Merge branch 'dev' into audit-log

Maffooch · Jan 31, 2025 · 74dde9d · 74dde9d
2 parents 8ab17ea + 89e17c7
commit 74dde9d
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 2 deletions.
diff --git a/docs/content/en/open_source/installation/configuration.md b/docs/content/en/open_source/installation/configuration.md
@@ -23,7 +23,7 @@ When you deploy DefectDojo in a **Kubernetes** cluster, you can set environment
 
 An example can be found in [`template_env`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/template-env).
 
-### local_settings.py (not with Kubernetes)
+### local_settings.py
 
 `local_settings.py` can contain more complex customizations such as adding MIDDLEWARE or INSTALLED_APP entries.
 This file is processed *after* settings.dist.py is processed, so you can modify settings delivered by DefectDojo out of the box.
@@ -34,6 +34,8 @@ An example can be found in [`dojo/settings/template-local_settings`](https://git
 
 In Docker Compose release mode, files in `docker/extra_settings/` (relative to the file `docker-compose.yml`) will be copied into `dojo/settings/` in the docker container on startup.
 
+`local_settings.py` can be used in Kubernetes as well. Variable `localsettingspy` will be stored as ConfigMap and mounted to responsible location of containers.
+
 ## Configuration in the UI
 
 Users with the superuser status can configure more options via the UI under `Configuration` / `System Settings`. 
diff --git a/helm/defectdojo/templates/celery-beat-deployment.yaml b/helm/defectdojo/templates/celery-beat-deployment.yaml
@@ -61,6 +61,11 @@ spec:
       volumes:
       - name: run
         emptyDir: {}
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- if  .Values.django.uwsgi.certificates.enabled }}
       - name: cert-mount
         configMap:
@@ -119,6 +124,12 @@ spec:
         volumeMounts:
         - name: run
           mountPath: /run/defectdojo
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- if  .Values.django.uwsgi.certificates.enabled }}
         - name: cert-mount
           mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}

diff --git a/helm/defectdojo/templates/celery-worker-deployment.yaml b/helm/defectdojo/templates/celery-worker-deployment.yaml
@@ -59,6 +59,11 @@ spec:
       - name: {{ .Values.imagePullSecrets }}
       {{- end }}
       volumes:
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- if  .Values.django.uwsgi.certificates.enabled }}
       - name: cert-mount
         configMap:
@@ -114,6 +119,12 @@ spec:
         {{- end }}
         command: ['/entrypoint-celery-worker.sh']
         volumeMounts:
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- if  .Values.django.uwsgi.certificates.enabled }}
         - name: cert-mount
           mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}

diff --git a/helm/defectdojo/templates/configmap-local-settings-py.yaml b/helm/defectdojo/templates/configmap-local-settings-py.yaml
@@ -0,0 +1,15 @@
+{{- if  .Values.localsettingspy }}
+{{- $fullName := include "defectdojo.fullname" . -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $fullName }}-localsettingspy
+  labels:
+    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "defectdojo.chart" . }}
+data:
+  file: 
+    {{ toYaml .Values.localsettingspy | indent 4 }}
+{{- end }}
diff --git a/helm/defectdojo/templates/django-deployment.yaml b/helm/defectdojo/templates/django-deployment.yaml
@@ -68,6 +68,11 @@ spec:
       volumes:
       - name: run
         emptyDir: {}
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- if  .Values.django.uwsgi.certificates.enabled }}
       - name: cert-mount
         configMap:
@@ -150,6 +155,12 @@ spec:
         volumeMounts:
         - name: run
           mountPath: /run/defectdojo
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- if  .Values.django.uwsgi.certificates.enabled }}
         - name: cert-mount
           mountPath: {{ .Values.django.uwsgi.certificates.certMountPath }}

diff --git a/helm/defectdojo/templates/initializer-job.yaml b/helm/defectdojo/templates/initializer-job.yaml
@@ -44,6 +44,11 @@ spec:
       - name: {{ .Values.imagePullSecrets }}
       {{- end }}
       volumes:
+      {{- if  .Values.localsettingspy }}
+      - name: localsettingspy
+        configMap:
+          name: {{ $fullName }}-localsettingspy
+      {{- end }}
       {{- range .Values.initializer.extraVolumes }}
       - name: userconfig-{{ .name }}
         {{ .type }}:
@@ -107,6 +112,12 @@ spec:
           {{- toYaml .Values.securityContext.djangoSecurityContext | nindent 10 }}
         {{- end }}
         volumeMounts:
+        {{- if  .Values.localsettingspy }}
+        - name: localsettingspy
+          readOnly: true
+          mountPath: /app/dojo/settings/local_settings.py
+          subPath: file
+        {{- end }}
         {{- range .Values.initializer.extraVolumes }}
         - name: userconfig-{{ .name }}
           readOnly: true

diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml
@@ -543,3 +543,15 @@ extraConfigs: {}
 #     configMapKeyRef:
 #       name: my-other-postgres-configmap
 #       key: cluster_endpoint
+
+# To add code snippet which would extend setting functionality, you might add it here
+# It will be stored as ConfigMap and mounted `dojo/settings/local_settings.py`.
+# For more see: https://documentation.defectdojo.com/getting_started/configuration/
+# For example:
+# localsettingspy: |
+#   INSTALLED_APPS += (
+#     'debug_toolbar',
+#   )
+#   MIDDLEWARE = [
+#       'debug_toolbar.middleware.DebugToolbarMiddleware',
+#   ] + MIDDLEWARE
diff --git a/requirements.txt b/requirements.txt
@@ -69,7 +69,7 @@ django-ratelimit==4.1.0
 argon2-cffi==23.1.0
 blackduck==1.1.3
 pycurl==7.45.4  # Required for Celery Broker AWS (SQS) support
-boto3==1.36.8  # Required for Celery Broker AWS (SQS) support
+boto3==1.36.9  # Required for Celery Broker AWS (SQS) support
 netaddr==1.3.0
 vulners==2.2.3
 fontawesomefree==6.6.0