Skip to content

helm: Add subcomponent labels for celery beat and worker at deployment#9865

Merged
mtesauro merged 6 commits into
DefectDojo:devfrom
al-cheb:add-celery-podlabel
Apr 30, 2024
Merged

helm: Add subcomponent labels for celery beat and worker at deployment#9865
mtesauro merged 6 commits into
DefectDojo:devfrom
al-cheb:add-celery-podlabel

Conversation

@al-cheb
Copy link
Copy Markdown
Contributor

@al-cheb al-cheb commented Apr 2, 2024

In scope of this #9078 PR only the deployment label was added. To use pod affinity/antiaffinity for celery components a label should be added at .spec.template.metadata.labels level.

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    defectdojo.org/component: celery
    defectdojo.org/subcomponent: worker
spec:
  selector:
    matchLabels:
      defectdojo.org/component: celery
      defectdojo.org/subcomponent: worker
  template:
    metadata:
      labels:
        defectdojo.org/component: celery
        defectdojo.org/subcomponent: worker

1, The first label is for deployment itself, it gives label for that particular deployment.
2. The second label is selector: matchLabels which tells the resources(service etc) to match the pod according to label.
3. The third label is podTemplate labels, the template is actually podTemplate. It describe the pod that it is launched.

helm: Add subcomponent labels for celery beat and worker at deployment
91f3efc 
```
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    defectdojo.org/component: celery
    defectdojo.org/subcomponent: worker
spec:
  selector:
    matchLabels:
      defectdojo.org/component: celery
      defectdojo.org/subcomponent: worker
  template:
    metadata:
      labels:
        defectdojo.org/component: celery
        defectdojo.org/subcomponent: worker
```

1, The first label is for deployment itself, it gives label for that particular deployment.
2, The second label is selector: matchLabels which tells the resources(service etc) to match the pod according to label.
3. The third label is podTemplate labels, the template is actually podTemplate. It describe the pod that it is launched.
@github-actions github-actions Bot added the helm label Apr 2, 2024
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Apr 2, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Secrets Analyzer (beta) 0 findings
Authn/Authz Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Tip

Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example...

@dryrunsecurity What are common security issues with web application cookies?

Powered by DryRun Security

Update helm lock file
48b54ca 
Signed-off-by: DefectDojo <defectdojo-project@owasp.org>
@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Apr 3, 2024

Closing and re-opening to re-kick the tests that didn't seem to run correctly.

@mtesauro mtesauro closed this Apr 3, 2024
@mtesauro mtesauro reopened this Apr 3, 2024
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 3, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

1 similar comment
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 3, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 3, 2024

Conflicts have been resolved. A maintainer will review the pull request shortly.

Alexander Chebotov and others added 2 commits April 3, 2024 09:08
bump chart version
1ecb313
Update helm lock file
6e93ff2 
Signed-off-by: DefectDojo <defectdojo-project@owasp.org>
@al-cheb al-cheb closed this Apr 3, 2024
@al-cheb al-cheb reopened this Apr 3, 2024
@al-cheb
Copy link
Copy Markdown
Contributor Author

al-cheb commented Apr 3, 2024

@mtesauro, Thank you.

@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Apr 3, 2024

@dsever @cneill Thoughts on these Helm changes?

mtesauro
mtesauro approved these changes Apr 6, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Maffooch
Maffooch requested changes Apr 8, 2024
View reviewed changes
Comment thread helm/defectdojo/Chart.yaml
Comment thread helm/defectdojo/Chart.lock
@al-cheb al-cheb requested a review from Maffooch April 8, 2024 16:20
@al-cheb
Copy link
Copy Markdown
Contributor Author

al-cheb commented Apr 11, 2024

@Maffooch, could you merge,please?

@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Apr 12, 2024

@al-cheb PRs require 4 approvals from the reviewers before being merged.

The only exception is library/module updates like dependabot and renovate.

@al-cheb
Copy link
Copy Markdown
Contributor Author

al-cheb commented Apr 12, 2024

@dsever, hey, could you please review?

@mtesauro mtesauro merged commit 2bbf8bc into DefectDojo:dev Apr 30, 2024
dogboat pushed a commit to dogboat/django-DefectDojo that referenced this pull request May 6, 2024
@al-cheb
helm: Add subcomponent labels for celery beat and worker at deployment (
09986aa 
DefectDojo#9865)

* helm: Add subcomponent labels for celery beat and worker at deployment

```
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    defectdojo.org/component: celery
    defectdojo.org/subcomponent: worker
spec:
  selector:
    matchLabels:
      defectdojo.org/component: celery
      defectdojo.org/subcomponent: worker
  template:
    metadata:
      labels:
        defectdojo.org/component: celery
        defectdojo.org/subcomponent: worker
```

1, The first label is for deployment itself, it gives label for that particular deployment.
2, The second label is selector: matchLabels which tells the resources(service etc) to match the pod according to label.
3. The third label is podTemplate labels, the template is actually podTemplate. It describe the pod that it is launched.

* Update helm lock file

Signed-off-by: DefectDojo <defectdojo-project@owasp.org>

* bump chart version

* Update helm lock file

Signed-off-by: DefectDojo <defectdojo-project@owasp.org>

* revert changes

---------

Signed-off-by: DefectDojo <defectdojo-project@owasp.org>
Co-authored-by: Alexander Chebotov <a.chebotov@arenadata.io>
Co-authored-by: DefectDojo <defectdojo-project@owasp.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

+2 more reviewers

@cneill cneill cneill approved these changes

@hblankenship hblankenship hblankenship approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

helm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@al-cheb @mtesauro @cneill @hblankenship @Maffooch