Merge pull request #155 from maykinmedia/feature/1.6.0-beta.2-openforms

1.6.0-beta.2 openforms setup configuration beta testing
maykinmedia · Dec 13, 2024 · 73cbc44 · 73cbc44
2 parents edfa7a5 + 40e68ff
commit 73cbc44
Show file tree

Hide file tree

Showing 7 changed files with 218 additions and 36 deletions.
diff --git a/charts/openforms/Chart.yaml b/charts/openforms/Chart.yaml
@@ -3,8 +3,8 @@ name: openforms
 description: Snel en eenvoudig slimme formulieren bouwen en publiceren
 
 type: application
-version: 1.6.0-beta.1
-appVersion: setup-configuration
+version: 1.6.0-beta.2
+appVersion: latest
 icon: https://open-forms.readthedocs.io/en/stable/_static/logo.svg
 
 dependencies:

diff --git a/charts/openforms/templates/_helpers.tpl b/charts/openforms/templates/_helpers.tpl
@@ -191,6 +191,37 @@ Flower selector labels
 app.kubernetes.io/name: {{ include "openforms.flowerFullname" . }}
 {{- end }}
 
+{{/*
+Create a name for Config cronjob
+We truncate at 56 chars in order to provide space for the "-config" suffix
+*/}}
+{{- define "openforms.configName" -}}
+{{ include "openforms.name" . | trunc 56 | trimSuffix "-" }}-config
+{{- end }}
+
+{{/*
+Create a default fully qualified name for config.
+We truncate at 56 chars in order to provide space for the "-config" suffix
+*/}}
+{{- define "openforms.configFullname" -}}
+{{ include "openforms.fullname" . | trunc 56 | trimSuffix "-" }}-config
+{{- end }}
+
+{{/*
+config labels
+*/}}
+{{- define "openforms.configLabels" -}}
+{{ include "openforms.commonLabels" . }}
+{{ include "openforms.configSelectorLabels" . }}
+{{- end }}
+
+{{/*
+config selector labels
+*/}}
+{{- define "openforms.configSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "openforms.configName" . }}
+{{- end }}
+
 {{/*
 Ingress annotations
 */}}

diff --git a/charts/openforms/templates/configuration-secrets.yaml b/charts/openforms/templates/configuration-secrets.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.global.configuration.enabled .Values.configuration.enabled}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "openforms.fullname" . }}-config-secrets
+  labels:
+    {{- include "openforms.labels" . | nindent 4 }}
+stringData:
+  {{- if .Values.global.configuration.secrets }}
+  {{- include "openforms.tplvalues.render" ( dict "value" .Values.global.configuration.secrets "context" $ ) | nindent 4 }}
+  {{ else }}
+  {{- include "openforms.tplvalues.render" ( dict "value" .Values.configuration.secrets "context" $ ) | nindent 4 }}
+  {{- end }}
+{{- end }}  
diff --git a/charts/openforms/templates/deployment.yaml b/charts/openforms/templates/deployment.yaml
@@ -42,6 +42,8 @@ spec:
           envFrom:
             - secretRef:
                 name: {{ .Values.existingSecret | default (include "openforms.fullname" .) }}
+            - secretRef:
+                name: {{ include "openforms.fullname" . }}-config-secrets                
             - configMapRef:
                 name: {{ include "openforms.fullname" . }}
           env:

diff --git a/charts/openforms/templates/job-config.yaml b/charts/openforms/templates/job-config.yaml
@@ -0,0 +1,97 @@
+{{ if and .Values.global.configuration.enabled .Values.configuration.enabled .Values.configuration.job.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "openforms.configName" . }}
+  labels:
+    {{- include "openforms.configLabels" . | nindent 4 }}
+spec:
+  backoffLimit: {{ .Values.configuration.job.backoffLimit }}
+  ttlSecondsAfterFinished: {{ .Values.configuration.job.ttlSecondsAfterFinished }}
+  template:
+    metadata:
+      annotations:
+      {{- with .Values.podAnnotations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "openforms.configLabels" . | nindent 8 }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "openforms.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      restartPolicy: {{ .Values.configuration.job.restartPolicy }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.existingSecret | default (include "openforms.fullname" .) }}
+            - secretRef:
+                name: {{ include "openforms.fullname" . }}-config-secrets                
+            - configMapRef:
+                name: {{ include "openforms.fullname" . }}
+          env:
+            {{- if .Values.extraEnvVars }}
+            {{- include "openforms.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          resources:
+          {{- toYaml .Values.configuration.job.resources | nindent 12 }}
+          command:
+            - "/bin/bash"
+            - "-c"
+          args:
+          - |
+            /usr/bin/envsubst < /app/configuration/configuration.yaml > /tmp/configuration.yaml &&
+            /app/src/manage.py setup_configuration --yaml-file /tmp/configuration.yaml
+          volumeMounts:
+            - name: media
+              mountPath: /app/private_media
+              subPath: {{ .Values.persistence.privateMediaMountSubpath | default "openforms/private_media" }}
+            - name: media
+              mountPath: /app/media
+              subPath: {{ .Values.persistence.mediaMountSubpath  | default "openforms/media" }}
+            - name: configuration
+              mountPath: /app/configuration/
+              readOnly: true
+            {{- if .Values.extraVolumeMounts }}
+            {{- include "openforms.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 16 }}
+            {{- end }}
+      volumes:
+        - name: media
+          persistentVolumeClaim:
+          {{- if .Values.persistence.enabled }}
+            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "openforms.fullname" . }}{{- end }}
+          {{- else }}
+          emptyDir: { }
+          {{- end }}
+        - name: configuration
+          configMap:
+            name: {{ include "openforms.fullname" . }}-configuration
+            defaultMode: 0755          
+        {{- if .Values.extraVolumes }}
+        {{- include "openforms.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 12 }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
diff --git a/charts/openforms/templates/secret.yaml b/charts/openforms/templates/secret.yaml
@@ -19,7 +19,4 @@ stringData:
   {{- if .Values.settings.email.password }}
   EMAIL_HOST_PASSWORD: {{ .Values.settings.email.password | toString | quote }}
   {{- end }}
-  {{ range .Values.extraSecrets }} 
-  {{ .name }}: {{ .value | toString | quote }}
-  {{ end }}  
 {{- end }}
diff --git a/charts/openforms/values.yaml b/charts/openforms/values.yaml
@@ -1,65 +1,106 @@
 global:
   configuration:
-    enable: true
-
+    enabled: false
+    secrets: {}
 
   settings:
     # -- Global databasehost, overrides setting.database.host
     databaseHost: ""
 
-# extraSecrets Array with extra secrets
-# e.g:
-# extraSecrets:
-  # - name: objecttypen-test-token
-  #   value: Token 171be5abaf41e7856b423ad513df1ef8f867ff48
-  # - name: objecten-test-token
-  #   value: Token 7657474c3d75f56ae0abd0d1bf7994b09964dca9
-  # - name: documenten-test-secret
-  #   value: doc-supersecret
-  # - name: catalogi-test-secret
-  #   value: cat-supersecret
-
-extraSecrets: []
-
 configuration:
-  enable: false
-  # data: {}
+  enabled: false
+  initContainer:
+    # -- Run the setup configuration command in a init container
+    enabled: false
+  job:
+    # -- Run the setup configuration command as a job
+    enabled: true
+    backoffLimit: 6
+    # -- 0 Will clean the job after it is finished
+    ttlSecondsAfterFinished: 0    
+    restartPolicy: OnFailure
+    # Note, this field is immutable
+    resources: {}
+      # limits:
+      #   cpu: 200m
+      #   memory: 256Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+  secrets: {}
+    # objecttypen_test_token: Token 171be5abaf41e7856b423ad513df1ef8f867ff48
+    # objecten_test_token: Token 171be5abaf41e7856b423ad513df1ef8f867ff48
+    # documenten_test_secret: documenten_supersecret
+    # catalogi_test_secret: catalogi_supersecret
+  # data: ""
   # e.g.
   # data: |-
+  #   oidc_db_config_enable: False
+  #   oidc_db_config_admin_auth:
+  #     items:
+  #     - identifier: admin-oidc
+  #       enabled: True
+  #       oidc_rp_client_id: testid
+  #       oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I
+  #       oidc_rp_scopes_list:
+  #       - openid
+  #       - email
+  #       - profile
+  #       oidc_rp_sign_algo: RS256
+  #       endpoint_config:
+  #         oidc_op_discovery_endpoint: http://keycloak.example.com:/realms/test/
+  #       username_claim:
+  #       - sub
+  #       groups_claim:
+  #       - roles
+  #       claim_mapping:
+  #         first_name:
+  #         - given_name
+  #       sync_groups: true
+  #       sync_groups_glob_pattern: "*"
+  #       default_groups:
+  #       - Functioneel beheer
+  #       make_users_staff: true
+  #       superuser_group_names:
+  #       - superuser
+  #       oidc_use_nonce: true
+  #       oidc_nonce_size: 32
+  #       oidc_state_size: 32
+  #       userinfo_claims_source: id_token
   #   zgw_consumers_config_enable: True
   #   zgw_consumers:
   #     services:
   #     - identifier: objecttypen-test
   #       label: Objecttypen API test
-  #       api_root: http://objecttypes-web:8000/api/v2/
+  #       api_root: http://objecttypes.example.com/api/v2/
   #       api_type: orc
   #       auth_type: api_key
   #       header_key: Authorization
-  #       header_value: '${objecttypen-test-token}'
+  #       header_value: '${objecttypen_test_token}'
 
   #     - identifier: objecten-test
   #       label: Objecten API test
-  #       api_root: http://objects-web:8000/api/v2/
+  #       api_root: http://objects.example.com/api/v2/
   #       api_type: orc
   #       auth_type: api_key
   #       header_key: Authorization
-  #       header_value: '${objecten-test-token}'
+  #       header_value: '${objecten_test_token}'
 
   #     - identifier: documenten-test
   #       label: Documenten API test
-  #       api_root: http://openzaak-web.local:8000/documenten/api/v1/
+  #       api_root: http://openzaak-web.example.com/documenten/api/v1/
   #       api_type: drc
   #       auth_type: zgw
   #       client_id: test_client_id
-  #       secret: '${documenten-test-secret}'
+  #       secret: '${documenten_test_secret}'
 
   #     - identifier: catalogi-test
   #       label: Catalogi API test
-  #       api_root: http://openzaak-web.local:8000/catalogi/api/v1/
+  #       api_root: http://openzaak-web.example.com/catalogi/api/v1/
   #       api_type: ztc
   #       auth_type: zgw
   #       client_id: test_client_id
-  #       secret: '${catalogi-test-secret}'
+  #       secret: '${catalogi_test_secret}'
 
   #   objects_api_config_enable: True
   #   objects_api:
@@ -68,19 +109,19 @@ configuration:
   #       identifier: config-1
   #       objects_service_identifier: objecten-test
   #       objecttypes_service_identifier: objecttypen-test
-  #       drc_service_identifier: documenten-test
+  #       documenten_service_identifier: documenten-test
   #       catalogi_service_identifier: catalogi-test
   #       catalogue_domain: TEST
   #       catalogue_rsin: "000000000"
   #       organisatie_rsin: "000000000"
-  #       iot_submission_report: PDF Informatieobjecttype
-  #       iot_submission_csv: CSV Informatieobjecttype
-  #       iot_attachment: Attachment Informatieobjecttype
+  #       document_type_submission_report: PDF Informatieobjecttype
+  #       document_type_submission_csv: CSV Informatieobjecttype
+  #       document_type_attachment: Attachment Informatieobjecttype
   #     - name: Config 2
   #       identifier: config-2
   #       objects_service_identifier: objecten-test
   #       objecttypes_service_identifier: objecttypen-test
-  #       drc_service_identifier: documenten-test
+  #       documenten_service_identifier: documenten-test
   #       catalogi_service_identifier: catalogi-test
   #       catalogue_domain: OTHER
   #       catalogue_rsin: "000000000"