fix(helm): set cloudsql-proxy as sidecar container to allow initializ…

…er and dbmigration to run Increment Helm chart version
DefectDojo · Aug 29, 2024 · 9fff9b3 · 9fff9b3
1 parent 8b28b91
commit 9fff9b3
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 34 deletions.
diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.38.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.148-dev
+version: 1.6.149-dev
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap

diff --git a/helm/defectdojo/templates/celery-beat-deployment.yaml b/helm/defectdojo/templates/celery-beat-deployment.yaml
@@ -68,15 +68,11 @@ spec:
       {{- end }}
       {{- if .Values.dbMigrationChecker.enabled }}
       initContainers:
-      {{$data := dict "fullName" $fullName }}
-      {{- $newContext := merge . (dict "fullName" $fullName) }}
-      {{- include "dbMigrationChecker" $newContext | nindent 6 }}
-      {{- end }}
-      containers:
       {{- if .Values.cloudsql.enabled  }}
       - name: cloudsql-proxy
         image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
         imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
+        restartPolicy: Always
         securityContext:
           runAsNonRoot: true
         command: ["/cloud_sql_proxy"]
@@ -92,6 +88,11 @@ spec:
         - "-ip_address_types=PRIVATE"
         {{- end }}
       {{- end }}
+      {{$data := dict "fullName" $fullName }}
+      {{- $newContext := merge . (dict "fullName" $fullName) }}
+      {{- include "dbMigrationChecker" $newContext | nindent 6 }}
+      {{- end }}
+      containers:
       - command:
         - /entrypoint-celery-beat.sh
         name: celery

diff --git a/helm/defectdojo/templates/celery-worker-deployment.yaml b/helm/defectdojo/templates/celery-worker-deployment.yaml
@@ -66,15 +66,11 @@ spec:
       {{- end }}
       {{- if .Values.dbMigrationChecker.enabled }}
       initContainers:
-      {{$data := dict "fullName" $fullName }}
-      {{- $newContext := merge . (dict "fullName" $fullName) }}
-      {{- include "dbMigrationChecker" $newContext | nindent 6 }}
-      {{- end }}
-      containers:
       {{- if .Values.cloudsql.enabled  }}
       - name: cloudsql-proxy
         image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
         imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
+        restartPolicy: Always
         securityContext:
           runAsNonRoot: true
         command: ["/cloud_sql_proxy"]
@@ -90,6 +86,11 @@ spec:
         - "-ip_address_types=PRIVATE"
         {{- end }}
       {{- end }}
+      {{$data := dict "fullName" $fullName }}
+      {{- $newContext := merge . (dict "fullName" $fullName) }}
+      {{- include "dbMigrationChecker" $newContext | nindent 6 }}
+      {{- end }}
+      containers:
       - name: celery
         image: "{{ template "celery.repository" . }}:{{ .Values.tag }}"
         imagePullPolicy: {{ .Values.imagePullPolicy }}

diff --git a/helm/defectdojo/templates/django-deployment.yaml b/helm/defectdojo/templates/django-deployment.yaml
@@ -84,15 +84,11 @@ spec:
       {{- end }}
       {{- if .Values.dbMigrationChecker.enabled }}
       initContainers:
-      {{$data := dict "fullName" $fullName }}
-      {{- $newContext := merge . (dict "fullName" $fullName) }}
-      {{- include "dbMigrationChecker" $newContext | nindent 6 }}
-      {{- end }}
-      containers:
       {{- if .Values.cloudsql.enabled  }}
       - name: cloudsql-proxy
         image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
         imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
+        restartPolicy: Always
         securityContext:
           runAsNonRoot: true
         command: ["/cloud_sql_proxy"]
@@ -108,6 +104,11 @@ spec:
         - "-ip_address_types=PRIVATE"
         {{- end }}
       {{- end }}
+      {{$data := dict "fullName" $fullName }}
+      {{- $newContext := merge . (dict "fullName" $fullName) }}
+      {{- include "dbMigrationChecker" $newContext | nindent 6 }}
+      {{- end }}
+      containers:
       {{- if and .Values.monitoring.enabled .Values.monitoring.prometheus.enabled }}
       - name: metrics
         image: {{ .Values.monitoring.prometheus.image }}

diff --git a/helm/defectdojo/templates/initializer-job.yaml b/helm/defectdojo/templates/initializer-job.yaml
@@ -49,28 +49,11 @@ spec:
           {{- end }}
       {{- end }}
       initContainers:
-      - name: wait-for-db
-        command:
-        - '/bin/bash'
-        - '-c'
-        - '/wait-for-it.sh ${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432} -t 30 -s -- /bin/echo Database is up'
-        image: '{{ template "django.uwsgi.repository" . }}:{{ .Values.tag }}'
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
-        {{- if .Values.securityContext.enabled }}
-        securityContext:
-          {{- toYaml .Values.securityContext.djangoSecurityContext | nindent 10 }}
-        {{- end }}
-        envFrom:
-        - configMapRef:
-            name: {{ $fullName }}
-        - secretRef:
-            name: {{ $fullName }}
-            optional: true
-      containers:
       {{- if .Values.cloudsql.enabled  }}
       - name: cloudsql-proxy
         image: {{ .Values.cloudsql.image.repository }}:{{ .Values.cloudsql.image.tag }}
         imagePullPolicy: {{ .Values.cloudsql.image.pullPolicy }}
+        restartPolicy: Always
         securityContext:
           runAsNonRoot: true
         command: ["/cloud_sql_proxy"]
@@ -86,6 +69,24 @@ spec:
         - "-ip_address_types=PRIVATE"
         {{- end }}
       {{- end }}
+      - name: wait-for-db
+        command:
+        - '/bin/bash'
+        - '-c'
+        - '/wait-for-it.sh ${DD_DATABASE_HOST:-postgres}:${DD_DATABASE_PORT:-5432} -t 30 -s -- /bin/echo Database is up'
+        image: '{{ template "django.uwsgi.repository" . }}:{{ .Values.tag }}'
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        {{- if .Values.securityContext.enabled }}
+        securityContext:
+          {{- toYaml .Values.securityContext.djangoSecurityContext | nindent 10 }}
+        {{- end }}
+        envFrom:
+        - configMapRef:
+            name: {{ $fullName }}
+        - secretRef:
+            name: {{ $fullName }}
+            optional: true
+      containers:
       - name: initializer
         image: "{{ template "initializer.repository" . }}:{{ .Values.tag }}"
         imagePullPolicy: {{ .Values.imagePullPolicy }}