budget using `.podDisruptionBudget` for any of Celery Beat/Worker or Django deployments.

#### Moved values

The following Helm chart values have been modified in this release:
Expand Down
6 changes: 6 additions & 0 deletions helm/defectdojo/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -529,6 +529,7 @@ A Helm chart for Kubernetes to install DefectDojo
| celery.beat.affinity | object | `{}` | |
| celery.beat.annotations | object | `{}` | Annotations for the Celery beat deployment. |
| celery.beat.automountServiceAccountToken | bool | `false` | |
| celery.beat.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery beat deployment. |
| celery.beat.containerSecurityContext | object | `{}` | Container security context for the Celery beat containers. |
| celery.beat.extraEnv | list | `[]` | Additional environment variables injected to Celery beat containers. |
| celery.beat.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery beat containers. |
Expand All @@ -538,6 +539,7 @@ A Helm chart for Kubernetes to install DefectDojo
| celery.beat.livenessProbe | object | `{}` | Enable liveness probe for Celery beat container. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` |
| celery.beat.nodeSelector | object | `{}` | |
| celery.beat.podAnnotations | object | `{}` | Annotations for the Celery beat pods. |
| celery.beat.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery beat ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
| celery.beat.podSecurityContext | object | `{}` | Pod security context for the Celery beat pods. |
| celery.beat.readinessProbe | object | `{}` | Enable readiness probe for Celery beat container. |
| celery.beat.replicas | int | `1` | |
Expand All @@ -553,6 +555,7 @@ A Helm chart for Kubernetes to install DefectDojo
| celery.worker.annotations | object | `{}` | Annotations for the Celery worker deployment. |
| celery.worker.appSettings.poolType | string | `"solo"` | Performance improved celery worker config when needing to deal with a lot of findings (e.g deduplication ops) poolType: prefork autoscaleMin: 2 autoscaleMax: 8 concurrency: 8 prefetchMultiplier: 128 |
| celery.worker.automountServiceAccountToken | bool | `false` | |
| celery.worker.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for Celery worker deployment. |
| celery.worker.containerSecurityContext | object | `{}` | Container security context for the Celery worker containers. |
| celery.worker.extraEnv | list | `[]` | Additional environment variables injected to Celery worker containers. |
| celery.worker.extraInitContainers | list | `[]` | A list of additional initContainers to run before celery worker containers. |
Expand All @@ -562,6 +565,7 @@ A Helm chart for Kubernetes to install DefectDojo
| celery.worker.livenessProbe | object | `{}` | Enable liveness probe for Celery worker containers. ``` exec: command: - bash - -c - celery -A dojo inspect ping -t 5 initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 10 ``` |
| celery.worker.nodeSelector | object | `{}` | |
| celery.worker.podAnnotations | object | `{}` | Annotations for the Celery beat pods. |
| celery.worker.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for Celery worker ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
| celery.worker.podSecurityContext | object | `{}` | Pod security context for the Celery worker pods. |
| celery.worker.readinessProbe | object | `{}` | Enable readiness probe for Celery worker container. |
| celery.worker.replicas | int | `1` | |
Expand Down Expand Up @@ -595,6 +599,7 @@ A Helm chart for Kubernetes to install DefectDojo
| django.affinity | object | `{}` | |
| django.annotations | object | `{}` | |
| django.automountServiceAccountToken | bool | `false` | |
| django.autoscaling | object | `{"autoscaleBehavior":{},"enabled":false,"maxReplicas":5,"minReplicas":2,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80}` | Autoscaling configuration for the Django deployment. |
| django.extraEnv | list | `[]` | Additional environment variables injected to all Django containers and initContainers. |
| django.extraInitContainers | list | `[]` | A list of additional initContainers to run before the uwsgi and nginx containers. |
| django.extraVolumeMounts | list | `[]` | Array of additional volume mount points common to all containers and initContainers. |
Expand Down Expand Up @@ -622,6 +627,7 @@ A Helm chart for Kubernetes to install DefectDojo
| django.nginx.tls.enabled | bool | `false` | |
| django.nginx.tls.generateCertificate | bool | `false` | |
| django.nodeSelector | object | `{}` | |
| django.podDisruptionBudget | object | `{"enabled":false,"minAvailable":"50%","unhealthyPodEvictionPolicy":"AlwaysAllow"}` | Configure pod disruption budgets for django ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
| django.podSecurityContext | object | `{"fsGroup":1001}` | Pod security context for the Django pods. |
| django.replicas | int | `1` | |
| django.service.annotations | object | `{}` | |
Expand Down
51 changes: 51 additions & 0 deletions helm/defectdojo/templates/celery-beat-hpa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{{- if .Values.celery.beat.autoscaling.enabled -}}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
name: {{ $fullName }}-celery-beat
namespace: {{ .Release.Namespace }}
labels:
defectdojo.org/component: celery
defectdojo.org/subcomponent: beat
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: "Deployment"
name: {{ $fullName }}-celery-beat
minReplicas: {{ .Values.celery.beat.autoscaling.minReplicas }}
maxReplicas: {{ .Values.celery.beat.autoscaling.maxReplicas }}
metrics:
{{- with .Values.celery.beat.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- with .Values.celery.beat.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- if .Values.celery.beat.autoscaling.autoscaleBehavior }}
behavior: {{ toYaml .Values.celery.beat.autoscaling.autoscaleBehavior | nindent 4 }}
{{- end }}
{{- end }}
31 changes: 31 additions & 0 deletions helm/defectdojo/templates/celery-beat-pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{{- if .Values.celery.beat.podDisruptionBudget.enabled }}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.beat.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
labels:
defectdojo.org/component: celery
defectdojo.org/subcomponent: beat
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
name: {{ $fullName }}-celery-beat
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ .Release.Name }}
defectdojo.org/component: celery
defectdojo.org/subcomponent: beat
{{ toYaml (omit .Values.celery.beat.podDisruptionBudget "enabled" ) | indent 2 }}
{{- end }}
51 changes: 51 additions & 0 deletions helm/defectdojo/templates/celery-worker-hpa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{{- if .Values.celery.worker.autoscaling.enabled -}}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
name: {{ $fullName }}-celery-worker
namespace: {{ .Release.Namespace }}
labels:
defectdojo.org/component: celery
defectdojo.org/subcomponent: worker
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: "Deployment"
name: {{ $fullName }}-celery-worker
minReplicas: {{ .Values.celery.worker.autoscaling.minReplicas }}
maxReplicas: {{ .Values.celery.worker.autoscaling.maxReplicas }}
metrics:
{{- with .Values.celery.worker.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- with .Values.celery.worker.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- if .Values.celery.worker.autoscaling.autoscaleBehavior }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any reason not to use with here?

