diff --git a/charts/openzaak/CHANGELOG.md b/charts/openzaak/CHANGELOG.md index c7d2f71..0e03432 100644 --- a/charts/openzaak/CHANGELOG.md +++ b/charts/openzaak/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 1.8.0 (2025-02-17) + +Stable release with support of [django-setup-configuration](https://github.com/maykinmedia/django-setup-configuration). + +- Fixed the configuration-secrets.yaml template to render only if no existing secret is present in the cluster (needed for example if using sealed secrets). +- Removed support for the following environment variables: `SITES_CONFIG_ENABLE`, `OPENZAAK_DOMAIN`, `OPENZAAK_ORGANIZATION`, `NOTIF_OPENZAAK_CONFIG_ENABLE`, `NOTIF_OPENZAAK_CLIENT_ID`, `OPENZAAK_NOTIF_CONFIG_ENABLE`, `NOTIF_API_ROOT`, `OPENZAAK_NOTIF_CLIENT_ID`, `OPENZAAK_SELECTIELIJST_CONFIG_ENAB`, `SELECTIELIJST_API_ROOT`, `SELECTIELIJST_API_OAS`, `SELECTIELIJST_ALLOWED_YEARS`, `SELECTIELIJST_DEFAULT_YEAR`. The settings that used to be configured with these variables can now be configured via django setup configuration. +- Removed variable `DEMO_CONFIG_ENABLE` because it is not supported by the application. + ## 1.8.0-beta.0 (2025-01-28) - [#172] Add Horizontal Pod Autoscaler for nginx. Fix the deployment to look for the `.Values.worker.autoscaling.enabled` value instead of the `.Values.autoscaling.enabled` when setting the replicas of the worker. diff --git a/charts/openzaak/Chart.yaml b/charts/openzaak/Chart.yaml index 68c246d..8e300e0 100644 --- a/charts/openzaak/Chart.yaml +++ b/charts/openzaak/Chart.yaml @@ -3,8 +3,8 @@ name: openzaak description: Productiewaardige API's voor Zaakgericht Werken type: application -version: 1.8.0-beta.0 -appVersion: latest +version: 1.8.0 +appVersion: 1.18.0 dependencies: - name: redis diff --git a/charts/openzaak/README.md b/charts/openzaak/README.md index e900c31..f7832b5 100644 --- a/charts/openzaak/README.md +++ b/charts/openzaak/README.md @@ -1,6 +1,6 @@ # openzaak -![Version: 1.8.0-beta.0](https://img.shields.io/badge/Version-1.8.0--beta.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.18.0](https://img.shields.io/badge/AppVersion-1.18.0-informational?style=flat-square) Productiewaardige API's voor Zaakgericht Werken @@ -44,28 +44,12 @@ Productiewaardige API's voor Zaakgericht Werken | configuration.job.enabled | bool | `false` | Run the setup configuration command as a job | | configuration.job.resources | object | `{}` | | | configuration.job.restartPolicy | string | `"OnFailure"` | | -| configuration.notificaties.ApiRoot | string | `""` | | -| configuration.notificaties.enabled | bool | `false` | | -| configuration.notificaties.openzaakNotifcationClientId | string | `""` | | -| configuration.notificaties.openzaakNotificationSecret | string | `""` | | -| configuration.notificaties.registerKanalen | bool | `false` | | -| configuration.notificatiesAuthorization.enabled | bool | `false` | | -| configuration.notificatiesAuthorization.notifcationOpenzaakSecret | string | `""` | | -| configuration.notificatiesAuthorization.notificationOpenzaakClientId | string | `""` | | | configuration.overwrite | bool | `true` | | | configuration.secrets | object | `{}` | | -| configuration.selectieLijst.AllowedYears[0] | int | `2017` | | -| configuration.selectieLijst.AllowedYears[1] | int | `2020` | | -| configuration.selectieLijst.ApiOas | string | `"https://selectielijst.openzaak.nl/api/v1/schema/openapi.yaml"` | | -| configuration.selectieLijst.ApiRoot | string | `"https://selectielijst.openzaak.nl/api/v1/"` | | -| configuration.selectieLijst.DefaultYear | int | `2020` | | -| configuration.selectieLijst.enabled | bool | `false` | | -| configuration.sites.enabled | bool | `false` | | -| configuration.sites.openzaakDomain | string | `""` | | -| configuration.sites.organization | string | `""` | | | configuration.superuser.email | string | `""` | | | configuration.superuser.password | string | `""` | | | configuration.superuser.username | string | `""` | | +| existingConfigurationSecrets | string | `nil` | | | existingSecret | string | `nil` | | | extraDeploy | list | `[]` | | | extraEnvVars | list | `[]` | | @@ -89,13 +73,6 @@ Productiewaardige API's voor Zaakgericht Werken | flower.resources | object | `{}` | | | fullnameOverride | string | `""` | | | global.configuration.enabled | bool | `false` | | -| global.configuration.notificatiesApi | string | `"http://opennotificaties.example.nl/api/v1/"` | | -| global.configuration.notificatiesOpenzaakClientId | string | `"notif-client-id"` | | -| global.configuration.notificatiesOpenzaakSecret | string | `"notif-secret"` | | -| global.configuration.openzaakAutorisatiesApi | string | `"https://openzaak.example.nl/autorisaties/api/v1/"` | | -| global.configuration.openzaakNotificatiesClientId | string | `"oz-client-id"` | | -| global.configuration.openzaakNotificatiesSecret | string | `"oz-secret"` | | -| global.configuration.organization | string | `"Gemeente Example"` | | | global.configuration.overwrite | bool | `true` | | | global.configuration.secrets | object | `{}` | | | global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host | diff --git a/charts/openzaak/templates/configmap.yaml b/charts/openzaak/templates/configmap.yaml index fdf94db..3e4b460 100644 --- a/charts/openzaak/templates/configmap.yaml +++ b/charts/openzaak/templates/configmap.yaml @@ -81,30 +81,6 @@ data: {{ if .Values.settings.disable2fa }} DISABLE_2FA: "True" {{- end }} - {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}} - DEMO_CONFIG_ENABLE: "False" - SITES_CONFIG_ENABLE: {{ if .Values.configuration.sites.enabled }}"True"{{ else }}"False"{{ end }} - {{- if .Values.configuration.sites.enabled }} - OPENZAAK_DOMAIN: {{ .Values.configuration.sites.openzaakDomain | toString | quote }} - OPENZAAK_ORGANIZATION: {{ .Values.global.configuration.organization | default .Values.configuration.sites.organization | toString | quote }} - {{- end }} - NOTIF_OPENZAAK_CONFIG_ENABLE: {{ if .Values.configuration.notificatiesAuthorization.enabled }}"True"{{ else }}"False"{{ end }} - {{- if .Values.configuration.notificatiesAuthorization.enabled }} - NOTIF_OPENZAAK_CLIENT_ID: {{ .Values.global.configuration.notificatiesOpenzaakClientId | default .Values.configuration.notificatiesAuthorization.notificationOpenzaakClientId | toString | quote }} - {{- end }} - OPENZAAK_NOTIF_CONFIG_ENABLE: {{ if .Values.configuration.notificaties.enabled }}"True"{{ else }}"False"{{ end }} - {{- if .Values.configuration.notificaties.enabled }} - NOTIF_API_ROOT: {{ .Values.global.configuration.notificatiesApi | default .Values.configuration.notificaties.ApiRoot | toString | quote }} - OPENZAAK_NOTIF_CLIENT_ID: {{ .Values.global.configuration.openzaakNotificatiesClientId | default .Values.configuration.notificaties.openzaakNotifcationClientId | toString | quote }} - {{- end }} - OPENZAAK_SELECTIELIJST_CONFIG_ENABLE: {{ if .Values.configuration.selectieLijst.enabled }}"True"{{ else }}"False"{{ end }} - {{- if .Values.configuration.selectieLijst.enabled }} - SELECTIELIJST_API_ROOT: {{ .Values.configuration.selectieLijst.ApiRoot | toString | quote }} - SELECTIELIJST_API_OAS: {{ .Values.configuration.selectieLijst.ApiOas | toString | quote }} - SELECTIELIJST_ALLOWED_YEARS: {{ .Values.configuration.selectieLijst.AllowedYears | toString | quote }} - SELECTIELIJST_DEFAULT_YEAR: {{ .Values.configuration.selectieLijst.DefaultYear | toString | quote }} - {{- end }} - {{- end }} {{ if .Values.configuration.superuser.username }} OPENZAAK_SUPERUSER_USERNAME: {{ .Values.configuration.superuser.username | toString | quote }} OPENZAAK_SUPERUSER_EMAIL: {{ .Values.configuration.superuser.email | toString | quote }} diff --git a/charts/openzaak/templates/configuration-data.yaml b/charts/openzaak/templates/configuration-data.yaml index 05cdf44..c152d36 100644 --- a/charts/openzaak/templates/configuration-data.yaml +++ b/charts/openzaak/templates/configuration-data.yaml @@ -1,7 +1,6 @@ {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}} apiVersion: v1 kind: ConfigMap -metadata: metadata: name: {{ include "openzaak.fullname" . }}-configuration labels: diff --git a/charts/openzaak/templates/configuration-secrets.yaml b/charts/openzaak/templates/configuration-secrets.yaml index 673c57c..b1dbb7e 100644 --- a/charts/openzaak/templates/configuration-secrets.yaml +++ b/charts/openzaak/templates/configuration-secrets.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.global.configuration.enabled .Values.configuration.enabled}} +{{- if and (not .Values.existingConfigurationSecrets) .Values.global.configuration.enabled .Values.configuration.enabled}} apiVersion: v1 kind: Secret metadata: - name: {{ include "openzaak.fullname" . }}-config-secrets + name: {{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "openzaak.fullname" .)) }} labels: {{- include "openzaak.labels" . | nindent 4 }} stringData: diff --git a/charts/openzaak/templates/job-config.yaml b/charts/openzaak/templates/job-config.yaml index 6bd06f4..f10505d 100644 --- a/charts/openzaak/templates/job-config.yaml +++ b/charts/openzaak/templates/job-config.yaml @@ -38,7 +38,7 @@ spec: - secretRef: name: {{ .Values.existingSecret | default (include "openzaak.fullname" .) }} - secretRef: - name: {{ include "openzaak.fullname" . }}-config-secrets + name: {{ if .Values.existingConfigurationSecrets }}{{ .Values.existingConfigurationSecrets }}{{ else }}{{ .Values.configurationSecretsName | default (printf "%s-config-secrets" (include "openzaak.fullname" .)) }}{{ end }} - configMapRef: name: {{ include "openzaak.fullname" . }} env: diff --git a/charts/openzaak/values.yaml b/charts/openzaak/values.yaml index 8d335ab..f8a2b00 100644 --- a/charts/openzaak/values.yaml +++ b/charts/openzaak/values.yaml @@ -2,13 +2,6 @@ global: configuration: enabled: false overwrite: true - organization: Gemeente Example - openzaakAutorisatiesApi: https://openzaak.example.nl/autorisaties/api/v1/ - notificatiesApi: http://opennotificaties.example.nl/api/v1/ - notificatiesOpenzaakClientId: notif-client-id - notificatiesOpenzaakSecret: notif-secret - openzaakNotificatiesClientId: oz-client-id - openzaakNotificatiesSecret: oz-secret secrets: {} settings: @@ -18,27 +11,6 @@ global: configuration: enabled: false overwrite: true - sites: - enabled: false - openzaakDomain: "" - organization: "" - notificatiesAuthorization: - enabled: false - notificationOpenzaakClientId: "" - notifcationOpenzaakSecret: "" - notificaties: - enabled: false - ApiRoot: "" - openzaakNotifcationClientId: "" - openzaakNotificationSecret: "" - # Run the manage.py register_kanalen command, runs in cron job only - registerKanalen: false - selectieLijst: - enabled: false - ApiRoot: https://selectielijst.openzaak.nl/api/v1/ - ApiOas: https://selectielijst.openzaak.nl/api/v1/schema/openapi.yaml - AllowedYears: [2017, 2020] - DefaultYear: 2020 superuser: username: "" password: "" @@ -60,6 +32,94 @@ configuration: # memory: 128Mi secrets: {} data: "" + # e.g. + # data: |- + # sites_config_enable: true + # sites_config: + # items: + # - domain: openzaak.example.nl + # name: Open-Zaak Test + # zgw_consumers_config_enable: true + # zgw_consumers: + # services: + # - identifier: notifications-api + # label: Notificaties API + # api_root: https://opennotificaties.example.nl/api/v1/ + # api_connection_check_path: notificaties + # api_type: nrc + # auth_type: api_key + # header_key: Authorization + # header_value: Token ${opennotificaties_openzaak_secret} + # - identifier: selectielijst-api + # label: Selectielijst API + # api_root: https://selectielijst.openzaak.nl/api/v1/ + # api_type: orc + # auth_type: no_auth + # notifications_config_enable: true + # notifications_config: + # notifications_api_service_identifier: notifications-api + # notification_delivery_max_retries: 1 + # notification_delivery_retry_backoff: 2 + # notification_delivery_retry_backoff_max: 3 + # openzaak_selectielijst_config_enable: true + # openzaak_selectielijst_config: + # selectielijst_api_service_identifier: selectielijst-api + # allowed_years: + # - 2020 + # - 2017 + # default_year: 2020 + + # # These are all the applications that need to talk to Open Zaak. + # # Their secrets are configured in the `vng_api_common_credentials` values below! + # vng_api_common_applicaties_config_enable: true + # vng_api_common_applicaties: + # items: + # - uuid: 78591bab-9a00-4887-849c-53b21a67782f + # client_ids: + # - open-formulieren + # label: Open Formulieren + # heeft_alle_autorisaties: true + # vng_api_common_credentials_config_enable: true + # vng_api_common_credentials: + # items: + # - identifier: open-formulieren + # secret: ${openzaak_openforms_secret} + # oidc_db_config_enable: True + # oidc_db_config_admin_auth: + # items: + # - identifier: admin-oidc + # enabled: True + # oidc_rp_client_id: openzaak.example.nl + # oidc_rp_client_secret: ${keycloak_client_secret} + # oidc_rp_scopes_list: + # - openid + # - email + # - profile + # - roles + # oidc_rp_sign_algo: RS256 + # endpoint_config: + # oidc_op_discovery_endpoint: https://keycloak.example.nl/realms/example/ + # username_claim: + # - sub + # groups_claim: + # - roles + # claim_mapping: + # first_name: + # - given_name + # last_name: + # - family_name + # email: + # - email + # sync_groups: true + # sync_groups_glob_pattern: "*" + # default_groups: [] + # make_users_staff: true + # superuser_group_names: + # - Superuser + # oidc_use_nonce: true + # oidc_nonce_size: 32 + # oidc_state_size: 32 + # userinfo_claims_source: id_token tags: redis: true @@ -191,6 +251,7 @@ persistence: # Existing Secret must be defined for AzureVaultSecret to work existingSecret: null +existingConfigurationSecrets: null # This will create an AzureVaultSecret object in k8s, only Multi Key Value Secret are supported by this chart # ref: https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets