Merge pull request #144 from maykinmedia/feature/objecten-2.5.0

🔖 objecten release 2.5.0 add setup configuration

charts/objecten/Chart.yaml

@@ -3,7 +3,7 @@ name: objecten
 description: API om objecten te beheren die behoren bij een bepaald objecttype
 
 type: application
-version: 2.4.5
+version: 2.5.0
 appVersion: 2.4.4
 
 dependencies:

charts/objecten/README.md

@@ -1,6 +1,6 @@
 # objecten
 
-![Version: 2.4.5](https://img.shields.io/badge/Version-2.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.4](https://img.shields.io/badge/AppVersion-2.4.4-informational?style=flat-square)
+![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.4](https://img.shields.io/badge/AppVersion-2.4.4-informational?style=flat-square)
 
 API om objecten te beheren die behoren bij een bepaald objecttype
 
@@ -31,6 +31,27 @@ helm install my-release my-repo/objecten
 | azureVaultSecret.objectName | string | `""` |  |
 | azureVaultSecret.secretName | string | `"{{ .Values.existingSecret }}"` |  |
 | azureVaultSecret.vaultName | string | `nil` |  |
+| configuration.demo.email | string | `nil` |  |
+| configuration.demo.enable | bool | `false` |  |
+| configuration.demo.person | string | `nil` |  |
+| configuration.demo.token | string | `nil` |  |
+| configuration.enabled | bool | `false` |  |
+| configuration.initContainer.enabled | bool | `true` | Run the setup configuration command in a init container |
+| configuration.job.backoffLimit | int | `6` |  |
+| configuration.job.enabled | bool | `true` | Run the setup configuration command as a job |
+| configuration.job.resources | object | `{}` |  |
+| configuration.job.restartPolicy | string | `"OnFailure"` |  |
+| configuration.job.ttlSecondsAfterFinished | int | `0` | 0 Will clean the job after it is finished |
+| configuration.objectTypes.ApiRoot | string | `""` |  |
+| configuration.objectTypes.enable | bool | `false` |  |
+| configuration.objectTypes.token | string | `""` |  |
+| configuration.overwrite | bool | `true` |  |
+| configuration.sites.domain | string | `""` |  |
+| configuration.sites.enabled | bool | `false` |  |
+| configuration.sites.organization | string | `""` |  |
+| configuration.superuser.email | string | `""` |  |
+| configuration.superuser.password | string | `""` |  |
+| configuration.superuser.username | string | `""` |  |
 | existingSecret | string | `nil` |  |
 | extraEnvVars | list | `[]` | Array with extra environment variables to add |
 | extraIngress | list | `[]` | Specify extra ingresses, for example if you have multiple ingress classes |
@@ -51,6 +72,9 @@ helm install my-release my-repo/objecten
 | flower.replicaCount | int | `1` |  |
 | flower.resources | object | `{}` |  |
 | fullnameOverride | string | `""` |  |
+| global.configuration.enabled | bool | `false` |  |
+| global.configuration.organization | string | `"Gemeente Example"` |  |
+| global.configuration.overwrite | bool | `true` |  |
 | global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"maykinmedia/objects-api"` |  |
@@ -130,6 +154,7 @@ helm install my-release my-repo/objecten
 | settings.email.username | string | `""` |  |
 | settings.environment | string | `""` | sets the 'ENVIRONMENT' variable |
 | settings.isHttps | bool | `true` |  |
+| settings.notificationsDisabled | bool | `false` |  |
 | settings.secretKey | string | `""` | Generate secret key at https://djecrety.ir/ |
 | settings.sentry.dsn | string | `""` |  |
 | settings.useXForwardedHost | bool | `false` |  |

charts/objecten/templates/_helpers.tpl

@@ -129,6 +129,37 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}
 
+{{/*
+Create a name for Config cronjob
+We truncate at 56 chars in order to provide space for the "-config" suffix
+*/}}
+{{- define "objecten.configName" -}}
+{{ include "objecten.name" . | trunc 56 | trimSuffix "-" }}-config
+{{- end }}
+
+{{/*
+Create a default fully qualified name for config.
+We truncate at 56 chars in order to provide space for the "-config" suffix
+*/}}
+{{- define "objecten.configFullname" -}}
+{{ include "objecten.fullname" . | trunc 56 | trimSuffix "-" }}-config
+{{- end }}
+
+{{/*
+config labels
+*/}}
+{{- define "objecten.configLabels" -}}
+{{ include "objecten.commonLabels" . }}
+{{ include "objecten.configSelectorLabels" . }}
+{{- end }}
+
+{{/*
+config selector labels
+*/}}
+{{- define "objecten.configSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "objecten.configName" . }}
+{{- end }}
+
 {{/*
 Ingress annotations
 */}}

charts/objecten/templates/configmap.yaml

@@ -71,4 +71,30 @@ data:
   {{- end }}
   {{- if .Values.settings.notificationsDisabled }}
   NOTIFICATIONS_DISABLED: "True"
-  {{- end }}
+  {{- end }}
+  {{- if .Values.settings.notificationsDisabled }}
+  NOTIFICATIONS_DISABLED: "True"
+  {{- end }}
+  {{ if .Values.settings.disable2fa }}
+  DISABLE_2FA: "True"
+  {{- end }}
+  {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
+  SITES_CONFIG_ENABLE: {{ if .Values.configuration.sites.enabled }}"True"{{ else }}"False"{{ end }}
+  {{- if .Values.configuration.sites.enabled }}
+  OBJECTS_DOMAIN: {{ .Values.configuration.sites.domain | toString | quote }}
+  OBJECTS_ORGANIZATION: {{ .Values.global.configuration.organization | default .Values.configuration.sites.organization | toString | quote }}
+  {{- end }}
+  OBJECTS_OBJECTTYPES_CONFIG_ENABLE: {{ if .Values.configuration.objectTypes.enabled }}"True"{{ else }}"False"{{ end }}
+  {{- if .Values.configuration.objectTypes.enabled }}
+  OBJECTTYPES_API_ROOT: {{ .Values.configuration.objectTypes.ApiRoot | toString | quote }}
+  {{- end }}
+  DEMO_CONFIG_ENABLE: {{ if .Values.configuration.demo.enabled }}"True"{{ else }}"False"{{ end }}
+  {{ if .Values.configuration.demo.enabled }}
+  DEMO_PERSON: {{ .Values.configuration.demo.person | toString | quote }}
+  DEMO_EMAIL: {{ .Values.configuration.demo.email | toString | quote }}
+  {{- end }}
+  {{- end }}
+  {{ if .Values.configuration.superuser.username }}
+  OBJECTS_SUPERUSER_USERNAME: {{ .Values.configuration.superuser.username | toString | quote }}
+  OBJECTS_SUPERUSER_EMAIL: {{ .Values.configuration.superuser.email | toString | quote }}
+  {{- end }}

charts/objecten/templates/deployment.yaml

@@ -32,6 +32,38 @@ spec:
       serviceAccountName: {{ include "objecten.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if and .Values.global.configuration.enabled .Values.configuration.enabled .Values.configuration.initContainer.enabled }}
+      initContainers:
+        - name: {{ .Chart.Name }}-config
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 16 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.existingSecret | default (include "objecten.fullname" .) }}
+            - configMapRef:
+                name: {{ include "objecten.fullname" . }}
+          env:
+            {{- if .Values.extraEnvVars }}
+            {{- include "objecten.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 16 }}
+            {{- end }}
+          command:
+            - "/bin/bash"
+            - "-c"
+          args:
+          - |
+            /wait_for_db.sh
+            /app/src/manage.py migrate
+            /app/src/manage.py setup_configuration --no-selftest {{- if or .Values.global.configuration.overwrite .Values.configuration.overwrite }} --overwrite{{- end }}
+          volumeMounts:
+            - name: media
+              mountPath: /app/media
+              subPath: {{ .Values.persistence.mediaMountSubpath  | default "objecten/media" }}
+            {{- if .Values.extraVolumeMounts }}
+            {{- include "objecten.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }}
+            {{- end }}
+        {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:

