Merge pull request #109 from maykinmedia/feature/open-archiefbeheer

[WIP] Update chart to work with new app version
maykinmedia · Jul 8, 2024 · 05510a9 · 05510a9
2 parents b003906 + a3a5971
commit 05510a9
Show file tree

Hide file tree

Showing 8 changed files with 208 additions and 225 deletions.
diff --git a/charts/openarchiefbeheer/Chart.yaml b/charts/openarchiefbeheer/Chart.yaml
@@ -3,8 +3,8 @@ name: openarchiefbeheer
 description: Opstellen, beheren en uitvoeren van vernietigingslijsten, voor gebruik met Zaakgericht werken
 
 type: application
-version: 0.9.8
-appVersion: 1.1.5
+version: 1.0.0
+appVersion: 0.1.0
 
 dependencies:
   - name: redis

diff --git a/charts/openarchiefbeheer/templates/_helpers.tpl b/charts/openarchiefbeheer/templates/_helpers.tpl
@@ -181,4 +181,35 @@ Usage:
     {{- else }}
         {{- tpl (.value | toYaml) .context }}
     {{- end }}
-{{- end -}}
+{{- end -}}
+
+{{/*
+Create a name for the celery beat
+We truncate at 56 chars in order to provide space for the "-beat" suffix
+*/}}
+{{- define "openarchiefbeheer.beatName" -}}
+{{ include "openarchiefbeheer.name" . | trunc 56 | trimSuffix "-" }}-beat
+{{- end }}
+
+{{/*
+Create a default fully qualified name for celery beat.
+We truncate at 56 chars in order to provide space for the "-worker" suffix
+*/}}
+{{- define "openarchiefbeheer.beatFullname" -}}
+{{ include "openarchiefbeheer.fullname" . | trunc 56 | trimSuffix "-" }}-beat
+{{- end }}
+
+{{/*
+Beat labels
+*/}}
+{{- define "openarchiefbeheer.beatLabels" -}}
+{{ include "openarchiefbeheer.commonLabels" . }}
+{{ include "openarchiefbeheer.beatSelectorLabels" . }}
+{{- end }}
+
+{{/*
+Beat selector labels
+*/}}
+{{- define "openarchiefbeheer.beatSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "openarchiefbeheer.beatFullname" . }}
+{{- end }}
diff --git a/charts/openarchiefbeheer/templates/configmap-nginx.yaml b/charts/openarchiefbeheer/templates/configmap-nginx.yaml
@@ -4,80 +4,33 @@ kind: ConfigMap
 metadata:
   name: {{ include "openarchiefbeheer.nginxFullname" . }}
   labels:
-  {{- include "openarchiefbeheer.nginxLabels" . | nindent 4 }}
+    {{- include "openarchiefbeheer.nginxLabels" . | nindent 4 }}
 data:
-  proxy: |
-    proxy_pass_header Server;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Scheme $scheme;
-    proxy_connect_timeout 300s;
-    proxy_read_timeout 300s;
-    {{- if .Values.settings.useXForwardedHost }}
-    proxy_set_header X-Forwarded-Host $http_host;
-    {{ else }}
-    proxy_set_header Host $http_host;
-    {{- end }}
-
-    proxy_redirect off;
-    proxy_pass_request_headers on;
-    proxy_pass http://{{ include "openarchiefbeheer.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }};
-    proxy_http_version 1.1;  # required if you're using istio, otherwise you get HTTP 426 errors
-
   default.conf: |
     server {
-      listen       8080 default_server;
-      server_name {{ .Values.settings.allowedHosts  | replace "," " "}} localhost;
-      server_tokens off;
-
-      gzip on;
-      gzip_http_version 1.0;
-      gzip_comp_level 2;
-      gzip_min_length 1100;
-      gzip_buffers 4 8k;
-      gzip_proxied any;
-      gzip_types
-        # text/html is always compressed by HttpGzipModule
-        text/css
-        text/javascript
-        text/xml
-        text/plain
-        text/x-component
-        application/javascript
-        application/json
-        application/xml
-        application/rss+xml
-        font/truetypenginc
-        font/opentype
-        application/vnd.ms-fontobject
-        image/svg+xml;
-      gzip_static on;
-      gzip_proxied  expired no-cache no-store private auth;
-      gzip_disable "MSIE [1-6]\.";
-      gzip_vary on;
-
-      add_header Feature-Policy "autoplay 'none'; camera 'none'" always;
-      add_header Referrer-Policy "same-origin";
-      add_header X-Content-Type-Options "nosniff";
-      add_header X-XSS-Protection "1; mode=block";
-
-      location / {
-          include conf.d/proxy;
+      listen 9000 default_server;
+      server_name  {{ .Values.settings.allowedHosts  | replace "," " "}} localhost;
+
+      location ~ ^/admin|static|assets|api/ {
+        proxy_pass http://{{ include "openarchiefbeheer.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }};
+        proxy_pass_header Server;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_connect_timeout 300s;
+        proxy_read_timeout 300s;
+        proxy_redirect off;
+        proxy_pass_request_headers on;
+        proxy_http_version 1.1;
+        proxy_set_header Host $http_host;
       }
 
       location /_health/ {
-          access_log off;
+          access_log /var/log/nginx/access.log;
           error_log /var/log/nginx/error.log error;
           return 200 'OK';
       }
 
-      location /private-media/ {
-          internal;
-          alias /app/private-media/;
+      location / {
+          try_files $uri $uri/ /static/frontend/index.html;
       }
-
-      error_page  404              /404.html;
-      error_page  413              /413.json;
-      error_page  500 502 503 504  /500.json;
     }
 {{- end }}
diff --git a/charts/openarchiefbeheer/templates/configmap.yaml b/charts/openarchiefbeheer/templates/configmap.yaml
@@ -11,6 +11,9 @@ data:
   {{- end }}  
   ENVIRONMENT: {{ .Values.settings.environment | default (include "openarchiefbeheer.fullname" .) }}
   ALLOWED_HOSTS: "{{ include "openarchiefbeheer.fullname" . }},{{ include "openarchiefbeheer.fullname" . }}.{{ .Release.Namespace }},{{ .Values.settings.allowedHosts | replace " " "" | toString }}"
+  REACT_APP_API_URL: {{ .Values.settings.react.apiUrl | toString | quote }}
+  REACT_APP_API_PATH: {{ .Values.settings.react.apiPath | toString | quote }}
+  REACT_APP_ZAAK_URL_TEMPLATE: {{ .Values.settings.react.zaakUrlTemplate | toString | quote }}
   {{- if .Values.tags.redis }}
   CACHE_DEFAULT: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }}
   CACHE_AXES: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }}
@@ -41,18 +44,62 @@ data:
   {{- if .Values.settings.email.defaultFrom }}
   DEFAULT_FROM_EMAIL: {{ .Values.settings.email.defaultFrom | toString | quote }}
   {{- end }}
-  {{- if .Values.settings.uwsgi.master }}
-  UWSGI_MASTER:  {{ if .Values.settings.uwsgi.master }}"1"{{ else }}"0"{{ end }}
+  {{- if .Values.settings.cookie.sessionCookieSamesite }}
+  SESSION_COOKIE_SAMESITE: "{{ .Values.settings.cookie.sessionCookieSamesite }}"
   {{- end }}
-  {{- if .Values.settings.uwsgi.threads }}
-  UWSGI_THREADS: {{ .Values.settings.uwsgi.threads  | toString | quote }}
+    {{- if .Values.settings.cookie.sessionCookieSecure }}
+  SESSION_COOKIE_SECURE: "{{ .Values.settings.cookie.sessionCookieSecure }}"
   {{- end }}
-  {{- if .Values.settings.uwsgi.processes }}
-  UWSGI_PROCESSES: {{ .Values.settings.uwsgi.processes | toString | quote }}
+    {{- if .Values.settings.cookie.csrfCookieSamesite }}
+  CSRF_COOKIE_SAMESITE: "{{ .Values.settings.cookie.csrfCookieSamesite }}"
   {{- end }}
-  {{- if .Values.settings.uwsgi.maxRequests }}
-  UWSGI_MAX_REQUESTS: {{ .Values.settings.uwsgi.maxRequests | toString | quote }}
+    {{- if .Values.settings.cookie.csrfCookieSecure }}
+  CSRF_COOKIE_SECURE: "{{ .Values.settings.cookie.csrfCookieSecure }}"
   {{- end }}
-  {{- if .Values.settings.uwsgi.harakiri }}
-  UWSGI_HARAKIRI: {{ .Values.settings.uwsgi.harakiri | toString | quote }}
+    {{- if .Values.settings.enableAdminNavSidebar }}
+  ENABLE_ADMIN_NAV_SIDEBAR: "{{ .Values.settings.enableAdminNavSidebar }}"
   {{- end }}
+    {{- if .Values.settings.twoFactorAuthentication.forceOtpAdmin }}
+  TWO_FACTOR_FORCE_OTP_ADMIN: "{{ .Values.settings.twoFactorAuthentication.forceOtpAdmin }}"
+  {{- end }}
+    {{- if .Values.settings.twoFactorAuthentication.patchAdmin }}
+  TWO_FACTOR_PATCH_ADMIN: "{{ .Values.settings.twoFactorAuthentication.patchAdmin }}"
+  {{- end }}
+    {{- if .Values.settings.subpath }}
+  SUBPATH: "{{ .Values.settings.subpath }}"
+  {{- end }}
+    {{- if .Values.settings.throttling.enable }}
+  ENABLE_THROTTLING: "{{ .Values.settings.throttling.enable }}"
+  {{- end }}
+    {{- if .Values.settings.throttling.rateAnonymous }}
+  THROTTLE_RATE_ANON: "{{ .Values.settings.throttling.rateAnonymous }}"
+  {{- end }}
+    {{- if .Values.settings.throttling.rateUser }}
+  THROTTLE_RATE_USER: "{{ .Values.settings.throttling.rateUser }}"
+  {{- end }}
+    {{- if .Values.settings.cors.allowedOrigins }}
+  CORS_ALLOWED_ORIGINS: "{{ .Values.settings.cors.allowedOrigins }}"
+  {{- end }}
+    {{- if .Values.settings.cors.allowedOriginsRegexes }}
+  CORS_ALLOWED_ORIGIN_REGEXES: "{{ .Values.settings.cors.allowedOriginsRegexes }}"
+  {{- end }}
+    {{- if .Values.settings.cors.allowAllOrigins }}
+  CORS_ALLOW_ALL_ORIGINS: "{{ .Values.settings.cors.allowAllOrigins }}"
+  {{- end }}
+    {{- if .Values.settings.cors.extraAllowHeaders }}
+  CORS_EXTRA_ALLOW_HEADERS: "{{ .Values.settings.cors.extraAllowHeaders }}"
+  {{- end }}
+    {{- if .Values.settings.csrf.trustedOrigins }}
+  CSRF_TRUSTED_ORIGINS: "{{ .Values.settings.csrf.trustedOrigins }}"
+  {{- end }}
+  {{- if .Values.tags.redis }}
+  CACHE_DEFAULT: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }}
+  CACHE_AXES: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }}
+  {{- else }}
+  CACHE_DEFAULT: {{ .Values.settings.cache.default | toString | quote }}
+  CACHE_AXES: {{ .Values.settings.cache.axes | toString | quote }}
+  {{- end }}
+  {{- if .Values.settings.requestsReadTimeout }}
+  REQUESTS_READ_TIMEOUT: {{ .Values.settings.requestsReadTimeout | toString | quote }}
+  {{- end }}
+