Add option to set custom Labels to Initializer Job in Helm Chart

[prempador]

:warning: Note on feature completeness :warning:

We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here: https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Is your feature request related to a problem? Please describe When injecting istio sidecars to the django-DefectDojo helm deployment it is currently not possible to skip injection for the initializer job, which as a result will make the initializer job unable to finish, as the istio-sidecar will not exit when the job does and therefore block any startup from the defectdojo services, as the initializer job is not finished.

In order to circumvent this in other Helm Deployments the sidecar injection can specifically be disabled on specific deployments, pods, etc. through the same label or annotation with a value of "false". This is not possible in the current Helm Chart of django-DefectDojo.

Describe the solution you'd like Add an option to set additional labels here similar to how it is handled for annotations here.

  labels:
    defectdojo.org/component: initializer
    app.kubernetes.io/name: {{ include "defectdojo.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    helm.sh/chart: {{ include "defectdojo.chart" . }}
    {{- with .Values.initializer.jobLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}

In order to have a more universal approach the same could also be done for the deployments and not just for the initializer job.

Describe alternatives you've considered There is multiple approaches to inject istio sidecars into the deployments:

• Through a label on the Namespace (this will inject istio sidecars onto all Pods in the namespace and result in the above mentioned issue)
• Through annotations on Deployment/Job/Cronjob templates (this is deprecated by istio and will not work in the future)
• Through labels on Deployment/Job/Cronjob templates (this is not possible in the current Helm Chart of django-Defectdojo)

Annotations are currently the only option that will work with the current Helm Chart provided for django-Defectdojo, but as annotations are deprecated I would not consider this a viable option, as it is not future-proof.

Additional context Istio Sidecar Injection Istio Resource Annotations with Deprecation Warning Istio Resource Labels

Reading this comment I am aware that changes to the Helm Chart rely on the community and I would be happy to draft a PR for this if it gets accepted.

[cneill]

Good catch, @prempador ! We'd be open to a PR that makes this possible, here and on any of the other Pods where it's missing.

[prempador]

Thanks @cneill . I will start working on this hopefully tomorrow then and will send a PR your way.

[prempador]

During implementation of the above mentioned changes I saw that

contrary to what I mentioned in the Issue, it is already possible to add labels to the Deployment Pods via podLabels, see here. Which only made it necessary to add the option to the Job aswell.

(Just copied from my own text from the PR)

Which invalidates one of the points I had:

Through labels on Deployment/Job/Cronjob templates (this is not possible in the current Helm Chart of django-Defectdojo)

It is indeed possible to set the required label on (at least) all the Deployments, which means that my original problem can be worked around by adding the required labels to the Deployments and just leaving the label for the Job out (which is currently not possible anyways).

Even though this fixes the issue I am having, we are still using the Namespace Tag as a standard practice and I therefore still went ahead with the PR.

Just wanted to clear this up.