apply changes from @fernandezcuesta

Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>

Author: kiblik

helm/defectdojo/README.md

@@ -748,7 +748,9 @@ A Helm chart for Kubernetes to install DefectDojo
 | postgresql.primary.podSecurityContext.enabled | bool | `true` | Default is true for K8s. Enabled needs to false for OpenShift restricted SCC and true for anyuid SCC |
 | postgresql.primary.podSecurityContext.fsGroup | int | `1001` | fsGroup specification below is not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. |
 | postgresql.volumePermissions.containerSecurityContext | object | `{"runAsUser":1001}` | if using restricted SCC set runAsUser: "auto" and if running under anyuid SCC - runAsUser needs to match the line above |
-| redisParams | string | `""` | Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled` |
+| redisParams | string | `""` | Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redisScheme` is `rediss` |
+| redisScheme | string | `"redis"` | Define the protocol to use with the external Redis instance |
+| redisServer | string | `nil` | To use an external Redis instance, set `redis.enabled` to false and set the address here: |
 | redisServer | string | `nil` | To use an external Redis instance, set `redis.enabled` to false and set the address here: |
 | revisionHistoryLimit | int | `10` | Allow overriding of revisionHistoryLimit across all deployments. |
 | secrets.annotations | object | `{}` | Add annotations for secret resources |
@@ -769,6 +771,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | valkey.enabled | bool | `true` | To use an external instance, switch enabled to `false` and set the address in `redisServer` below |
 | valkey.service | object | `{"port":6379}` | To use a different port for Redis (default: 6379) |
 | valkey.tls.enabled | bool | `false` | If TLS is enabled, the Redis broker will use the redis:// and optionally mount the certificates from an existing secret. |
+| valkeyParams | string | `""` | Parameters attached to the valkey connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled` |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

helm/defectdojo/templates/_helpers.tpl

@@ -65,16 +65,33 @@
 {{- end -}}
 {{- end -}}
 
+{{- /*
+  Determine the default params to use for Redis.
+*/}}
+{{- define "redis.params" -}}
+{{- $redisScheme := include "redis.scheme" . -}}
+{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" (eq "rediss" $redisScheme) -}}
+{{- if .Values.valkey.enabled -}}
+{{- default $defaultBrokerParams .Values.valkeyParams -}}
+{{- else -}}
+{{- default $defaultBrokerParams .Values.redisParams -}}
+{{- end -}}
+{{- end -}}
+
 {{- /*
   Determine the protocol to use for Redis.
 */}}
 {{- define "redis.scheme" -}}
+{{- if .Values.valkey.enabled -}}
 {{- if .Values.valkey.tls.enabled -}}
-{{- printf "rediss" -}}
+rediss
 {{- else if .Values.valkey.sentinel.enabled -}}
-{{- printf "sentinel" -}}
+sentinel
+{{- else -}}
+redis
+{{- end -}}
 {{- else -}}
-{{- printf "redis" -}}
+{{- .Values.redisScheme -}}
 {{- end -}}
 {{- end -}}
 

helm/defectdojo/templates/configmap.yaml

@@ -1,5 +1,6 @@
 {{- $fullName := include "defectdojo.fullname" . -}}
-{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" .Values.valkey.tls.enabled -}}
+{{- $redisScheme := include "redis.scheme" . -}}
+{{- $defaultBrokerParams := ternary "ssl_cert_reqs=optional" "" (eq "rediss" $redisScheme) -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:

helm/defectdojo/values.schema.json

@@ -1321,7 +1321,11 @@
             }
         },
         "redisParams": {
-            "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `valkey.tls.enabled`",
+            "description": "Parameters attached to the redis connection string, defaults to \"ssl_cert_reqs=optional\" if `redisScheme` is `rediss`",
+            "type": "string"
+        },
+        "redisScheme": {
+            "description": "Define the protocol to use with the external Redis instance",
             "type": "string"
         },
         "redisServer": {
@@ -1505,6 +1509,10 @@
                     }
                 }
             }
+        },
+        "valkeyParams": {
+            "description": "Parameters attached to the valkey connection string, defaults to \"ssl_cert_reqs=optional\" if `valkey.tls.enabled`",
+            "type": "string"
         }
     }
 }

helm/defectdojo/values.yaml

@@ -702,8 +702,18 @@ localsettingspy: ""
 # @schema type:[string, null]
 # -- To use an external Redis instance, set `redis.enabled` to false and set the address here:
 redisServer: ~
-# -- Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled`
+# -- Parameters attached to the valkey connection string, defaults to "ssl_cert_reqs=optional" if `valkey.tls.enabled`
+valkeyParams: ""
+#
+# External database support.
+#
+# @schema type:[string, null]
+# -- To use an external Redis instance, set `redis.enabled` to false and set the address here:
+redisServer: ~
+# -- Parameters attached to the redis connection string, defaults to "ssl_cert_reqs=optional" if `redisScheme` is `rediss`
 redisParams: ""
+# -- Define the protocol to use with the external Redis instance
+redisScheme: redis
 #
 # @schema type:[string, null]
 # -- To use an external PostgreSQL instance (like CloudSQL), set `postgresql.enabled` to false,