Merge pull request #176 from maykinmedia/feature/stable-release-objecten

🔖 Stable release for objecten
maykinmedia · Feb 11, 2025 · 0cdc303 · 0cdc303
2 parents dcb0315 + 7174c05
commit 0cdc303
Show file tree

Hide file tree

Showing 8 changed files with 117 additions and 67 deletions.
diff --git a/charts/objecten/CHANGELOG.md b/charts/objecten/CHANGELOG.md
@@ -1,6 +1,15 @@
 # Changelog
 
-## 2.7.0-beta.0 (2025-10-01)
+## 2.7.0 (2025-01-31)
+
+
+Stable release with support of [django-setup-configuration](https://github.com/maykinmedia/django-setup-configuration). 
+
+- Fixed the configuration-secrets.yaml template to render only if no existing secret is present in the cluster (needed for example if using sealed secrets).
+- Removed the env vars `SITES_CONFIG_ENABLE`, `OBJECTS_OBJECTTYPES_TOKEN` and `OBJECTS_DOMAIN` as these settings are now managed with django-setup-configuration.
+- Removed the env vars `OBJECTS_ORGANIZATION`, `DEMO_CONFIG_ENABLE`, `DEMO_PERSON`, `DEMO_EMAIL` because they are not used in the application.
+
+## 2.7.0-beta.0 (2025-01-10)
 
 - [#148] Replace the worker liveness probe with the `celery inspect active` command. This should detect when a worker is down and should not interrupt long running tasks.
 - [#119] Update the syntax of the worker liveness probe. The worker probes now can be enabled/disabled with:

diff --git a/charts/objecten/Chart.yaml b/charts/objecten/Chart.yaml
@@ -3,8 +3,8 @@ name: objecten
 description: API om objecten te beheren die behoren bij een bepaald objecttype
 
 type: application
-version: 2.7.0-beta.0
-appVersion: latest
+version: 2.7.0
+appVersion: 3.0.0
 
 dependencies:
   - name: redis

diff --git a/charts/objecten/README.md b/charts/objecten/README.md
@@ -1,6 +1,6 @@
 # objecten
 
-![Version: 2.7.0-beta.0](https://img.shields.io/badge/Version-2.7.0--beta.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square)
 
 API om objecten te beheren die behoren bij een bepaald objecttype
 
@@ -24,29 +24,20 @@ API om objecten te beheren die behoren bij een bepaald objecttype
 | azureVaultSecret.objectName | string | `""` |  |
 | azureVaultSecret.secretName | string | `"{{ .Values.existingSecret }}"` |  |
 | azureVaultSecret.vaultName | string | `nil` |  |
-| configuration.data | string | `""` |  |
-| configuration.demo.email | string | `nil` |  |
-| configuration.demo.enabled | bool | `false` |  |
-| configuration.demo.person | string | `nil` |  |
-| configuration.demo.token | string | `nil` |  |
 | configuration.enabled | bool | `false` |  |
 | configuration.initContainer.enabled | bool | `false` | Run the setup configuration command in a init container |
 | configuration.job.backoffLimit | int | `6` |  |
-| configuration.job.enabled | bool | `true` | Run the setup configuration command as a job |
+| configuration.job.enabled | bool | `false` | Run the setup configuration command as a job |
 | configuration.job.resources | object | `{}` |  |
 | configuration.job.restartPolicy | string | `"OnFailure"` |  |
 | configuration.job.ttlSecondsAfterFinished | int | `0` | 0 Will clean the job after it is finished |
-| configuration.objectTypes.ApiRoot | string | `""` |  |
-| configuration.objectTypes.enabled | bool | `false` |  |
-| configuration.objectTypes.token | string | `""` |  |
 | configuration.overwrite | bool | `true` |  |
 | configuration.secrets | object | `{}` |  |
-| configuration.sites.domain | string | `""` |  |
-| configuration.sites.enabled | bool | `false` |  |
-| configuration.sites.organization | string | `""` |  |
 | configuration.superuser.email | string | `""` |  |
 | configuration.superuser.password | string | `""` |  |
 | configuration.superuser.username | string | `""` |  |
+| configurationSecretsName | string | `""` |  |
+| existingConfigurationSecrets | string | `nil` |  |
 | existingSecret | string | `nil` |  |
 | extraEnvVars | list | `[]` | Array with extra environment variables to add |
 | extraIngress | list | `[]` | Specify extra ingresses, for example if you have multiple ingress classes |
@@ -68,7 +59,6 @@ API om objecten te beheren die behoren bij een bepaald objecttype
 | flower.resources | object | `{}` |  |
 | fullnameOverride | string | `""` |  |
 | global.configuration.enabled | bool | `false` |  |
-| global.configuration.organization | string | `"Gemeente Example"` |  |
 | global.configuration.overwrite | bool | `true` |  |
 | global.configuration.secrets | object | `{}` |  |
 | global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host |
@@ -167,7 +157,7 @@ API om objecten te beheren die behoren bij een bepaald objecttype
 | worker.autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | worker.autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
 | worker.concurrency | int | `4` |  |
-| worker.livenessProbe.enabled | bool | `true` |  |
+| worker.livenessProbe.enabled | bool | `false` |  |
 | worker.livenessProbe.exec.command[0] | string | `"/bin/sh"` |  |
 | worker.livenessProbe.exec.command[1] | string | `"-c"` |  |
 | worker.livenessProbe.exec.command[2] | string | `"celery --workdir src --app objects.celery inspect --destination celery@${HOSTNAME} active"` |  |

diff --git a/charts/objecten/templates/configmap.yaml b/charts/objecten/templates/configmap.yaml
@@ -72,28 +72,9 @@ data:
   {{- if .Values.settings.notificationsDisabled }}
   NOTIFICATIONS_DISABLED: "True"
   {{- end }}
-  {{- if .Values.settings.notificationsDisabled }}
-  NOTIFICATIONS_DISABLED: "True"
-  {{- end }}
   {{ if .Values.settings.disable2fa }}
   DISABLE_2FA: "True"
   {{- end }}
-  {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
-  SITES_CONFIG_ENABLE: {{ if .Values.configuration.sites.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.sites.enabled }}
-  OBJECTS_DOMAIN: {{ .Values.configuration.sites.domain | toString | quote }}
-  OBJECTS_ORGANIZATION: {{ .Values.global.configuration.organization | default .Values.configuration.sites.organization | toString | quote }}
-  {{- end }}
-  OBJECTS_OBJECTTYPES_CONFIG_ENABLE: {{ if .Values.configuration.objectTypes.enabled }}"True"{{ else }}"False"{{ end }}
-  {{- if .Values.configuration.objectTypes.enabled }}
-  OBJECTTYPES_API_ROOT: {{ .Values.configuration.objectTypes.ApiRoot | toString | quote }}
-  {{- end }}
-  DEMO_CONFIG_ENABLE: {{ if .Values.configuration.demo.enabled }}"True"{{ else }}"False"{{ end }}
-  {{ if .Values.configuration.demo.enabled }}
-  DEMO_PERSON: {{ .Values.configuration.demo.person | toString | quote }}
-  DEMO_EMAIL: {{ .Values.configuration.demo.email | toString | quote }}
-  {{- end }}
-  {{- end }}
   {{ if .Values.configuration.superuser.username }}
   OBJECTS_SUPERUSER_USERNAME: {{ .Values.configuration.superuser.username | toString | quote }}
   OBJECTS_SUPERUSER_EMAIL: {{ .Values.configuration.superuser.email | toString | quote }}

diff --git a/charts/objecten/templates/configuration-secrets.yaml b/charts/objecten/templates/configuration-secrets.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.global.configuration.enabled .Values.configuration.enabled}}
+{{- if and (not .Values.existingConfigurationSecrets) .Values.global.configuration.enabled .Values.configuration.enabled}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "objecten.fullname" . }}-config-secrets
+  name: {{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "objecten.fullname" .)) }}
   labels:
     {{- include "objecten.labels" . | nindent 4 }}
 stringData:

diff --git a/charts/objecten/templates/job-config.yaml b/charts/objecten/templates/job-config.yaml
@@ -38,7 +38,7 @@ spec:
             - secretRef:
                 name: {{ .Values.existingSecret | default (include "objecten.fullname" .) }}
             - secretRef:
-                name: {{ include "objecten.fullname" . }}-config-secrets                
+                name: {{ if .Values.existingConfigurationSecrets }}{{ .Values.existingConfigurationSecrets }}{{ else }}{{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "objecten.fullname" .)) }}{{ end }}                
             - configMapRef:
                 name: {{ include "objecten.fullname" . }}
           env:

diff --git a/charts/objecten/templates/secret.yaml b/charts/objecten/templates/secret.yaml
@@ -19,9 +19,6 @@ stringData:
   ELASTIC_APM_SECRET_TOKEN: {{ .Values.settings.elasticapm.token | toString |  quote }}
   {{- end }}
   {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
-  {{ if .Values.configuration.objectTypes.enabled }}
-  OBJECTS_OBJECTTYPES_TOKEN: {{ .Values.configuration.objectTypes | toString | quote }}
-  {{- end }}
   {{ if .Values.configuration.demo.enabled }}
   DEMO_TOKEN: {{ .Values.configuration.demo.token | toString | quote }}
   {{- end }}

diff --git a/charts/objecten/values.yaml b/charts/objecten/values.yaml
@@ -2,7 +2,6 @@ global:
   configuration:
     enabled: false
     overwrite: true
-    organization: Gemeente Example
     secrets: {}
 
   settings:
@@ -12,20 +11,6 @@ global:
 configuration:
   enabled: false
   overwrite: true
-  sites:
-    enabled: false
-    domain: ""
-    organization: ""
-  objectTypes:
-    enabled: false
-    ApiRoot: ""
-    token: ""
-  demo:
-    enabled: false
-    token:
-    person:
-    email: 
-
   superuser:
     username: ""
     password: ""
@@ -35,21 +20,105 @@ configuration:
     enabled: false
   job:
     # -- Run the setup configuration command as a job
-    enabled: true
+    enabled: false
     backoffLimit: 6
     # -- 0 Will clean the job after it is finished
-    ttlSecondsAfterFinished: 0    
+    ttlSecondsAfterFinished: 0
     restartPolicy: OnFailure
     # Note, this field is immutable
     resources: {}
-      # limits:
-      #   cpu: 200m
-      #   memory: 256Mi
-      # requests:
-      #   cpu: 100m
-      #   memory: 128Mi
   secrets: {}
-  data: ""
+    # keycloak_client_secret: keycloak-secret
+    # openformulieren_objecten_token: token123
+    # object_objecttypes_token: token123
+  # data: ""
+  # e.g.
+  # data: |-
+  #   zgw_consumers_config_enable: true
+  #   zgw_consumers:
+  #     services:
+  #     - identifier: objecttypes-api
+  #       label: Objecttypes API
+  #       api_root: https://objecttypen.example.nl/api/v2/
+  #       api_connection_check_path: objecttypes
+  #       api_type: orc
+  #       auth_type: api_key
+  #       header_key: Authorization
+  #       header_value: Token ${object_objecttypes_token}
+  #     - identifier: notifications-api
+  #       label: Notificaties API
+  #       api_root: https://opennotificaties.example.nl/api/v1/
+  #       api_connection_check_path: notificaties
+  #       api_type: nrc
+  #       auth_type: api_key
+  #       header_key: Authorization
+  #       header_value: Token ${object_notificaties_token}
+  #   notifications_config_enable: true
+  #   notifications_config:
+  #     notifications_api_service_identifier: notifications-api
+  #     notification_delivery_max_retries: 1
+  #     notification_delivery_retry_backoff: 2
+  #     notification_delivery_retry_backoff_max: 3
+  #   tokenauth_config_enable: true
+  #   tokenauth:
+  #     items:
+  #       - identifier: openformulier-token
+  #         token: ${openformulieren_objecten_token}
+  #         contact_person: Person 1
+  #         email: [email protected]
+  #         organization: Organization 1
+  #         application: Application 1
+  #         administration: Administration 1
+  #         permissions:
+  #           - object_type: 366c9b88-a870-438c-b0ec-a121cd51f1dd
+  #             mode: read_and_write
+  #   objecttypes_config_enable: true
+  #   objecttypes:
+  #     items:
+  #       - uuid: 366c9b88-a870-438c-b0ec-a121cd51f1dd
+  #         name: demo
+  #         service_identifier: objecttypes-api
+  #   sites_config_enable: true
+  #   sites_config:
+  #     items:
+  #       - domain: objecten.example.nl
+  #         name: objecten
+  #   oidc_db_config_enable: true
+  #   oidc_db_config_admin_auth:
+  #     items:
+  #     - identifier: admin-oidc
+  #       enabled: true
+  #       oidc_rp_client_id: objecten.example.nl 
+  #       oidc_rp_client_secret: '${keycloak_client_secret}'
+  #       oidc_rp_scopes_list:
+  #       - openid
+  #       - email
+  #       - profile
+  #       - roles
+  #       oidc_rp_sign_algo: RS256
+  #       endpoint_config:
+  #         oidc_op_discovery_endpoint: https://keycloak.example.nl/realms/example/
+  #       username_claim:
+  #       - sub
+  #       groups_claim:
+  #       - roles
+  #       claim_mapping:
+  #         first_name:
+  #         - given_name
+  #         last_name:
+  #         - family_name
+  #         email:
+  #         - email
+  #       sync_groups: true
+  #       sync_groups_glob_pattern: "*"
+  #       default_groups: []
+  #       make_users_staff: true
+  #       superuser_group_names:
+  #       - Superuser
+  #       oidc_use_nonce: true
+  #       oidc_nonce_size: 32
+  #       oidc_state_size: 32
+  #       userinfo_claims_source: id_token
 
 tags:
   redis: true
@@ -180,6 +249,10 @@ persistence:
 
 # Existing Secret must be defined for AzureVaultSecret to work
 existingSecret: null
+# Reference to an existing secret with the values needed for django-setup-configuration
+existingConfigurationSecrets: null
+# If no secret already exists with the values needed for django-setup-configuration, create it with the following name
+configurationSecretsName: ""
 
 # This will create an AzureVaultSecret object in k8s, only Multi Key Value Secret are supported by this chart
 # ref: https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets