diff --git a/charts/opennotificaties/CHANGELOG.md b/charts/opennotificaties/CHANGELOG.md index 23d4c52..7588d13 100644 --- a/charts/opennotificaties/CHANGELOG.md +++ b/charts/opennotificaties/CHANGELOG.md @@ -1,12 +1,23 @@ # Changelog -## 1.8.0-beta.1 (2025-23-01) +## 1.8.0 (2025-02-05) + +Stable release with support of [django-setup-configuration](https://github.com/maykinmedia/django-setup-configuration). + +- Fixed the configuration-secrets.yaml template to render only if no existing secret is present in the cluster (needed for example if using sealed secrets). +- Added the possibility to add/use a secret with a custom name for the django-setup-configuration job. +- Removed these env vars from the secret, as they are no longer used: `NOTIF_OPENZAAK_SECRET`, `OPENZAAK_NOTIF_SECRET` as these settings are now managed with django-setup-configuration. +- Removed these env vars from the config map, as they are no longer used: `DEMO_CONFIG_ENABLE`, `SITES_CONFIG_ENABLE`, `OPENNOTIFICATIES_DOMAIN`, `OPENNOTIFICATIES_ORGANIZATION`, `AUTHORIZATION_CONFIG_ENABLE`, `AUTORISATIES_API_ROOT`, `NOTIF_OPENZAAK_CLIENT_ID`, `OPENZAAK_NOTIF_CONFIG_ENABLE`, `OPENZAAK_NOTIF_CLIENT_ID` as these settings are now managed with django-setup-configuration. + +## 1.8.0-beta.1 (2025-01-23) + - [#170] Add autoscaling behavior for ON -## 1.8.0-beta.0 (2025-22-01) +## 1.8.0-beta.0 (2025-01-22) + - [#169] Add pdb for worker -## 1.7.0-beta.0 (2025-10-01) +## 1.7.0-beta.0 (2025-01-10) - [#148] Replace the worker liveness probe with the `celery inspect active` command. This should detect when a worker is down and should not interrupt long running tasks. - [#119] Update the syntax of the worker liveness probe. The worker probes now can be enabled/disabled with: diff --git a/charts/opennotificaties/Chart.yaml b/charts/opennotificaties/Chart.yaml index 47ab5db..1fb6c28 100644 --- a/charts/opennotificaties/Chart.yaml +++ b/charts/opennotificaties/Chart.yaml @@ -3,8 +3,8 @@ name: opennotificaties description: API voor het routeren van notificaties type: application -version: 1.8.0-beta.1 -appVersion: latest +version: 1.8.0 +appVersion: 1.8.0 dependencies: - name: redis diff --git a/charts/opennotificaties/README.md b/charts/opennotificaties/README.md index d6b2a76..eef340f 100644 --- a/charts/opennotificaties/README.md +++ b/charts/opennotificaties/README.md @@ -1,6 +1,6 @@ # opennotificaties -![Version: 1.8.0-beta.1](https://img.shields.io/badge/Version-1.8.0--beta.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) API voor het routeren van notificaties @@ -46,21 +46,13 @@ API voor het routeren van notificaties | configuration.job.enabled | bool | `false` | Run the setup configuration command as a job | | configuration.job.resources | object | `{}` | | | configuration.job.restartPolicy | string | `"OnFailure"` | | -| configuration.notificaties.enabled | bool | `false` | | -| configuration.notificaties.openzaakNotifcationClientId | string | `""` | | -| configuration.notificaties.openzaakNotificationSecret | string | `""` | | -| configuration.openzaakAuthorization.ApiRoot | string | `""` | | -| configuration.openzaakAuthorization.enabled | bool | `false` | | -| configuration.openzaakAuthorization.notifcationOpenzaakSecret | string | `""` | | -| configuration.openzaakAuthorization.notificationOpenzaakClientId | string | `""` | | | configuration.overwrite | bool | `true` | | | configuration.secrets | object | `{}` | | -| configuration.sites.enabled | bool | `false` | | -| configuration.sites.notificatiesDomain | string | `""` | | -| configuration.sites.organization | string | `""` | | | configuration.superuser.email | string | `""` | | | configuration.superuser.password | string | `""` | | | configuration.superuser.username | string | `""` | | +| configurationSecretsName | string | `""` | | +| existingConfigurationSecrets | string | `nil` | | | existingSecret | string | `nil` | | | extraEnvVars | list | `[]` | Array with extra environment variables to add | | extraIngress | list | `[]` | Specify extra ingresses, for example if you have multiple ingress classes | @@ -83,13 +75,6 @@ API voor het routeren van notificaties | flower.resources | object | `{}` | | | fullnameOverride | string | `""` | | | global.configuration.enabled | bool | `false` | | -| global.configuration.notificatiesApi | string | `"http://opennotificaties.example.nl/api/v1/"` | | -| global.configuration.notificatiesOpenzaakClientId | string | `"notif-client-id"` | | -| global.configuration.notificatiesOpenzaakSecret | string | `"notif-secret"` | | -| global.configuration.openzaakAutorisatiesApi | string | `"https://openzaak.example.nl/autorisaties/api/v1/"` | | -| global.configuration.openzaakNotificatiesClientId | string | `"oz-client-id"` | | -| global.configuration.openzaakNotificatiesSecret | string | `"oz-secret"` | | -| global.configuration.organization | string | `"Gemeente Example"` | | | global.configuration.overwrite | bool | `true` | | | global.configuration.secrets | object | `{}` | | | global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host | @@ -227,3 +212,4 @@ API voor het routeren van notificaties | worker.podLabels | object | `{}` | | | worker.replicaCount | int | `2` | | | worker.resources | object | `{}` | | + diff --git a/charts/opennotificaties/templates/configmap.yaml b/charts/opennotificaties/templates/configmap.yaml index 7e2ce72..4cb41cf 100644 --- a/charts/opennotificaties/templates/configmap.yaml +++ b/charts/opennotificaties/templates/configmap.yaml @@ -85,23 +85,6 @@ data: {{- if .Values.settings.uwsgi.harakiri }} UWSGI_HARAKIRI: {{ .Values.settings.uwsgi.harakiri | toString | quote }} {{- end }} - {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}} - DEMO_CONFIG_ENABLE: "False" - SITES_CONFIG_ENABLE: {{ if .Values.configuration.sites.enabled }}"True"{{ else }}"False"{{ end }} - {{- if .Values.configuration.sites.enabled }} - OPENNOTIFICATIES_DOMAIN: {{ .Values.global.configuration.notificatiesDomain | default .Values.configuration.sites.notificatiesDomain | toString | quote }} - OPENNOTIFICATIES_ORGANIZATION: {{ .Values.global.configuration.organization | default .Values.configuration.sites.organization | toString | quote }} - {{- end }} - AUTHORIZATION_CONFIG_ENABLE: {{ if .Values.configuration.openzaakAuthorization.enabled }}"True"{{ else }}"False"{{ end }} - {{ if .Values.configuration.openzaakAuthorization.enabled -}} - AUTORISATIES_API_ROOT: {{ .Values.global.configuration.openzaakAutorisatiesApi | default .Values.configuration.openzaakAuthorization.ApiRoot | toString | quote }} - NOTIF_OPENZAAK_CLIENT_ID: {{ .Values.global.configuration.notificatiesOpenzaakClientId | default .Values.configuration.openzaakAuthorization.notificationOpenzaakClientId | toString | quote }} - {{- end }} - OPENZAAK_NOTIF_CONFIG_ENABLE: {{ if .Values.configuration.notificaties.enabled }}"True"{{ else }}"False"{{ end }} - {{- if .Values.configuration.notificaties.enabled }} - OPENZAAK_NOTIF_CLIENT_ID: {{ .Values.global.configuration.openzaakNotificatiesClientId | default .Values.configuration.notificaties.openzaakNotifcationClientId | toString | quote }} - {{- end }} - {{- end }} {{ if .Values.configuration.superuser.username }} OPENNOTIFICATIES_SUPERUSER_USERNAME: {{ .Values.configuration.superuser.username | toString | quote }} OPENNOTIFICATIES_SUPERUSER_EMAIL: {{ .Values.configuration.superuser.email | toString | quote }} diff --git a/charts/opennotificaties/templates/configuration-secrets.yaml b/charts/opennotificaties/templates/configuration-secrets.yaml index 582245f..c28b8d9 100644 --- a/charts/opennotificaties/templates/configuration-secrets.yaml +++ b/charts/opennotificaties/templates/configuration-secrets.