defectdojo: tag: 2.34.1 fullnameOverride: defectdojo host: defectdojo.example.com site_url: https://defectdojo.example.com alternativeHosts: - defectdojo-django.defectdojo initializer: run: true django: ingress: enabled: true # change to 'false' for OpenShift activateTLS: false uwsgi: livenessProbe: # Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well. # default value is 120, so in our case 20 is just fine initialDelaySeconds: 20 mediaPersistentVolume: persistentVolumeClaim: size: 2Gi postgresql: # Crunch PostgresCluster is used as the External Postgresql database enabled: false postgresServer: "defectdojo-primary.defectdojo.svc" auth: existingSecret: defectdojo-pguser-defectdojo secretKeys: adminPasswordKey: password userPasswordKey: password rabbitmq: persistence: size: 1Gi # SSO Enablement. for additional options, please consult https://defectdojo.github.io/django-DefectDojo/integrations/social-authentication/#keycloak # Keycloak integration also requires DD_SOCIAL_AUTH_KEYCLOAK_SECRET to be defined, we recommend to create secret with name `defectdojo-extrasecrets` # and define key: DD_SOCIAL_AUTH_KEYCLOAK_SECRET with value from your Keycloak ClientId Secret # the below options are public and ok to be defined in extraConfigs extraConfigs: DD_SESSION_COOKIE_SECURE: 'True' DD_CSRF_COOKIE_SECURE: 'True' DD_SECURE_SSL_REDIRECT: 'False' DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED: 'True' DD_SOCIAL_AUTH_KEYCLOAK_KEY: 'defectdojo' # Keycloak realm public key received from: <realm_name> -> realm settings -> keys -> RS256 -> Public key DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY: '<RS256_KEY>' DD_SOCIAL_AUTH_KEYCLOAK_SECRET: "defectdojo-extrasecrets" DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: 'https://keycloak.example.com/auth/realms/shared/protocol/openid-connect/auth' DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL: 'https://keycloak.example.com/auth/realms/shared/protocol/openid-connect/token' # Configuration for setting up resources in Keycloak to enable OIDC authentication. # Prerequisite: Ensure that the Keycloak Operator is installed and integrated with Keycloak. # Refer to the installation guide for the Keycloak Operator: # https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/keycloak-operator # # Additionally, necessary Keycloak resources such as realms, roles, and groups must be created # to support component functionality. This can be done using the provided add-ons or manually: # https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/kuberocketci-rbac oidc: enabled: false # This section enables configuration for using External Secrets Operator (ESO) as the secret manager. # Prerequisite: Ensure that ESO is installed in the cluster. # Refer to the EDP cluster add-on for ESO installation and setup: # https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/external-secrets # # Ensure that you have created the necessary roles for ESO integration. # Follow the detailed instructions here: # https://docs.kuberocketci.io/docs/operator-guide/secrets-management/external-secrets-operator-integration#aws-parameter-store-scenario-in-kuberocketci eso: # -- Install components of the ESO. enabled: true # -- Defines provider type. One of `aws` or `generic`. type: "aws" # -- Defines Secret Store name. secretStoreName: "aws-parameterstore" # -- Value name in AWS ParameterStore, AWS SecretsManager or other Secret Store. secretName: "/infra/core/addons/defectdojo" # -- Role ARN for the ExternalSecretOperator to assume. roleArn: arn:aws:iam::012345678910:role/AWSIRSA_Shared_ExternalSecretOperatorAccess # Defines Secret Store configuration. Used when eso.type is set to "generic". generic: secretStore: # -- Defines SecretStore provider configuration. providerConfig: {} # gcpsm: # projectID: "alphabet-123"