From 597fca13ad4eca4f18ec2820ebc5421dd42244f7 Mon Sep 17 00:00:00 2001
From: kiblik <5609770+kiblik@users.noreply.github.com>
Date: Fri, 24 Oct 2025 21:04:54 +0200
Subject: [PATCH] feat(helm): Do not allow multiple celery beats

---
 helm/defectdojo/Chart.yaml         | 2 ++
 helm/defectdojo/README.md          | 2 +-
 helm/defectdojo/values.schema.json | 4 +++-
 helm/defectdojo/values.yaml        | 2 ++
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml
index 9809fc3646f..d7b18755fe9 100644
--- a/helm/defectdojo/Chart.yaml
+++ b/helm/defectdojo/Chart.yaml
@@ -43,3 +43,5 @@ annotations:
       description: Convert existing comments to descriptors
     - kind: added
       description: Testing on the oldest officially supported k8s
+    - kind: added
+      description: Checker for maximal number of celery beats
diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md
index b6ac3127dd1..56e713001f1 100644
--- a/helm/defectdojo/README.md
+++ b/helm/defectdojo/README.md
@@ -540,7 +540,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | celery.beat.podAnnotations | object | `{}` | Annotations for the Celery beat pods. |
 | celery.beat.podSecurityContext | object | `{}` | Pod security context for the Celery beat pods. |
 | celery.beat.readinessProbe | object | `{}` | Enable readiness probe for Celery beat container. |
-| celery.beat.replicas | int | `1` |  |
+| celery.beat.replicas | int | `1` | Multiple replicas are not allowed (Beat is intended to be a singleton) because scaling to >1 will double-run schedules |
 | celery.beat.resources.limits.cpu | string | `"2000m"` |  |
 | celery.beat.resources.limits.memory | string | `"256Mi"` |  |
 | celery.beat.resources.requests.cpu | string | `"100m"` |  |
diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json
index d091be4e1a2..76b1411877d 100644
--- a/helm/defectdojo/values.schema.json
+++ b/helm/defectdojo/values.schema.json
@@ -113,7 +113,9 @@
                             "type": "object"
                         },
                         "replicas": {
-                            "type": "integer"
+                            "description": "Multiple replicas are not allowed (Beat is intended to be a singleton) because scaling to \u003e1 will double-run schedules",
+                            "type": "integer",
+                            "maximum": 1
                         },
                         "resources": {
                             "type": "object",
diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml
index 419fe3fe743..cd850ace3c1 100644
--- a/helm/defectdojo/values.yaml
+++ b/helm/defectdojo/values.yaml
@@ -255,6 +255,8 @@ celery:
     podSecurityContext: {}
     # -- Enable readiness probe for Celery beat container.
     readinessProbe: {}
+    # @schema maximum:1
+    # -- Multiple replicas are not allowed (Beat is intended to be a singleton) because scaling to >1 will double-run schedules
     replicas: 1
     resources:
       requests: