Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open-Zaak 1.12.4, Open-Notificaties 1.6.0 #41

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions charts/open-notificaties/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,22 @@ name: open-notificaties
description: API voor het routeren van notificaties

type: application
version: 0.8.0
version: 0.8.1
appVersion: "1.4.0"

dependencies:
- name: postgresql
version: ~10.12.0
version: ~15.5.5
repository: https://charts.bitnami.com/bitnami
tags:
- postgresql
- name: redis
version: ~13.0.0
version: ~19.5.2
repository: https://charts.bitnami.com/bitnami
tags:
- redis
- name: rabbitmq
version: ~8.23.0
version: ~14.4.1
repository: https://charts.bitnami.com/bitnami
tags:
- rabbitmq
153 changes: 87 additions & 66 deletions charts/open-notificaties/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,28 @@ helm install open-notificaties open-zaak/open-notificaties \

:warning: The default settings are unsafe for production usage. Configure proper secrets, enable persistency and consider High Availability (HA) for the database and the application.

:warning: When you uninstall the chart, the PVCs will not be deleted. This can cause confusion during testing.

If you want to use your own instances of Redis, Postgres and RabbitMQ instead, you can disable the subcharts:

```bash

helm install open-notificaties open-zaak/open-notificaties \
--set "tags.redis=false" \
--set "tags.postgresql=false" \
--set "tags.rabbitmq=false" \
--set "settings.database.host=postgres.gemeente.nl" \
--set "settings.cache.default=redis.gemeente.nl:6379/1" \
--set "settings.cache.axes=redis.gemeente.nl:6379/1" \
--set "settings.celery.resultBackend=redis.gemeente.nl:6379/2" \
--set "settings.messageBroker.host=rabbitmq.gemeente.nl" \
--set "settings.allowedHosts=open-notificaties.gemeente.nl" \
--set "ingress.enabled=true" \
--set "ingress.hosts={open-notificaties.gemeente.nl}"
```

You will probably need to set more values to configure the connection to your own Redis, Postgres and RabbitMQ instances.

## Chart and Open Notificaties versions alignment

Not every version of the chart is compatible with every version of Open Notificaties. The
Expand All @@ -40,71 +62,70 @@ table below describes the supported versions

## Configuration

| Parameter | Description | Default |
| --------- | ----------- | ------- |
| `tags.postgresql` | Install PostgreSQL subchart | `true` |
| `tags.redis` | Install Redis subchart | `true` |
| `tags.rabbitmq` | Install RabbitMQ subchart | `true` |
| `image.repository` | The repository of the Docker image | `openzaak/open-notificaties` |
| `image.tag` | The tag of the Docker image | `""` (uses `.Chart.AppVersion` by default) |
| `replicaCount` | The number of replicas | `1` |
| `podLabels` | Additional labels to be set on the open-notification API pods | `{}` |
| `ingress.enabled` | Expose the application through an ingress | `false` |
| `ingress.annotations` | Additional annotations on the API ingress | `{}` |
| `ingress.hosts` | Ingress hosts | `"{open-notificaties.gemeente.nl}"` |
| `ingress.tls` | Ingress TLS settings | `"[]"` |
| `existingSecret` | Refer to an existing secret to avoid managing secrets through Helm. See templates/secret.yaml for required contents of your existing secret. This secret is also used for the Worker and Flower components. | `null` |
| `settings.allowedHosts` | A comma-separated list of hosts allowed by the application | `"open-notificaties.gemeente.nl"` |
| `settings.secretKey` | The secret key of the application | `"SOME-RANDOM-SECRET"` |
| `settings.database.host` | The hostname of PostgreSQL | `"open-notificaties-postgresql"` |
| `settings.database.port` | The port of PostgreSQL | `5432` |
| `settings.database.username` | The username of PostgreSQL | `"postgres"` |
| `settings.database.password` | The password of PostgreSQL | `"SUPER-SECRET"` |
| `settings.database.name` | The database name of PostgreSQL | `"open-notificaties"` |
| `settings.database.sslmode` | The SSL-mode used by the postgres client. See [docs](https://www.postgresql.org/docs/current/libpq-ssl.html) for more info | `"prefer"` |
| `settings.numProxies` | The number of reverse proxies between client and backend container. Set this to 1 if exposing the application through an ingress | `0` |
| `settings.cache.default` | The Redis cache for the default cache | `"open-notificaties-redis-master:6379/0"` |
| `settings.cache.axes` | The Redis cache for the axes cache | `"open-notificaties-redis-master:6379/0"` |
| `settings.email.host` | The hostname of the SMTP server | `"localhost"` |
| `settings.email.port` | The port of the SMTP server | `25` |
| `settings.email.username` | The username of the SMTP server | `""` |
| `settings.email.password` | The password of the SMTP server | `""` |
| `settings.email.useTLS` | Use TLS for connecting to SMTP server | `false` |
| `settings.sentry.dsn` | The DSN for Sentry Logging | `""` |
| `settings.messageBroker.host` | The URL to the Celery broker | `"open-notificaties-rabbitmq"` |
| `settings.celery.resultBackend` | The URL to the Celery result backend | `"redis://open-notificaties-redis-master:6379/1"` |
| `settings.isHttps` | Used to construct absolute URLs and controls a variety of security settings | `true` |
| `settings.debug` | Only set this to True on a local development environment. Various other security settings are derived from this setting | `false` |
| `settings.autoRetry.maxRetries` | Maximum number of notification delivery retries. If `null`, the upstream defaults are used. | `null` |
| `settings.autoRetry.backoff` | Exponential backoff, boolean or number. If a number, applies as a scale factor. If `null`, the upstream defaults are used. | `null` |
| `settings.autoRetry.backoffMax` | Upper limit (in seconds) of the exponential backoff. If `null`, the upstream defaults are used. | `null` |
| `settings.flower.urlPrefix` | If enabled, deploy Flower on a non-root URL | `""` |
| `settings.flower.basicAuth` | Secure Flower with [Basic Authentication](https://flower.readthedocs.io/en/latest/config.html#basic-auth). This is a comma-separated list of `username:password`. You should configure this when `flower.ingress.enabled` is set to true. | `""` |
| `worker.podLabels` | Additional labels to be set on the open-notification worker pods | `{}` |
| `postgresql.persistence.enabled` | Enable PostgreSQL persistency | `false` |
| `postgresql.persistence.size` | Configure PostgreSQL size | `"1Gi"` |
| `postgresql.persistence.existingClaim` | Use an existing persistent volume claim | `null` |
| `postgresql.postgresqlDatabase` | The PostgreSQL database name | `"open-notificaties"` |
| `postgresql.postgresqlPassword` | The PostgreSQL administrative password | `"SUPER-SECRET"` |
| `flower.enabled` | Whether or not to deploy the [Flower](https://flower.readthedocs.io/en/latest/) component, which is a monitoring tool for Celery | `false` |
| `flower.replicaCount` | The number of replicas for Celery Flower | `1` |
| `flower.podLabels` | Additional labels to be set for Celery Flower | `{}` |
| `flower.extraEnvVars` | Configure Flower through additional environment variables. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` |
| `flower.extraEnvVarsSecret` | Configure Flower through additional environment variables. This property should contain secrets like basic-auth. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` |
| `flower.ingress.enabled` | Use a dedicated Ingress for Flower, which can act as a Management Ingress. When `Values.ingress.enabled` is set to true and this parameter to false, then Flower will be exposed on the main Ingress. | `false` |
| `flower.ingress.annotations` | Additional annotations on the Flower Ingress | `{}` |
| `flower.ingress.hosts` | Flower Ingress hosts | `"{open-notificaties-flower.gemeente.nl}"` |
| `flower.ingress.tls` | Flower Ingress TLS settings | `"[]"` |
| `redis.usePassword` | Use a Redis password | `false` |
| `redis.cluster.enabled` | Enable Redis cluster | `false` |
| `redis.persistence.existingClaim` | Use existing persistent volume claim for Redis | `""` |
| `redis.master.persistence.enabled` | Enable persistency for Redis master | `false` |
| `redis.master.persistence.size` | The size of the Redis master persistent volume | `"1Gi"` |
| `rabbitmq.auth.username` | RabbitMQ username | `"guest"` |
| `rabbitmq.auth.password` | RabbitMQ password | `"guest"` |
| `rabbitmq.auth.erlangCookie` | RabbitMQ Erlang Cookie | `"SUPER-SECRET"` |
| `rabbitmq.persistence.enabled` | Enable RabbitMQ persistency | `false` |
| `rabbitmq.persistence.size` | Configure RabbitMQ size | `"1Gi"` |
| `rabbitmq.persistence.existingClaim` | Use an existing persistent volume claim | `null` |
| Parameter | Description | Default |
|-------------------------------------------------------| ----------- | ------- |
| `tags.postgresql` | Install PostgreSQL subchart | `true` |
| `tags.redis` | Install Redis subchart | `true` |
| `tags.rabbitmq` | Install RabbitMQ subchart | `true` |
| `image.repository` | The repository of the Docker image | `openzaak/open-notificaties` |
| `image.tag` | The tag of the Docker image | `""` (uses `.Chart.AppVersion` by default) |
| `replicaCount` | The number of replicas | `1` |
| `podLabels` | Additional labels to be set on the open-notification API pods | `{}` |
| `ingress.enabled` | Expose the application through an ingress | `false` |
| `ingress.annotations` | Additional annotations on the API ingress | `{}` |
| `ingress.hosts` | Ingress hosts | `"{open-notificaties.gemeente.nl}"` |
| `ingress.tls` | Ingress TLS settings | `"[]"` |
| `existingSecret` | Refer to an existing secret to avoid managing secrets through Helm. See templates/secret.yaml for required contents of your existing secret. This secret is also used for the Worker and Flower components. | `null` |
| `settings.allowedHosts` | A comma-separated list of hosts allowed by the application | `"open-notificaties.gemeente.nl"` |
| `settings.secretKey` | The secret key of the application | `"SOME-RANDOM-SECRET"` |
| `settings.database.host` | The hostname of PostgreSQL | `"open-notificaties-postgresql"` |
| `settings.database.port` | The port of PostgreSQL | `5432` |
| `settings.database.username` | The username of PostgreSQL | `"postgres"` |
| `settings.database.password` | The password of PostgreSQL | `"SUPER-SECRET"` |
| `settings.database.name` | The database name of PostgreSQL | `"open-notificaties"` |
| `settings.database.sslmode` | The SSL-mode used by the postgres client. See [docs](https://www.postgresql.org/docs/current/libpq-ssl.html) for more info | `"prefer"` |
| `settings.numProxies` | The number of reverse proxies between client and backend container. Set this to 1 if exposing the application through an ingress | `0` |
| `settings.cache.default` | The Redis cache for the default cache | `"open-notificaties-redis-master:6379/0"` |
| `settings.cache.axes` | The Redis cache for the axes cache | `"open-notificaties-redis-master:6379/0"` |
| `settings.email.host` | The hostname of the SMTP server | `"localhost"` |
| `settings.email.port` | The port of the SMTP server | `25` |
| `settings.email.username` | The username of the SMTP server | `""` |
| `settings.email.password` | The password of the SMTP server | `""` |
| `settings.email.useTLS` | Use TLS for connecting to SMTP server | `false` |
| `settings.sentry.dsn` | The DSN for Sentry Logging | `""` |
| `settings.messageBroker.host` | The URL to the Celery broker | `"open-notificaties-rabbitmq"` |
| `settings.celery.resultBackend` | The URL to the Celery result backend | `"redis://open-notificaties-redis-master:6379/1"` |
| `settings.isHttps` | Used to construct absolute URLs and controls a variety of security settings | `true` |
| `settings.debug` | Only set this to True on a local development environment. Various other security settings are derived from this setting | `false` |
| `settings.autoRetry.maxRetries` | Maximum number of notification delivery retries. If `null`, the upstream defaults are used. | `null` |
| `settings.autoRetry.backoff` | Exponential backoff, boolean or number. If a number, applies as a scale factor. If `null`, the upstream defaults are used. | `null` |
| `settings.autoRetry.backoffMax` | Upper limit (in seconds) of the exponential backoff. If `null`, the upstream defaults are used. | `null` |
| `settings.flower.urlPrefix` | If enabled, deploy Flower on a non-root URL | `""` |
| `settings.flower.basicAuth` | Secure Flower with [Basic Authentication](https://flower.readthedocs.io/en/latest/config.html#basic-auth). This is a comma-separated list of `username:password`. You should configure this when `flower.ingress.enabled` is set to true. | `""` |
| `worker.podLabels` | Additional labels to be set on the open-notification worker pods | `{}` |
| `postgresql.primary.ersistence.enabled` | Enable PostgreSQL persistency | `false` |
| `postgresql.primary.persistence.size` | Configure PostgreSQL size | `"1Gi"` |
| `postgresql.primary.persistence.existingClaim` | Use an existing persistent volume claim | `null` |
| `postgresql.global.postgresql.auth.database` | The PostgreSQL database name | `"open-notificaties"` |
| `postgresql.global.postgresql.auth.postgresqlPassword` | The PostgreSQL administrative password | `"SUPER-SECRET"` |
| `flower.enabled` | Whether or not to deploy the [Flower](https://flower.readthedocs.io/en/latest/) component, which is a monitoring tool for Celery | `false` |
| `flower.replicaCount` | The number of replicas for Celery Flower | `1` |
| `flower.podLabels` | Additional labels to be set for Celery Flower | `{}` |
| `flower.extraEnvVars` | Configure Flower through additional environment variables. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` |
| `flower.extraEnvVarsSecret` | Configure Flower through additional environment variables. This property should contain secrets like basic-auth. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` |
| `flower.ingress.enabled` | Use a dedicated Ingress for Flower, which can act as a Management Ingress. When `Values.ingress.enabled` is set to true and this parameter to false, then Flower will be exposed on the main Ingress. | `false` |
| `flower.ingress.annotations` | Additional annotations on the Flower Ingress | `{}` |
| `flower.ingress.hosts` | Flower Ingress hosts | `"{open-notificaties-flower.gemeente.nl}"` |
| `flower.ingress.tls` | Flower Ingress TLS settings | `"[]"` |
| `redis.auth.enabled` | Use a Redis password | `false` |
| `redis.master.persistence.enabled` | Enable persistency for Redis master | `false` |
| `redis.master.persistence.size` | The size of the Redis master persistent volume | `"1Gi"` |
| `redis.master.persistence.existingClaim` | Use existing persistent volume claim for Redis | `""` |
| `rabbitmq.auth.username` | RabbitMQ username | `"guest"` |
| `rabbitmq.auth.password` | RabbitMQ password | `"guest"` |
| `rabbitmq.auth.erlangCookie` | RabbitMQ Erlang Cookie | `"SUPER-SECRET"` |
| `rabbitmq.persistence.enabled` | Enable RabbitMQ persistency | `false` |
| `rabbitmq.persistence.size` | Configure RabbitMQ size | `"1Gi"` |
| `rabbitmq.persistence.existingClaim` | Use an existing persistent volume claim | `null` |

Check [values.yaml](./values.yaml) for all the possible configuration options.
24 changes: 12 additions & 12 deletions charts/open-notificaties/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -191,31 +191,31 @@ settings:
#######################

postgresql:
persistence:
enabled: false
size: 1Gi
existingClaim: null
primary:
persistence:
enabled: false
size: 1Gi
existingClaim: null

postgresqlDatabase: open-notificaties
postgresqlPassword: SUPER-SECRET
global:
postgresql:
auth:
database: open-notificaties
postgresPassword: SUPER-SECRET

##################
# Redis subchart #
##################

redis:
usePassword: false

cluster:
auth:
enabled: false

persistence:
existingClaim: null

master:
persistence:
enabled: false
size: 1Gi
existingClaim: null

#####################
# RabbitMQ subchart #
Expand Down