feat(helm): Drop support for postgresql-ha (#12319)

* feat(psql-ha): Drop support for postgresql-ha

* Update readme-docs/KUBERNETES.md

Co-authored-by: Harold Blankenship <[email protected]>

---------

Co-authored-by: Harold Blankenship <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>

Author: 3 people

.github/workflows/k8s-tests.yml

@@ -11,7 +11,6 @@ env:
     --set createRedisSecret=true \
     "
   HELM_PG_DATABASE_SETTINGS: " \
-    --set database=postgresql \
     --set postgresql.enabled=true \
     --set createPostgresqlSecret=true \
    "

docs/content/en/open_source/upgrading/2.46.md

@@ -63,10 +63,10 @@ Before:
     "statistics": {
         "before": {},
         "delta": {
-        "created": {},
-        "closed": {},
-        "reactivated": {},
-        "left untouched": {}
+            "created": {},
+            "closed": {},
+            "reactivated": {},
+            "left untouched": {}
         },
         "after": {}
     }
@@ -76,10 +76,10 @@ After:
     "statistics": {
         "before": {},
         "delta": {
-        "created": {},
-        "closed": {},
-        "reactivated": {},
-        "untouched": {}
+            "created": {},
+            "closed": {},
+            "reactivated": {},
+            "untouched": {}
         },
         "after": {}
     }

docs/content/en/open_source/upgrading/2.47.md

@@ -2,6 +2,10 @@
 title: 'Upgrading to DefectDojo Version 2.47.x'
 toc_hide: true
 weight: -20250505
-description: No special instructions.
+description: Drop support for PostgreSQL-HA in HELM
 ---
+### Drop support for PostgreSQL-HA in HELM
+
+This release removes support for the PostgreSQL-HA (High Availability) Helm chart as a dependency in the DefectDojo Helm chart. Users relying on the PostgreSQL-HA Helm chart will need to transition to using the standard PostgreSQL configuration or an external PostgreSQL database.
+
 There are no special instructions for upgrading to 2.47.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.47.0) for the contents of the release.

helm/defectdojo/Chart.lock

@@ -2,9 +2,6 @@ dependencies:
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
   version: 16.7.0
-- name: postgresql-ha
-  repository: https://charts.bitnami.com/bitnami
-  version: 9.4.11
 - name: redis
   repository: https://charts.bitnami.com/bitnami
   version: 19.6.4

helm/defectdojo/Chart.yaml

@@ -13,11 +13,6 @@ dependencies:
     version: ~16.7.0
     repository: "https://charts.bitnami.com/bitnami"
     condition: postgresql.enabled
-  - name: postgresql-ha
-    version: ~9.4.0
-    repository: "https://charts.bitnami.com/bitnami"
-    alias: postgresqlha
-    condition: postgresqlha.enabled
   - name: redis
     version: ~19.6.0
     repository: "https://charts.bitnami.com/bitnami"

helm/defectdojo/templates/_helpers.tpl

@@ -36,7 +36,6 @@ Create chart name and version as used by the chart label.
   Determine the hostname to use for PostgreSQL/Redis.
 */}}
 {{- define "postgresql.hostname" -}}
-{{- if eq .Values.database "postgresql" -}}
 {{- if .Values.postgresql.enabled -}}
 {{- if eq .Values.postgresql.architecture "replication" -}}
 {{- printf "%s-%s-%s" .Release.Name "postgresql" .Values.postgresql.primary.name | trunc 63 | trimSuffix "-" -}}
@@ -47,16 +46,6 @@ Create chart name and version as used by the chart label.
 {{- printf "%s" .Values.postgresql.postgresServer -}}
 {{- end -}}
 {{- end -}}
-{{- end -}}
-{{- define "postgresqlha.hostname" -}}
-{{- if eq .Values.database "postgresqlha" -}}
-{{- if .Values.postgresqlha.enabled -}}
-{{- printf "%s-%s" .Release.Name "postgresqlha-pgpool" | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s" .Values.postgresqlha.postgresServer -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
 {{- define "redis.hostname" -}}
 {{- if eq .Values.celery.broker "redis" -}}
 {{- if .Values.redis.enabled -}}
@@ -161,13 +150,8 @@ Create chart name and version as used by the chart label.
   - name: DD_DATABASE_PASSWORD
     valueFrom:
       secretKeyRef:
-        {{- if eq .Values.database "postgresql" }}
-          name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
-          key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
-        {{- else if eq .Values.database "postgresqlha" }}
-          name: {{ .Values.postgresqlha.postgresql.existingSecret | default "defectdojo-postgresql-ha-specific" }}
-          key: postgresql-postgres-password
-        {{- end }}
+        name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
+        key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
   {{- if .Values.extraEnv }}
   {{- toYaml .Values.extraEnv | nindent 2 }}
   {{- end }}

helm/defectdojo/templates/celery-beat-deployment.yaml

@@ -96,9 +96,7 @@ spec:
         command: ["/cloud_sql_proxy"]
         args:
         - "-verbose={{ .Values.cloudsql.verbose }}"
-        {{- if eq .Values.database "postgresql" }}
         - "-instances={{ .Values.cloudsql.instance }}=tcp:{{ .Values.postgresql.primary.service.ports.postgresql }}"
-        {{- end }}
         {{- if .Values.cloudsql.enable_iam_login }}
         - "-enable_iam_login"
         {{- end }}
@@ -157,13 +155,8 @@ spec:
         - name: DD_DATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              {{- if eq .Values.database "postgresql" }}
-                name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
-                key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
-              {{- else if eq .Values.database "postgresqlha" }}
-                name: {{ .Values.postgresqlha.postgresql.existingSecret | default "defectdojo-postgresql-ha-specific" }}
-                key: postgresql-postgres-password
-              {{- end }}
+              name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
+              key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
         - name: DD_SECRET_KEY
           valueFrom:
             secretKeyRef:

helm/defectdojo/templates/celery-worker-deployment.yaml

@@ -94,9 +94,7 @@ spec:
         command: ["/cloud_sql_proxy"]
         args:
         - "-verbose={{ .Values.cloudsql.verbose }}"
-        {{- if eq .Values.database "postgresql" }}
         - "-instances={{ .Values.cloudsql.instance }}=tcp:{{ .Values.postgresql.primary.service.ports.postgresql }}"
-        {{- end }}
         {{- if .Values.cloudsql.enable_iam_login }}
         - "-enable_iam_login"
         {{- end }}
@@ -152,13 +150,8 @@ spec:
         - name: DD_DATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              {{- if eq .Values.database "postgresql" }}
-                name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
-                key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
-              {{- else if eq .Values.database "postgresqlha" }}
-                name: {{ .Values.postgresqlha.postgresql.existingSecret | default "defectdojo-postgresql-ha-specific" }}
-                key: postgresql-postgres-password
-              {{- end }}
+              name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
+              key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
         - name: DD_SECRET_KEY
           valueFrom:
             secretKeyRef:

helm/defectdojo/templates/configmap.yaml

@@ -36,11 +36,11 @@ data:
   DD_CELERY_WORKER_AUTOSCALE_MAX: '{{ if eq .Values.celery.worker.appSettings.poolType "prefork" }}{{ .Values.celery.worker.appSettings.autoscaleMax | default "8" }}{{ end }}'
   DD_CELERY_WORKER_CONCURRENCY: '{{ if eq .Values.celery.worker.appSettings.poolType "prefork" }}{{ .Values.celery.worker.appSettings.concurrency | default "8" }}{{ end }}'
   DD_CELERY_WORKER_PREFETCH_MULTIPLIER: '{{ if eq .Values.celery.worker.appSettings.poolType "prefork" }}{{ .Values.celery.worker.appSettings.prefetchMultiplier | default "128" }}{{ end }}'
-  DD_DATABASE_ENGINE: django.db.backends.{{ if eq .Values.database "postgresql" }}postgresql{{ end }}{{ if eq .Values.database "postgresqlha" }}postgresql{{ end }}
-  DD_DATABASE_HOST: {{ if eq .Values.database "postgresql" }}{{ template "postgresql.hostname" . }}{{ end }}{{ if eq .Values.database "postgresqlha" }}{{ template "postgresqlha.hostname" . }}{{ end }}
-  DD_DATABASE_PORT: '{{ if eq .Values.database "postgresql" }}{{ .Values.postgresql.primary.service.ports.postgresql }}{{ end }}{{ if eq .Values.database "postgresqlha" }}{{ .Values.postgresqlha.service.ports.postgresql }}{{ end }}'
-  DD_DATABASE_USER: {{ if eq .Values.database "postgresql" }}{{ .Values.postgresql.auth.username }}{{ end }}{{ if eq .Values.database "postgresqlha" }}{{ .Values.postgresqlha.postgresql.username }}{{ end }}
-  DD_DATABASE_NAME: {{ if eq .Values.database "postgresql" }}{{ .Values.postgresql.auth.database }}{{ end }}{{ if eq .Values.database "postgresqlha" }}{{ .Values.postgresqlha.postgresql.database }}{{ end }}
+  DD_DATABASE_ENGINE: django.db.backends.postgresql
+  DD_DATABASE_HOST: {{ template "postgresql.hostname" . }}
+  DD_DATABASE_PORT: '{{ .Values.postgresql.primary.service.ports.postgresql }}'
+  DD_DATABASE_USER: {{ .Values.postgresql.auth.username }}
+  DD_DATABASE_NAME: {{ .Values.postgresql.auth.database }}
   DD_INITIALIZE: '{{ .Values.initializer.run }}'
   DD_UWSGI_ENDPOINT: /run/defectdojo/uwsgi.sock
   DD_UWSGI_HOST: localhost