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.global.configuration.enabled .Values.configuration.enabled}} +{{- if and (not .Values.existingConfigurationSecrets) .Values.global.configuration.enabled .Values.configuration.enabled}} apiVersion: v1 kind: Secret metadata: - name: {{ include "opennotificaties.fullname" . }}-config-secrets + name: {{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "opennotificaties.fullname" .)) }} labels: {{- include "opennotificaties.labels" . | nindent 4 }} stringData: diff --git a/charts/opennotificaties/templates/job-config.yaml b/charts/opennotificaties/templates/job-config.yaml index 20112ae..f0485d1 100644 --- a/charts/opennotificaties/templates/job-config.yaml +++ b/charts/opennotificaties/templates/job-config.yaml @@ -38,7 +38,7 @@ spec: - secretRef: name: {{ .Values.existingSecret | default (include "opennotificaties.fullname" .) }} - secretRef: - name: {{ include "opennotificaties.fullname" . }}-config-secrets + name: {{ if .Values.existingConfigurationSecrets }}{{ .Values.existingConfigurationSecrets }}{{ else }}{{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "opennotificaties.fullname" .)) }}{{ end }} - configMapRef: name: {{ include "opennotificaties.fullname" . }} env: diff --git a/charts/opennotificaties/templates/secret.yaml b/charts/opennotificaties/templates/secret.yaml index aeb8fb7..366a58c 100644 --- a/charts/opennotificaties/templates/secret.yaml +++ b/charts/opennotificaties/templates/secret.yaml @@ -35,14 +35,6 @@ stringData: {{- if .Values.settings.elasticapm.url }} ELASTIC_APM_SECRET_TOKEN: {{ .Values.settings.elasticapm.token | toString | quote }} {{- end }} - {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}} - {{ if .Values.configuration.openzaakAuthorization.enabled -}} - NOTIF_OPENZAAK_SECRET: {{ .Values.global.configuration.notificatiesOpenzaakSecret | default .Values.configuration.openzaakAuthorization.notifcationOpenzaakSecret | toString | quote }} - {{- end }} - {{ if .Values.configuration.notificaties.enabled -}} - OPENZAAK_NOTIF_SECRET: {{ .Values.global.configuration.openzaakNotificatiesSecret | default .Values.configuration.notificaties.openzaakNotificationSecret | toString | quote }} - {{- end }} - {{- end }} {{ if .Values.configuration.superuser.username }} DJANGO_SUPERUSER_PASSWORD: {{ .Values.configuration.superuser.password | toString | quote }} {{- end }} diff --git a/charts/opennotificaties/values.yaml b/charts/opennotificaties/values.yaml index 183cc84..0b86fd9 100644 --- a/charts/opennotificaties/values.yaml +++ b/charts/opennotificaties/values.yaml @@ -2,13 +2,6 @@ global: configuration: enabled: false overwrite: true - organization: Gemeente Example - openzaakAutorisatiesApi: https://openzaak.example.nl/autorisaties/api/v1/ - notificatiesApi: http://opennotificaties.example.nl/api/v1/ - notificatiesOpenzaakClientId: notif-client-id - notificatiesOpenzaakSecret: notif-secret - openzaakNotificatiesClientId: oz-client-id - openzaakNotificatiesSecret: oz-secret secrets: {} settings: @@ -18,19 +11,6 @@ global: configuration: enabled: false overwrite: true - sites: - enabled: false - notificatiesDomain: "" - organization: "" - openzaakAuthorization: - enabled: false - ApiRoot: "" - notificationOpenzaakClientId: "" - notifcationOpenzaakSecret: "" - notificaties: - enabled: false - openzaakNotifcationClientId: "" - openzaakNotificationSecret: "" superuser: username: "" password: "" @@ -52,6 +32,127 @@ configuration: # memory: 128Mi secrets: {} data: "" + # e.g. + # data: |- + # oidc_db_config_enable: True + # oidc_db_config_admin_auth: + # items: + # - identifier: admin-oidc + # enabled: True + # oidc_rp_client_id: opennotificaties.example.nl + # oidc_rp_client_secret: ${keycloak_client_secret} + # oidc_rp_scopes_list: + # - openid + # - email + # - profile + # - roles + # oidc_rp_sign_algo: RS256 + # endpoint_config: + # oidc_op_discovery_endpoint: https://keycloak.example.nl/realms/example/ + # username_claim: + # - sub + # groups_claim: + # - roles + # claim_mapping: + # first_name: + # - given_name + # last_name: + # - family_name + # email: + # - email + # sync_groups: true + # sync_groups_glob_pattern: "*" + # default_groups: [] + # make_users_staff: true + # superuser_group_names: + # - Superuser + # oidc_use_nonce: true + # oidc_nonce_size: 32 + # oidc_state_size: 32 + # userinfo_claims_source: id_token + # zgw_consumers_config_enable: True + # zgw_consumers: + # services: + # - identifier: autorisaties-api + # label: Autorisaties API + # api_root: https://openzaak.example.nl/autorisaties/api/v1/ + # api_type: ac + # auth_type: zgw + # client_id: open-notificaties + # secret: ${opennotificaties_autorisatie_api_secret} + # user_id: open-notificaties + # user_representation: Open Notificaties + # autorisaties_api_config_enable: True + # autorisaties_api: + # # Configure Open Notificaties to make use of Open Zaak's Autorisaties API + # authorizations_api_service_identifier: autorisaties-api + # vng_api_common_credentials_config_enable: True + # vng_api_common_credentials: + # items: + # # Credentials for Open Zaak to be able to make requests to Open Notificaties + # - identifier: open-zaak + # secret: ${opennotificaties_openzaak_vng_api_common_secret} + # # Credentials for Open Notificaties, required for autorisaties subscription + # - identifier: open-notificaties + # secret: ${opennotificaties_autorisaties_vng_api_common_secret} + # notifications_kanalen_config_enable: true + # notifications_kanalen_config: + # items: + # - naam: autorisaties + # documentatie_link: https://openzaak.example.nl/ref/kanalen/#/autorisaties + # filters: [] + # - naam: besluittypen + # documentatie_link: https://openzaak.example.nl/ref/kanalen/#/besluittypen + # filters: + # - catalogus + # - naam: informatieobjecttypen + # documentatie_link: https://openzaak.example.nl/ref/kanalen/#/informatieobjecttypen + # filters: + # - catalogus + # - naam: zaaktypen + # documentatie_link: https://openzaak.example.nl/ref/kanalen/#/zaaktypen + # filters: + # - catalogus + # - naam: zaken + # documentatie_link: https://openzaak.example.nl/ref/kanalen/#/zaken + # filters: + # - bronorganisatie + # - zaaktype + # - vertrouwelijkheidaanduiding + # - naam: documenten + # documentatie_link: https://openzaak.example.nl/ref/kanalen/#/documenten + # filters: + # - bronorganisatie + # - informatieobjecttype + # - vertrouwelijkheidaanduiding + # - naam: besluiten + # documentatie_link: https://openzaak.example.nl/ref/kanalen/#/besluiten + # filters: + # - verantwoordelijke_organisatie + # - besluittype + # notifications_abonnementen_config_enable: true + # notifications_abonnementen_config: + # items: + # - uuid: ff5a9438-6512-4c2d-b69e-6c512c466fb8 + # callback_url: https://openzaak.example.nl/api/v1/callback + # auth: Token foo + # kanalen: + # - filters: + # zaaktype: https://openzaak.example.nl/catalogi/api/v1/zaaktypen/d0b3a90d-7959-4699-8bdb-bf228aef5e21 + # naam: zaken + # - filters: + # vertrouwelijkheidaanduiding: beperkt_openbaar + # naam: zaken + # - uuid: 03baec5a-93ef-4ba6-bb73-c548c12009a2 + # callback_url: https://openzaak.example.nl/api/v1/other-callback + # auth: Token bar + # kanalen: + # - naam: zaken + # sites_config_enable: true + # sites_config: + # items: + # - domain: opennotificaties.test.opengem.nl + # name: Open Notificaties tags: redis: true @@ -184,6 +285,10 @@ persistence: # Existing Secret must be defined for AzureVaultSecret to work existingSecret: null +# Reference to an existing secret with the values needed for django-setup-configuration +existingConfigurationSecrets: null +# If no secret already exists with the values needed for django-setup-configuration, create it with the following name +configurationSecretsName: "" # This will create an AzureVaultSecret object in k8s, only Multi Key Value Secret are supported by this chart # ref: https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets