apply changes from @fernandezcuesta

kiblik · kiblik · commit 02b32d6642d6 · 2025-11-24T19:46:01.000+01:00
diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md
@@ -748,7 +748,9 @@ A Helm chart for Kubernetes to install DefectDojo
 | postgresql.primary.podSecurityContext.enabled | bool | `true` | Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC |
 | postgresql.primary.podSecurityContext.fsGroup | int | `1001` | fsGroup specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. |
 | postgresql.volumePermissions.containerSecurityContext | object | `{"runAsUser":1001}` | if using restricted SCC set runAsUser: "auto" and if running under anyuid SCC - runAsUser needs to match the line above |
-| redisParams | string | `""` | Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled` |
+| redisParams | string | `""` | Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redisScheme` is `rediss` |
+| redisScheme | string | `"redis"` | Define the protocol to use with the external Redis instance |
+| redisServer | string | `nil` | To use an external Redis instance, set `redis.enabled` to false and set the address here: |
 | redisServer | string | `nil` | To use an external Redis instance, set `redis.enabled` to false and set the address here: |
 | revisionHistoryLimit | int | `10` | Allow overriding of revisionHistoryLimit across all deployments. |
 | secrets.annotations | object | `{}` | Add annotations for secret resources |
@@ -769,6 +771,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | valkey.enabled | bool | `true` | To use an external instance, switch enabled to `false` and set the address in `redisServer` below |
 | valkey.service | object | `{"port":6379}` | To use a different port for Redis (default: 6379) |
 | valkey.tls.enabled | bool | `false` | If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret. |
+| valkeyParams | string | `""` | Parameters attached to the valkey connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled` |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
diff --git a/helm/defectdojo/templates/configmap.yaml b/helm/defectdojo/templates/configmap.yaml
@@ -1,5 +1,6 @@
 {{- $fullName := include "defectdojo.fullname" . -}}
-{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" .Values.valkey.tls.enabled -}}
+{{- $redisScheme := template "redis.scheme" . -}}
+{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" (eq "rediss" $redisScheme -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json
@@ -1321,7 +1321,11 @@
             }
         },
         "redisParams": {
-            "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `valkey.tls.enabled`",
+            "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `redisScheme` is `rediss`",
+            "type": "string"
+        },
+        "redisScheme": {
+            "description": "Define the protocol to use with the external Redis instance",
             "type": "string"
         },
         "redisServer": {
@@ -1505,6 +1509,10 @@
                     }
                 }
             }
+        },
+        "valkeyParams": {
+            "description": "Parameters attached to the valkey connection string, defaults to \"ssl_cert_reqs=optional\" if `valkey.tls.enabled`",
+            "type": "string"
         }
     }
 }
diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml
@@ -702,8 +702,18 @@ localsettingspy: ""
 # @schema type:[string, null]
 # -- To use an external Redis instance, set `redis.enabled` to false and set the address here:
 redisServer: ~
-# -- Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled`
+# -- Parameters attached to the valkey connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled`
+valkeyParams: ""
+#
+# External database support.
+#
+# @schema type:[string, null]
+# -- To use an external Redis instance, set `redis.enabled` to false and set the address here:
+redisServer: ~
+# -- Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redisScheme` is `rediss`
 redisParams: ""
+# -- Define the protocol to use with the external Redis instance
+redisScheme: redis
 #
 # @schema type:[string, null]
 # -- To use an external PostgreSQL instance (like CloudSQL), set `postgresql.enabled` to false,

Original file line number	Diff line number	Diff line change
`@@ -1321,7 +1321,11 @@`
`1321`	`1321`	`}`
`1322`	`1322`	`},`
`1323`	`1323`	`"redisParams": {`
`1324`		- "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `valkey.tls.enabled`",
	`1324`	+ "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `redisScheme` is `rediss`",
	`1325`	`+ "type": "string"`
	`1326`	`+ },`
	`1327`	`+ "redisScheme": {`
	`1328`	`+ "description": "Define the protocol to use with the external Redis instance",`
`1325`	`1329`	`"type": "string"`
`1326`	`1330`	`},`
`1327`	`1331`	`"redisServer": {`
`@@ -1505,6 +1509,10 @@`
`1505`	`1509`	`}`
`1506`	`1510`	`}`
`1507`	`1511`	`}`
	`1512`	`+ },`
	`1513`	`+ "valkeyParams": {`
	`1514`	+ "description": "Parameters attached to the valkey connection string, defaults to \"ssl_cert_reqs=optional\" if `valkey.tls.enabled`",
	`1515`	`+ "type": "string"`
`1508`	`1516`	`}`
`1509`	`1517`	`}`
`1510`	`1518`	`}`