charts/objecten/templates/job-config.yaml

@@ -0,0 +1,89 @@
+{{ if and .Values.global.configuration.enabled .Values.configuration.enabled .Values.configuration.job.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "objecten.configName" . }}
+  labels:
+    {{- include "objecten.configLabels" . | nindent 4 }}
+spec:
+  backoffLimit: {{ .Values.configuration.job.backoffLimit }}
+  ttlSecondsAfterFinished: {{ .Values.configuration.job.ttlSecondsAfterFinished }}
+  template:
+    metadata:
+      annotations:
+      {{- with .Values.podAnnotations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "objecten.configLabels" . | nindent 8 }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "objecten.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      restartPolicy: {{ .Values.configuration.job.restartPolicy }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.existingSecret | default (include "objecten.fullname" .) }}
+            - configMapRef:
+                name: {{ include "objecten.fullname" . }}
+          env:
+            {{- if .Values.extraEnvVars }}
+            {{- include "objecten.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          resources:
+          {{- toYaml .Values.configuration.job.resources | nindent 12 }}
+          command:
+            - "/bin/bash"
+            - "-c"
+          args:
+            - |
+              /wait_for_db.sh
+              /app/src/manage.py migrate
+              /app/src/manage.py setup_configuration --no-selftest {{- if or .Values.global.configuration.overwrite .Values.configuration.overwrite }} --overwrite{{- end }}
+          volumeMounts:
+            - name: media
+              mountPath: /app/private-media
+              subPath: {{ .Values.persistence.privateMediaMountSubpath | default "objecten/private_media" }}
+            - name: media
+              mountPath: /app/media
+              subPath: {{ .Values.persistence.mediaMountSubpath  | default "objecten/media" }}
+            {{- if .Values.extraVolumeMounts }}
+            {{- include "objecten.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 16 }}
+            {{- end }}
+      volumes:
+        - name: media
+          persistentVolumeClaim:
+          {{- if .Values.persistence.enabled }}
+            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "objecten.fullname" . }}{{- end }}
+          {{- else }}
+          emptyDir: { }
+          {{- end }}
+        {{- if .Values.extraVolumes }}
+        {{- include "objecten.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 12 }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}

charts/objecten/templates/secret.yaml

@@ -18,4 +18,15 @@ stringData:
   ELASTIC_APM_SERVER_URL: {{ .Values.settings.elasticapm.url | toString |  quote }}
   ELASTIC_APM_SECRET_TOKEN: {{ .Values.settings.elasticapm.token | toString |  quote }}
   {{- end }}
+  {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
+  {{ if .Values.configuration.objectTypes.enabled }}
+  OBJECTS_OBJECTTYPES_TOKEN: {{ .Values.configuration.objectTypes | toString | quote }}
+  {{- end }}
+  {{ if .Values.configuration.demo.enabled }}
+  DEMO_TOKEN: {{ .Values.configuration.demo.token | toString | quote }}
+  {{- end }}
+  {{- end }}
+  {{ if .Values.configuration.superuser.username }}
+  OBJECTS_SUPERUSER_PASSWORD: {{ .Values.configuration.superuser.password | toString | quote }}
+  {{- end }}  
 {{- end }}

charts/objecten/values.yaml

@@ -1,8 +1,54 @@
 global:
+  configuration:
+    enabled: false
+    overwrite: true
+    organization: Gemeente Example
+
   settings:
     # -- Global databasehost, overrides setting.database.host
     databaseHost: ""
 
+configuration:
+  enabled: false
+  overwrite: true
+  sites:
+    enabled: false
+    domain: ""
+    organization: ""
+  objectTypes:
+    enable: false
+    ApiRoot: ""
+    token: ""
+  demo:
+    enable: false
+    token:
+    person:
+    email: 
+
+  superuser:
+    username: ""
+    password: ""
+    email: ""
+  initContainer:
+    # -- Run the setup configuration command in a init container
+    enabled: true
+  job:
+    # -- Run the setup configuration command as a job
+    enabled: true
+    backoffLimit: 6
+    # -- 0 Will clean the job after it is finished
+    ttlSecondsAfterFinished: 0    
+    restartPolicy: OnFailure
+    # Note, this field is immutable
+    resources: {}
+
+      # limits:
+      #   cpu: 200m
+      #   memory: 256Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+
 tags:
   redis: true