diff --git a/helm/defectdojo/templates/celery-beat-deployment.yaml b/helm/defectdojo/templates/celery-beat-deployment.yaml index 973c2c857a2..aedbb117275 100644 --- a/helm/defectdojo/templates/celery-beat-deployment.yaml +++ b/helm/defectdojo/templates/celery-beat-deployment.yaml @@ -10,6 +10,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.celery.beat.replicas }} {{- if .Values.revisionHistoryLimit }} @@ -28,8 +31,11 @@ spec: defectdojo.org/subcomponent: beat app.kubernetes.io/name: {{ include "defectdojo.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- with .Values.celery.beat.annotations }} @@ -146,8 +152,8 @@ spec: secretKeyRef: name: {{ $fullName }} key: DD_SECRET_KEY - {{- if .Values.extraEnv }} - {{- toYaml .Values.extraEnv | nindent 8 }} + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 8 }} {{- end }} resources: {{- toYaml .Values.celery.beat.resources | nindent 10 }} diff --git a/helm/defectdojo/templates/celery-worker-deployment.yaml b/helm/defectdojo/templates/celery-worker-deployment.yaml index 4ac4ddce894..c9505959bda 100644 --- a/helm/defectdojo/templates/celery-worker-deployment.yaml +++ b/helm/defectdojo/templates/celery-worker-deployment.yaml @@ -10,6 +10,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.celery.worker.replicas }} {{- if .Values.revisionHistoryLimit }} @@ -28,8 +31,11 @@ spec: defectdojo.org/subcomponent: worker app.kubernetes.io/name: {{ include "defectdojo.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- with .Values.celery.worker.annotations }} @@ -141,8 +147,8 @@ spec: secretKeyRef: name: {{ $fullName }} key: DD_SECRET_KEY - {{- if .Values.extraEnv }} - {{- toYaml .Values.extraEnv | nindent 8 }} + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 8 }} {{- end }} resources: {{- toYaml .Values.celery.worker.resources | nindent 10 }} diff --git a/helm/defectdojo/templates/configmap.yaml b/helm/defectdojo/templates/configmap.yaml index 5ae741f0abc..0d8c4a238e1 100644 --- a/helm/defectdojo/templates/configmap.yaml +++ b/helm/defectdojo/templates/configmap.yaml @@ -8,6 +8,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} data: DD_ADMIN_USER: {{ .Values.admin.user | default "admin" }} DD_ADMIN_MAIL: {{ .Values.admin.Mail | default "admin@defectdojo.local" }} @@ -45,5 +48,5 @@ data: {{- if .Values.django.uwsgi.certificates.enabled }} REQUESTS_CA_BUNDLE: {{ .Values.django.uwsgi.certificates.certMountPath }}{{ .Values.django.uwsgi.certificates.certFileName }} {{- end }} -{{- if .Values.extraConfigs }} -{{ toYaml .Values.extraConfigs | indent 2 }}{{- end }} +{{- with .Values.extraConfigs }} + {{- toYaml . | nindent 2 }}{{- end }} diff --git a/helm/defectdojo/templates/django-deployment.yaml b/helm/defectdojo/templates/django-deployment.yaml index d8610810fb4..8ee54a356d3 100644 --- a/helm/defectdojo/templates/django-deployment.yaml +++ b/helm/defectdojo/templates/django-deployment.yaml @@ -9,6 +9,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.django.replicas }} {{- if .Values.revisionHistoryLimit }} @@ -25,9 +28,12 @@ spec: defectdojo.org/component: django app.kubernetes.io/name: {{ include "defectdojo.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: {{- with .Values.django.annotations }} {{- toYaml . | nindent 8 }} @@ -205,8 +211,8 @@ spec: value: {{- if or .Values.django.ingress.activateTLS .Values.django.nginx.tls.enabled }} "True" {{- else }} "False" {{- end }} - name: DD_CSRF_COOKIE_SECURE value: {{- if or .Values.django.ingress.activateTLS .Values.django.nginx.tls.enabled }} "True" {{- else }} "False" {{- end }} - {{- if .Values.extraEnv }} - {{- toYaml .Values.extraEnv | nindent 8 }} + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.django.uwsgi.livenessProbe.enabled }} livenessProbe: diff --git a/helm/defectdojo/templates/django-ingress.yaml b/helm/defectdojo/templates/django-ingress.yaml index 73ea41404b9..9beecdda923 100644 --- a/helm/defectdojo/templates/django-ingress.yaml +++ b/helm/defectdojo/templates/django-ingress.yaml @@ -14,10 +14,13 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if or .Values.django.ingress.annotations .Values.gke.useGKEIngress }} annotations: {{- with .Values.django.ingress.annotations }} -{{ toYaml . | indent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- if .Values.gke.useGKEIngress }} kubernetes.io/ingress.class: gce diff --git a/helm/defectdojo/templates/django-service.yaml b/helm/defectdojo/templates/django-service.yaml index b64f3a05570..3823886bbd2 100644 --- a/helm/defectdojo/templates/django-service.yaml +++ b/helm/defectdojo/templates/django-service.yaml @@ -9,6 +9,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if .Values.django.service.annotations }} annotations: {{- range $key, $value := .Values.django.service.annotations }} diff --git a/helm/defectdojo/templates/extra-secret.yaml b/helm/defectdojo/templates/extra-secret.yaml index a21e8e27ba6..21f9a9507ee 100644 --- a/helm/defectdojo/templates/extra-secret.yaml +++ b/helm/defectdojo/templates/extra-secret.yaml @@ -9,6 +9,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} type: Opaque data: {{- range $key, $value := .Values.extraSecrets }} diff --git a/helm/defectdojo/templates/initializer-job.yaml b/helm/defectdojo/templates/initializer-job.yaml index 7018c515ce0..60d82b9f2d7 100644 --- a/helm/defectdojo/templates/initializer-job.yaml +++ b/helm/defectdojo/templates/initializer-job.yaml @@ -10,6 +10,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: {{- with .Values.initializer.jobAnnotations }} {{- toYaml . | nindent 4 }} @@ -24,8 +27,11 @@ spec: defectdojo.org/component: initializer app.kubernetes.io/name: {{ include "defectdojo.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.initializer.labels }} - {{- toYaml .Values.initializer.labels | nindent 8 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 8 }} + {{- end -}} + {{- with .Values.initializer.labels }} + {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- with .Values.initializer.annotations }} diff --git a/helm/defectdojo/templates/media-pvc.yaml b/helm/defectdojo/templates/media-pvc.yaml index 1eba1977e9f..c1ca40050d4 100644 --- a/helm/defectdojo/templates/media-pvc.yaml +++ b/helm/defectdojo/templates/media-pvc.yaml @@ -10,6 +10,9 @@ metadata: app.kubernetes.io/instance: {{ $.Release.Name }} app.kubernetes.io/managed-by: {{ $.Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" $ }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ $fullName }} spec: accessModes: diff --git a/helm/defectdojo/templates/network-policy.yaml b/helm/defectdojo/templates/network-policy.yaml index 80c55ddcfa3..ea0017fb1e6 100644 --- a/helm/defectdojo/templates/network-policy.yaml +++ b/helm/defectdojo/templates/network-policy.yaml @@ -9,26 +9,29 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} app.kubernetes.io/name: {{ include "defectdojo.name" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.networkPolicy.ingress}} + {{- if .Values.networkPolicy.ingress }} ingress: - {{- toYaml .Values.networkPolicy.ingress | nindent 4 }} + {{- toYaml .Values.networkPolicy.ingress | nindent 4 }} {{- else }} ingress: - from: - podSelector: matchLabels: app.kubernetes.io/instance: {{ .Release.Name }} - {{- if .Values.networkPolicy.ingressExtend }} - {{- toYaml .Values.networkPolicy.ingressExtend | nindent 8 }} + {{- with .Values.networkPolicy.ingressExtend }} + {{- toYaml . | nindent 8 }} {{ end }} {{- end }} - {{- if .Values.networkPolicy.egress }} + {{- with .Values.networkPolicy.egress }} egress: - {{- toYaml .Values.networkPolicy.egress | nindent 4 }} + {{- toYaml . | nindent 4 }} {{ end }} --- apiVersion: networking.k8s.io/v1 @@ -40,6 +43,9 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} app.kubernetes.io/name: {{ include "defectdojo.name" . }} +{{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} +{{- end }} spec: podSelector: matchLabels: diff --git a/helm/defectdojo/templates/sa.yaml b/helm/defectdojo/templates/sa.yaml index 46f1eaa6d97..23cb70ecd6e 100644 --- a/helm/defectdojo/templates/sa.yaml +++ b/helm/defectdojo/templates/sa.yaml @@ -8,6 +8,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: helm.sh/resource-policy: keep helm.sh/hook: "pre-install" diff --git a/helm/defectdojo/templates/secret-postgresql-ha-pgpool.yaml b/helm/defectdojo/templates/secret-postgresql-ha-pgpool.yaml index 9a440efffd1..40906c1f180 100644 --- a/helm/defectdojo/templates/secret-postgresql-ha-pgpool.yaml +++ b/helm/defectdojo/templates/secret-postgresql-ha-pgpool.yaml @@ -8,6 +8,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: helm.sh/resource-policy: keep helm.sh/hook: "pre-install" diff --git a/helm/defectdojo/templates/secret-postgresql-ha.yaml b/helm/defectdojo/templates/secret-postgresql-ha.yaml index 8e884fa0484..e9236a63f00 100644 --- a/helm/defectdojo/templates/secret-postgresql-ha.yaml +++ b/helm/defectdojo/templates/secret-postgresql-ha.yaml @@ -8,6 +8,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: helm.sh/resource-policy: keep helm.sh/hook: "pre-install" diff --git a/helm/defectdojo/templates/secret-postgresql.yaml b/helm/defectdojo/templates/secret-postgresql.yaml index de6e65420b6..115c244baa5 100644 --- a/helm/defectdojo/templates/secret-postgresql.yaml +++ b/helm/defectdojo/templates/secret-postgresql.yaml @@ -8,6 +8,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: helm.sh/resource-policy: keep helm.sh/hook: "pre-install" diff --git a/helm/defectdojo/templates/secret-redis.yaml b/helm/defectdojo/templates/secret-redis.yaml index 629e6b4fa93..de4549c1f63 100644 --- a/helm/defectdojo/templates/secret-redis.yaml +++ b/helm/defectdojo/templates/secret-redis.yaml @@ -8,6 +8,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: helm.sh/resource-policy: keep helm.sh/hook: "pre-install" diff --git a/helm/defectdojo/templates/secret.yaml b/helm/defectdojo/templates/secret.yaml index 94ca3ef268b..500a097dd16 100644 --- a/helm/defectdojo/templates/secret.yaml +++ b/helm/defectdojo/templates/secret.yaml @@ -9,6 +9,9 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "defectdojo.chart" . }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} annotations: helm.sh/resource-policy: keep helm.sh/hook: "pre-install" diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 555d66c4757..c262e02fa23 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -16,6 +16,9 @@ createPostgresqlHaPgpoolSecret: false # - enabled, enables tracking configuration changes based on SHA256 # trackConfig: disabled +# extraLabels: {} +# Add extra labels for k8s + # Enables application network policy # For more info follow https://kubernetes.io/docs/concepts/services-networking/network-policies/ networkPolicy: