From 0722116bea9eedaf023d438ad002b1aee62aa574 Mon Sep 17 00:00:00 2001 From: Sjoerd Schipper Date: Fri, 15 Nov 2024 16:12:00 +0100 Subject: [PATCH] :bookmark: objecten release 2.5.0 support setup configuration --- charts/objecten/Chart.yaml | 2 +- charts/objecten/README.md | 27 ++++++- charts/objecten/templates/_helpers.tpl | 31 ++++++++ charts/objecten/templates/configmap.yaml | 28 ++++++- charts/objecten/templates/deployment.yaml | 32 ++++++++ charts/objecten/templates/job-config.yaml | 89 +++++++++++++++++++++++ charts/objecten/templates/secret.yaml | 11 +++ charts/objecten/values.yaml | 46 ++++++++++++ 8 files changed, 263 insertions(+), 3 deletions(-) create mode 100644 charts/objecten/templates/job-config.yaml diff --git a/charts/objecten/Chart.yaml b/charts/objecten/Chart.yaml index 99ab571..aee402c 100644 --- a/charts/objecten/Chart.yaml +++ b/charts/objecten/Chart.yaml @@ -3,7 +3,7 @@ name: objecten description: API om objecten te beheren die behoren bij een bepaald objecttype type: application -version: 2.4.5 +version: 2.5.0 appVersion: 2.4.4 dependencies: diff --git a/charts/objecten/README.md b/charts/objecten/README.md index 2c4c528..16460f0 100644 --- a/charts/objecten/README.md +++ b/charts/objecten/README.md @@ -1,6 +1,6 @@ # objecten -![Version: 2.4.5](https://img.shields.io/badge/Version-2.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.4](https://img.shields.io/badge/AppVersion-2.4.4-informational?style=flat-square) +![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.4](https://img.shields.io/badge/AppVersion-2.4.4-informational?style=flat-square) API om objecten te beheren die behoren bij een bepaald objecttype @@ -31,6 +31,27 @@ helm install my-release my-repo/objecten | azureVaultSecret.objectName | string | `""` | | | azureVaultSecret.secretName | string | `"{{ .Values.existingSecret }}"` | | | azureVaultSecret.vaultName | string | `nil` | | +| configuration.demo.email | string | `nil` | | +| configuration.demo.enable | bool | `false` | | +| configuration.demo.person | string | `nil` | | +| configuration.demo.token | string | `nil` | | +| configuration.enabled | bool | `false` | | +| configuration.initContainer.enabled | bool | `true` | Run the setup configuration command in a init container | +| configuration.job.backoffLimit | int | `6` | | +| configuration.job.enabled | bool | `true` | Run the setup configuration command as a job | +| configuration.job.resources | object | `{}` | | +| configuration.job.restartPolicy | string | `"OnFailure"` | | +| configuration.job.ttlSecondsAfterFinished | int | `0` | 0 Will clean the job after it is finished | +| configuration.objectTypes.ApiRoot | string | `""` | | +| configuration.objectTypes.enable | bool | `false` | | +| configuration.objectTypes.token | string | `""` | | +| configuration.overwrite | bool | `true` | | +| configuration.sites.domain | string | `""` | | +| configuration.sites.enabled | bool | `false` | | +| configuration.sites.organization | string | `""` | | +| configuration.superuser.email | string | `""` | | +| configuration.superuser.password | string | `""` | | +| configuration.superuser.username | string | `""` | | | existingSecret | string | `nil` | | | extraEnvVars | list | `[]` | Array with extra environment variables to add | | extraIngress | list | `[]` | Specify extra ingresses, for example if you have multiple ingress classes | @@ -51,6 +72,9 @@ helm install my-release my-repo/objecten | flower.replicaCount | int | `1` | | | flower.resources | object | `{}` | | | fullnameOverride | string | `""` | | +| global.configuration.enabled | bool | `false` | | +| global.configuration.organization | string | `"Gemeente Example"` | | +| global.configuration.overwrite | bool | `true` | | | global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"maykinmedia/objects-api"` | | @@ -130,6 +154,7 @@ helm install my-release my-repo/objecten | settings.email.username | string | `""` | | | settings.environment | string | `""` | sets the 'ENVIRONMENT' variable | | settings.isHttps | bool | `true` | | +| settings.notificationsDisabled | bool | `false` | | | settings.secretKey | string | `""` | Generate secret key at https://djecrety.ir/ | | settings.sentry.dsn | string | `""` | | | settings.useXForwardedHost | bool | `false` | | diff --git a/charts/objecten/templates/_helpers.tpl b/charts/objecten/templates/_helpers.tpl index ce44f37..cbf7064 100644 --- a/charts/objecten/templates/_helpers.tpl +++ b/charts/objecten/templates/_helpers.tpl @@ -129,6 +129,37 @@ Create the name of the service account to use {{- end }} {{- end }} +{{/* +Create a name for Config cronjob +We truncate at 56 chars in order to provide space for the "-config" suffix +*/}} +{{- define "objecten.configName" -}} +{{ include "objecten.name" . | trunc 56 | trimSuffix "-" }}-config +{{- end }} + +{{/* +Create a default fully qualified name for config. +We truncate at 56 chars in order to provide space for the "-config" suffix +*/}} +{{- define "objecten.configFullname" -}} +{{ include "objecten.fullname" . | trunc 56 | trimSuffix "-" }}-config +{{- end }} + +{{/* +config labels +*/}} +{{- define "objecten.configLabels" -}} +{{ include "objecten.commonLabels" . }} +{{ include "objecten.configSelectorLabels" . }} +{{- end }} + +{{/* +config selector labels +*/}} +{{- define "objecten.configSelectorLabels" -}} +app.kubernetes.io/name: {{ include "objecten.configName" . }} +{{- end }} + {{/* Ingress annotations */}} diff --git a/charts/objecten/templates/configmap.yaml b/charts/objecten/templates/configmap.yaml index 3bb6a96..7e1b99f 100644 --- a/charts/objecten/templates/configmap.yaml +++ b/charts/objecten/templates/configmap.yaml @@ -71,4 +71,30 @@ data: {{- end }} {{- if .Values.settings.notificationsDisabled }} NOTIFICATIONS_DISABLED: "True" - {{- end }} \ No newline at end of file + {{- end }} + {{- if .Values.settings.notificationsDisabled }} + NOTIFICATIONS_DISABLED: "True" + {{- end }} + {{ if .Values.settings.disable2fa }} + DISABLE_2FA: "True" + {{- end }} + {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}} + SITES_CONFIG_ENABLE: {{ if .Values.configuration.sites.enabled }}"True"{{ else }}"False"{{ end }} + {{- if .Values.configuration.sites.enabled }} + OBJECTS_DOMAIN: {{ .Values.configuration.sites.domain | toString | quote }} + OBJECTS_ORGANIZATION: {{ .Values.global.configuration.organization | default .Values.configuration.sites.organization | toString | quote }} + {{- end }} + OBJECTS_OBJECTTYPES_CONFIG_ENABLE: {{ if .Values.configuration.objectTypes.enabled }}"True"{{ else }}"False"{{ end }} + {{- if .Values.configuration.objectTypes.enabled }} + OBJECTTYPES_API_ROOT: {{ .Values.configuration.objectTypes.ApiRoot | toString | quote }} + {{- end }} + DEMO_CONFIG_ENABLE: {{ if .Values.configuration.demo.enabled }}"True"{{ else }}"False"{{ end }} + {{ if .Values.configuration.demo.enabled }} + DEMO_PERSON: {{ .Values.configuration.demo.person | toString | quote }} + DEMO_EMAIL: {{ .Values.configuration.demo.email | toString | quote }} + {{- end }} + {{- end }} + {{ if .Values.configuration.superuser.username }} + OBJECTS_SUPERUSER_USERNAME: {{ .Values.configuration.superuser.username | toString | quote }} + OBJECTS_SUPERUSER_EMAIL: {{ .Values.configuration.superuser.email | toString | quote }} + {{- end }} diff --git a/charts/objecten/templates/deployment.yaml b/charts/objecten/templates/deployment.yaml index 5012e31..866423f 100644 --- a/charts/objecten/templates/deployment.yaml +++ b/charts/objecten/templates/deployment.yaml @@ -32,6 +32,38 @@ spec: serviceAccountName: {{ include "objecten.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if and .Values.global.configuration.enabled .Values.configuration.enabled .Values.configuration.initContainer.enabled }} + initContainers: + - name: {{ .Chart.Name }}-config + securityContext: + {{- toYaml .Values.securityContext | nindent 16 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - secretRef: + name: {{ .Values.existingSecret | default (include "objecten.fullname" .) }} + - configMapRef: + name: {{ include "objecten.fullname" . }} + env: + {{- if .Values.extraEnvVars }} + {{- include "objecten.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 16 }} + {{- end }} + command: + - "/bin/bash" + - "-c" + args: + - | + /wait_for_db.sh + /app/src/manage.py migrate + /app/src/manage.py setup_configuration --no-selftest {{- if or .Values.global.configuration.overwrite .Values.configuration.overwrite }} --overwrite{{- end }} + volumeMounts: + - name: media + mountPath: /app/media + subPath: {{ .Values.persistence.mediaMountSubpath | default "objecten/media" }} + {{- if .Values.extraVolumeMounts }} + {{- include "objecten.