feat(app): Helm chart for deploying prowler in k8s

[Utwo]

Context

This PR adds a complete Helm chart for deploying Prowler App to Kubernetes clusters. The chart provides a production-ready way to deploy all Prowler App components (API, UI, Workers) along with their dependencies (PostgreSQL, Valkey) using Helm.

The chart is designed to be flexible, supporting both standalone deployments with embedded dependencies and integration with existing PostgreSQL/Valkey instances. It includes comprehensive configuration options, autoscaling capabilities via HPA and KEDA, and detailed documentation with examples.

Fix #7016

Description

This PR introduces a new Helm chart located at contrib/k8s/helm/prowler-app/ that enables easy deployment of the Prowler App stack on Kubernetes. It deploys Prowler API (Django REST Framework backend), Prowler UI (Next.js frontend), Celery Workers (for async scan execution) and Celery Beat (for scheduled tasks).

I've also integrated KEDA ScaledObject for Celery workers to autoscale the Worker based on the number of pending scans.

• Infrastructure Dependencies:
  • PostgreSQL 18.2.0 (via Bitnami chart) for persistent storage
  • Valkey 0.9.3 (via official Valkey Helm chart) as message broker
  • Both can be enabled/disabled to use existing instances

I took inspiration from https://github.com/langfuse/langfuse-k8s/ and https://github.com/promptlylabs/prowler-helm-chart in making this PR.

TODO

• Add CI to validate the Helm chart in GitHub Actions when this folder is touched
• Add CD to publish this Helm Chart to https://artifacthub.io/ automatically
• Delete older folders from https://github.com/prowler-cloud/prowler/tree/master/contrib/k8s/helm because they are now obsolete. At least the prowler-api and prowler-ui.
• Add MCP server?

I'm more than happy to continue maintaining this part of the code! 🚀

Steps to review

1. Test Installation (if you have a Kubernetes cluster):

   # Create required secrets first
   kubectl apply -f contrib/k8s/helm/prowler-app/examples/minimal-installation/secrets.yaml
   
   # Install chart
   helm install prowler contrib/k8s/helm/prowler-app \
     -f contrib/k8s/helm/prowler-app/examples/minimal-installation/values.yaml
   
   # Verify deployment
   helm status prowler
   kubectl get pods -l app.kubernetes.io/instance=prowler

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[danibarranqueroo]

Hello @Utwo! Thank you for this contribution! 🙏

We really appreciate the effort you've put into creating this Helm chart for the Prowler App. This will be very valuable for our community!

Please note that everything within the contrib/ folder is community-maintained and not officially supported by the Prowler team. We encourage the community to use, improve, and maintain these contributions, but they fall outside our regular maintenance and support scope.

Feel free to continue improving it, and we welcome future updates from you or other community members. Thanks again for your contribution to Prowler! 🚀

[danibarranqueroo]

Hi again @Utwo!

We've noticed that TruffleHog is failing during CI checks. After investigating, we found that the issue is coming from the .tgz files in the charts/ directory.

According to how other projects manage Helm chart dependencies (like https://github.com/helm/charts/blob/master/.gitignore), these packaged dependency files typically aren't committed to the repository.

A potential solution could be removing those .tgz files and adding a step in the README explaining how users can generate them with helm dependency update or the similar command needed. Since you created this chart, feel free to implement the solution you think works best.

Let us know if you need any help with this and thanks again!

[Utwo]

Thank you for your feedback!

I've removed the .tgz files, and I've updated the readme with the helm dependency update command. To provide a streamlined experience for developers using this chart, it would be nice to publish it to the artifact hub. In the current form, it is hard to consume this Helm chart.

Regarding my TODO items, is it okay if I implement testing the chart on CI for every commit and set up a pipeline to publish the chart to Artifact Hub? This will ensure the chart is always verified and easily accessible.

[danibarranqueroo]

Okay, that sounds interesting!

Before we proceed with that, could you clarify what's involved in the Artifact Hub integration? Since we'll need to maintain it if we go this route, we'll need to understand the setup requirements and ongoing maintenance responsibilities.
Thanks!

[Utwo]

So, for DevOps/infra people to use a Helm chart, they will need to pull it from a registry, similar to how Docker images are pushed/pulled.
We use the following commands to install a Helm chart:

helm repo add prowler https://[registry]
helm repo update
helm install prowler prowler/prowler

For the registry, we can use just plain github pages. I can help here with the CI, and you will probably need to help me with some GitHub repo settings.

In the end, we will have a GitHub action CI that will:

1. Install the Helm deps (postgres, redis, neo4j, etc)
2. Build the Helm chart
3. Run some tests, like creating a k8s cluster on gh action and trying to deploy the whole application using the Helm chart
4. Publish the Helm chart to gh pages/or other places

After we have a working version, you will need to create an account on Artifact Hub and register the new GitHub page branch there.