behavior: {{ toYaml .Values.celery.worker.autoscaling.autoscaleBehavior | nindent 4 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shorter version: ....autoscaling.behavior might be better

{{- end }}
{{- end }}
31 changes: 31 additions & 0 deletions helm/defectdojo/templates/celery-worker-pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{{- if .Values.celery.worker.podDisruptionBudget.enabled }}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
{{- with mergeOverwrite dict .Values.extraAnnotations .Values.celery.annotations .Values.celery.worker.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
labels:
defectdojo.org/component: celery
defectdojo.org/subcomponent: worker
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
name: {{ $fullName }}-celery-worker
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ .Release.Name }}
defectdojo.org/component: celery
defectdojo.org/subcomponent: worker
{{ toYaml (omit .Values.celery.worker.podDisruptionBudget "enabled" ) | indent 2 }}
{{- end }}
53 changes: 53 additions & 0 deletions helm/defectdojo/templates/django-hpa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{{- if .Values.django.autoscaling.enabled -}}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
{{- if or .Values.extraAnnotations .Values.django.autoscaling.annotations }}
annotations:
{{- range $key, $value := .Values.extraAnnotations }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- range $key, $value := .Values.django.annotations }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
name: {{ $fullName }}-django
namespace: {{ .Release.Namespace }}
labels:
defectdojo.org/component: django
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: "Deployment"
name: {{ $fullName }}-django
minReplicas: {{ .Values.django.autoscaling.minReplicas }}
maxReplicas: {{ .Values.django.autoscaling.maxReplicas }}
metrics:
{{- with .Values.django.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- with .Values.django.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
averageUtilization: {{ . }}
type: Utilization
{{- end }}
{{- if .Values.django.autoscaling.autoscaleBehavior }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same (with)

behavior: {{ toYaml .Values.django.autoscaling.autoscaleBehavior | nindent 4 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same (....autoscaling.behavior)

{{- end }}
{{- end }}
32 changes: 32 additions & 0 deletions helm/defectdojo/templates/django-pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{{- if .Values.django.podDisruptionBudget.enabled }}
{{- $fullName := include "defectdojo.fullname" . -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
{{- if or .Values.extraAnnotations .Values.django.podDisruptionBudget.annotations }}
annotations:
{{- range $key, $value := .Values.extraAnnotations }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- range $key, $value := .Values.django.annotations }}
{{ $key }}: {{ quote $value }}
{{- end }}
{{- end }}
labels:
defectdojo.org/component: django
app.kubernetes.io/name: {{ include "defectdojo.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "defectdojo.chart" . }}
{{- range $key, $value := .Values.extraLabels }}
{{ $key }}: {{ quote $value }}
{{- end }}
name: {{ $fullName }}-django
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ .Release.Name }}
defectdojo.org/component: django
{{ toYaml (omit .Values.django.podDisruptionBudget "enabled" ) | indent 2 }}
{{- end }}
Loading
Loading