helm/defectdojo/templates/django-deployment.yaml

@@ -116,9 +116,7 @@ spec:
         command: ["/cloud_sql_proxy"]
         args:
         - "-verbose={{ .Values.cloudsql.verbose }}"
-        {{- if eq .Values.database "postgresql" }}
         - "-instances={{ .Values.cloudsql.instance }}=tcp:{{ .Values.postgresql.primary.service.ports.postgresql }}"
-        {{- end }}
         {{- if .Values.cloudsql.enable_iam_login }}
         - "-enable_iam_login"
         {{- end }}
@@ -206,13 +204,8 @@ spec:
         - name: DD_DATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              {{- if eq .Values.database "postgresql" }}
-                name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
-                key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
-              {{- else if eq .Values.database "postgresqlha" }}
-                name: {{ .Values.postgresqlha.postgresql.existingSecret | default "defectdojo-postgresql-ha-specific" }}
-                key: postgresql-postgres-password
-              {{- end }}
+              name: {{ .Values.postgresql.auth.existingSecret | default "defectdojo-postgresql-specific" }}
+              key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey | default "postgresql-password" }}
         - name: DD_SECRET_KEY
           valueFrom:
             secretKeyRef:

helm/defectdojo/templates/initializer-job.yaml

@@ -72,9 +72,7 @@ spec:
         command: ["/cloud_sql_proxy"]
         args:
         - "-verbose={{ .Values.cloudsql.verbose }}"
-        {{- if eq .Values.database "postgresql" }}
         - "-instances={{ .Values.cloudsql.instance }}=tcp:{{ .Values.postgresql.primary.service.ports.postgresql }}"
-        {{- end }}
         {{- if .Values.cloudsql.enable_iam_login }}
         - "-enable_iam_login"
         {{- end }}
@@ -137,13 +135,8 @@ spec:
         - name: DD_DATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              {{- if eq .Values.database "postgresql" }}
               name: {{ .Values.postgresql.auth.existingSecret }}
               key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey }}
-              {{- else if eq .Values.database "postgresqlha" }}
-              name: {{ .Values.postgresqlha.postgresql.existingSecret }}
-              key: postgresql-postgres-password
-              {{- end }}
         {{- with .Values.extraEnv }}
         {{- toYaml . | nindent 8 }}
         {{- end }}

helm/defectdojo/templates/secret-postgresql-ha-pgpool.yaml

@@ -30,7 +30,7 @@ spec:
             name: {{ $fullName }}
       env:
         - name: DD_DATABASE_USER
-          value: {{ if eq .Values.database "postgresql" }}{{ .Values.postgresql.auth.username }}{{ end }}{{ if eq .Values.database "postgresqlha" }}{{ .Values.postgresqlha.postgresql.username }}{{ end }}
+          value: {{ .Values.postgresql.auth.username }}
         - name: DD_CELERY_BROKER_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -42,13 +42,8 @@ spec:
         - name: DD_DATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
-              {{- if eq .Values.database "postgresql" }}
               name: {{ .Values.postgresql.auth.existingSecret }}
               key: {{ .Values.postgresql.auth.secretKeys.userPasswordKey }}
-              {{- else if eq .Values.database "postgresqlha" }}
-              name: "{{ .Values.postgresqlha.postgresql.existingSecret }}"
-              key: postgresql-postgres-password
-              {{- end }}
         - name: DD_DEBUG
           value: 'True'
         - name: DD_SECRET_KEY

helm/defectdojo/templates/secret-postgresql-ha.yaml

@@ -6,10 +6,6 @@ createSecret: false
 createRedisSecret: false
 # create postgresql secret in defectdojo chart, outside of postgresql chart
 createPostgresqlSecret: false
-# create postgresql-ha secret in defectdojo chart, outside of postgresql-ha chart
-createPostgresqlHaSecret: false
-# create postgresql-ha-pgpool secret in defectdojo chart, outside of postgresql-ha chart
-createPostgresqlHaPgpoolSecret: false
 # Track configuration (trackConfig): will automatically respin application pods in case of config changes detection
 # can be:
 # - disabled, default
@@ -52,9 +48,6 @@ networkPolicy:
   #     port: 443
   annotations: {}
 
-# Configuration value to select database type
-# Set the "enable" field to true of the database type you select (if you want to use internal database) and false of the one you don't select
-database: postgresql
 # Primary hostname of instance
 host: defectdojo.default.minikube.local
 
@@ -441,42 +434,6 @@ postgresql:
   # the line below:
   # postgresServer: "127.0.0.1"
 
-postgresqlha:
-  enabled: false
-  global:
-    pgpool:
-      existingSecret: defectdojo-postgresql-ha-pgpool
-  serviceAccount:
-    create: true
-  postgresql:
-    replicaCount: 3
-    username: defectdojo
-    password: ""
-    repmgrPassword: ""
-    database: defectdojo
-    existingSecret: defectdojo-postgresql-ha-specific
-    securityContext:
-      enabled: true
-      fsGroup: 1001
-    containerSecurityContext:
-      enabled: true
-      runAsUser: 1001
-  pgpool:
-    replicaCount: 3
-    adminPassword: ""
-    securityContext:
-      enabled: true
-      fsGroup: 1001
-  volumePermissions:
-    enabled: true
-    securityContext:
-      runAsUser: 1001
-  persistence:
-    enabled: true
-  service:
-    ports:
-      postgresql: 5432
-
 # Google CloudSQL support in GKE via gce-proxy
 cloudsql:
   # To use CloudSQL in GKE set 'enable: true'