Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(helm): implement readinessProbe and startupProbe for uwsgi container #10506

Draft
wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

chore(helm): implement readinessProbe and startupProbe for uwsgi container #10506

wants to merge 1 commit into from

Conversation

fcecagno
Copy link
Contributor

@fcecagno fcecagno commented Jul 3, 2024

Description

This PR makes it configurable all probes on the uwsgi container, including the startupProbe, which could be useful to speed-up Django launch on Kubernetes.
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 3, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
Sensitive Files Analyzer 0 findings
SQL Injection Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on improving the reliability, security, and observability of the DefectDojo application in a Kubernetes environment. The key changes include the addition of liveness, readiness, and startup probes for the uwsgi and nginx containers, as well as the ability to configure various parameters for these probes. Additionally, the changes include support for TLS configuration, secret management, container security settings, and Prometheus monitoring.

From an application security perspective, these changes are generally positive and demonstrate a proactive approach to ensuring the health and security of the DefectDojo deployment. The configurable probe parameters, TLS support, and secret management practices help to improve the overall security posture of the application. The container security settings and Prometheus monitoring also contribute to the security and observability of the deployment.

Files Changed:

  1. helm/defectdojo/templates/django-deployment.yaml:

    • Added support for configuring liveness, readiness, and startup probes for the uwsgi and nginx containers.
    • Allowed the user to configure various parameters for the probes, such as the initial delay, failure threshold, success threshold, and timeout.
    • Enabled TLS configuration for the application and used Kubernetes secrets to store sensitive information.
    • Allowed the user to configure security context settings for the containers.
    • Included support for Prometheus monitoring.

  2. helm/defectdojo/values.yaml:

    • Updated the liveness, readiness, and startup probes for the uwsgi container, including changes to the initial delay, failure threshold, and other parameters.
    • The changes to the probes help improve the overall health monitoring and readiness of the DefectDojo application, which can contribute to its security and reliability.

Powered by DryRun Security
@github-actions github-actions bot added the helm label Jul 3, 2024
@kiblik kiblik mentioned this pull request Jul 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
helm
1 participant
@fcecagno