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: diff --git a/charts/objecten/templates/job-config.yaml b/charts/objecten/templates/job-config.yaml new file mode 100644 index 0000000..9466ea3 --- /dev/null +++ b/charts/objecten/templates/job-config.yaml @@ -0,0 +1,89 @@ +{{ if and .Values.global.configuration.enabled .Values.configuration.enabled .Values.configuration.job.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "objecten.configName" . }} + labels: + {{- include "objecten.configLabels" . | nindent 4 }} +spec: + backoffLimit: {{ .Values.configuration.job.backoffLimit }} + ttlSecondsAfterFinished: {{ .Values.configuration.job.ttlSecondsAfterFinished }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "objecten.configLabels" . | nindent 8 }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "objecten.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + restartPolicy: {{ .Values.configuration.job.restartPolicy }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - secretRef: + name: {{ .Values.existingSecret | default (include "objecten.fullname" .) }} + - configMapRef: + name: {{ include "objecten.fullname" . }} + env: + {{- if .Values.extraEnvVars }} + {{- include "objecten.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.configuration.job.resources | nindent 12 }} + command: + - "/bin/bash" + - "-c" + args: + - | + /wait_for_db.sh + /app/src/manage.py migrate + /app/src/manage.py setup_configuration --no-selftest {{- if or .Values.global.configuration.overwrite .Values.configuration.overwrite }} --overwrite{{- end }} + volumeMounts: + - name: media + mountPath: /app/private-media + subPath: {{ .Values.persistence.privateMediaMountSubpath | default "objecten/private_media" }} + - name: media + mountPath: /app/media + subPath: {{ .Values.persistence.mediaMountSubpath | default "objecten/media" }} + {{- if .Values.extraVolumeMounts }} + {{- include "objecten.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 16 }} + {{- end }} + volumes: + - name: media + persistentVolumeClaim: + {{- if .Values.persistence.enabled }} + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "objecten.fullname" . }}{{- end }} + {{- else }} + emptyDir: { } + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "objecten.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 12 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/objecten/templates/secret.yaml b/charts/objecten/templates/secret.yaml index a289651..4b8a0a9 100644 --- a/charts/objecten/templates/secret.yaml +++ b/charts/objecten/templates/secret.yaml @@ -18,4 +18,15 @@ stringData: ELASTIC_APM_SERVER_URL: {{ .Values.settings.elasticapm.url | toString | quote }} ELASTIC_APM_SECRET_TOKEN: {{ .Values.settings.elasticapm.token | toString | quote }} {{- end }} + {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}} + {{ if .Values.configuration.objectTypes.enabled }} + OBJECTS_OBJECTTYPES_TOKEN: {{ .Values.configuration.objectTypes | toString | quote }} + {{- end }} + {{ if .Values.configuration.demo.enabled }} + DEMO_TOKEN: {{ .Values.configuration.demo.token | toString | quote }} + {{- end }} + {{- end }} + {{ if .Values.configuration.superuser.username }} + OBJECTS_SUPERUSER_PASSWORD: {{ .Values.configuration.superuser.password | toString | quote }} + {{- end }} {{- end }} diff --git a/charts/objecten/values.yaml b/charts/objecten/values.yaml index 84736db..7fa08a4 100644 --- a/charts/objecten/values.yaml +++ b/charts/objecten/values.yaml @@ -1,8 +1,54 @@ global: + configuration: + enabled: false + overwrite: true + organization: Gemeente Example + settings: # -- Global databasehost, overrides setting.database.host databaseHost: "" +configuration: + enabled: false + overwrite: true + sites: + enabled: false + domain: "" + organization: "" + objectTypes: + enable: false + ApiRoot: "" + token: "" + demo: + enable: false + token: + person: + email: + + superuser: + username: "" + password: "" + email: "" + initContainer: + # -- Run the setup configuration command in a init container + enabled: true + job: + # -- Run the setup configuration command as a job + enabled: true + backoffLimit: 6 + # -- 0 Will clean the job after it is finished + ttlSecondsAfterFinished: 0 + restartPolicy: OnFailure + # Note, this field is immutable + resources: {} + + # limits: + # cpu: 200m + # memory: 256Mi + # requests: + # cpu: 100m + # memory: 128Mi + tags: redis: true