--- bases: - envs/common.yaml --- releases: ################################################################################ ## DefectDojo #################################################### ################################################################################ # # References: # - - https://github.com/DefectDojo/django-DefectDojo/blob/master/helm/defectdojo/values.yaml # - name: "defectdojo" namespace: "defectdojo" labels: chart: "defectdojo" repo: "defectdojo" component: "defectdojo" namespace: "defectdojo" vendor: "defectdojo" default: "true" chart: "defectdojo/defectdojo" {{- if eq .Values.global.platform "openshift" }} hooks: - events: ["prepare"] showlogs: true command: "kubectl" args: ["apply", "-f", "../resources/defectdojo-scc.yaml"] - events: ["prepare"] showlogs: true command: "kubectl" args: ["apply", "-f", "../resources/defectdojo-route.yaml"] - events: ["postuninstall"] showlogs: true command: "kubectl" args: ["delete", "-f", "../resources/defectdojo-scc.yaml"] - events: ["postuninstall"] showlogs: true command: "kubectl" args: ["delete", "-f", "../resources/defectdojo-route.yaml"] {{- end }} version: "1.6.69" wait: true installed: true values: - tag: 2.22.4 fullnameOverride: defectdojo host: defectdojo.{{ .Values.global.dnsWildCard }} site_url: https://defectdojo.{{ .Values.global.dnsWildCard }} alternativeHosts: - defectdojo-django.defectdojo initializer: # should be false after initial installation was performed run: true # SSO Enablement. for additional options, please consult https://defectdojo.github.io/django-DefectDojo/integrations/social-authentication/#keycloak # Keycloak integration also requires DD_SOCIAL_AUTH_KEYCLOAK_SECRET to be defined, we recommend to create secret with name `defectdojo-extrasecrets` # and define key: DD_SOCIAL_AUTH_KEYCLOAK_SECRET with value from your Keycloak ClientId Secret # the below options are public and ok to be defined in extraConfigs extraConfigs: DD_SESSION_COOKIE_SECURE: 'True' DD_CSRF_COOKIE_SECURE: 'True' DD_SECURE_SSL_REDIRECT: 'True' DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED: 'True' DD_SOCIAL_AUTH_KEYCLOAK_KEY: 'defectdojo' # Keycloak realm public key received from: <realm_name> -> realm settings -> keys -> RS256 -> Public key DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY: '<KEYCLOAK_REALM_RSA256_PUBLIC_KEY>' DD_SOCIAL_AUTH_KEYCLOAK_SECRET: "defectdojo-extrasecrets" DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: '{{ .Values.global.keycloakEndpoint }}/auth/realms/{{ .Values.global.edpName }}-main/protocol/openid-connect/auth' DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL: '{{ .Values.global.keycloakEndpoint }}/auth/realms/{{ .Values.global.edpName }}-main/protocol/openid-connect/token' django: ingress: {{- if eq .Values.global.platform "openshift" }} enabled: false {{- end }} activateTLS: false uwsgi: livenessProbe: # Enable liveness checks on uwsgi container. Those values are use on nginx readiness checks as well. # default value is 120, so in our case 20 is just fine initialDelaySeconds: 20 postgresql: primary: persistence: size: 2Gi rabbitmq: persistence: size: 2Gi