diff --git a/charts/openarchiefbeheer/Chart.yaml b/charts/openarchiefbeheer/Chart.yaml index e564da7..89ad943 100644 --- a/charts/openarchiefbeheer/Chart.yaml +++ b/charts/openarchiefbeheer/Chart.yaml @@ -3,8 +3,8 @@ name: openarchiefbeheer description: Opstellen, beheren en uitvoeren van vernietigingslijsten, voor gebruik met Zaakgericht werken type: application -version: 0.9.8 -appVersion: 1.1.5 +version: 1.0.0 +appVersion: 0.1.0 dependencies: - name: redis diff --git a/charts/openarchiefbeheer/templates/_helpers.tpl b/charts/openarchiefbeheer/templates/_helpers.tpl index 26f6ffa..e712da4 100644 --- a/charts/openarchiefbeheer/templates/_helpers.tpl +++ b/charts/openarchiefbeheer/templates/_helpers.tpl @@ -181,4 +181,35 @@ Usage: {{- else }} {{- tpl (.value | toYaml) .context }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Create a name for the celery beat +We truncate at 56 chars in order to provide space for the "-beat" suffix +*/}} +{{- define "openarchiefbeheer.beatName" -}} +{{ include "openarchiefbeheer.name" . | trunc 56 | trimSuffix "-" }}-beat +{{- end }} + +{{/* +Create a default fully qualified name for celery beat. +We truncate at 56 chars in order to provide space for the "-worker" suffix +*/}} +{{- define "openarchiefbeheer.beatFullname" -}} +{{ include "openarchiefbeheer.fullname" . | trunc 56 | trimSuffix "-" }}-beat +{{- end }} + +{{/* +Beat labels +*/}} +{{- define "openarchiefbeheer.beatLabels" -}} +{{ include "openarchiefbeheer.commonLabels" . }} +{{ include "openarchiefbeheer.beatSelectorLabels" . }} +{{- end }} + +{{/* +Beat selector labels +*/}} +{{- define "openarchiefbeheer.beatSelectorLabels" -}} +app.kubernetes.io/name: {{ include "openarchiefbeheer.beatFullname" . }} +{{- end }} \ No newline at end of file diff --git a/charts/openarchiefbeheer/templates/configmap-nginx.yaml b/charts/openarchiefbeheer/templates/configmap-nginx.yaml index 7c349cf..8eecf9b 100644 --- a/charts/openarchiefbeheer/templates/configmap-nginx.yaml +++ b/charts/openarchiefbeheer/templates/configmap-nginx.yaml @@ -4,80 +4,33 @@ kind: ConfigMap metadata: name: {{ include "openarchiefbeheer.nginxFullname" . }} labels: - {{- include "openarchiefbeheer.nginxLabels" . | nindent 4 }} + {{- include "openarchiefbeheer.nginxLabels" . | nindent 4 }} data: - proxy: | - proxy_pass_header Server; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Scheme $scheme; - proxy_connect_timeout 300s; - proxy_read_timeout 300s; - {{- if .Values.settings.useXForwardedHost }} - proxy_set_header X-Forwarded-Host $http_host; - {{ else }} - proxy_set_header Host $http_host; - {{- end }} - - proxy_redirect off; - proxy_pass_request_headers on; - proxy_pass http://{{ include "openarchiefbeheer.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}; - proxy_http_version 1.1; # required if you're using istio, otherwise you get HTTP 426 errors - default.conf: | server { - listen 8080 default_server; - server_name {{ .Values.settings.allowedHosts | replace "," " "}} localhost; - server_tokens off; - - gzip on; - gzip_http_version 1.0; - gzip_comp_level 2; - gzip_min_length 1100; - gzip_buffers 4 8k; - gzip_proxied any; - gzip_types - # text/html is always compressed by HttpGzipModule - text/css - text/javascript - text/xml - text/plain - text/x-component - application/javascript - application/json - application/xml - application/rss+xml - font/truetypenginc - font/opentype - application/vnd.ms-fontobject - image/svg+xml; - gzip_static on; - gzip_proxied expired no-cache no-store private auth; - gzip_disable "MSIE [1-6]\."; - gzip_vary on; - - add_header Feature-Policy "autoplay 'none'; camera 'none'" always; - add_header Referrer-Policy "same-origin"; - add_header X-Content-Type-Options "nosniff"; - add_header X-XSS-Protection "1; mode=block"; - - location / { - include conf.d/proxy; + listen 9000 default_server; + server_name {{ .Values.settings.allowedHosts | replace "," " "}} localhost; + + location ~ ^/admin|static|assets|api/ { + proxy_pass http://{{ include "openarchiefbeheer.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}; + proxy_pass_header Server; + proxy_set_header X-Real-IP $remote_addr; + proxy_connect_timeout 300s; + proxy_read_timeout 300s; + proxy_redirect off; + proxy_pass_request_headers on; + proxy_http_version 1.1; + proxy_set_header Host $http_host; } location /_health/ { - access_log off; + access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log error; return 200 'OK'; } - location /private-media/ { - internal; - alias /app/private-media/; + location / { + try_files $uri $uri/ /static/frontend/index.html; } - - error_page 404 /404.html; - error_page 413 /413.json; - error_page 500 502 503 504 /500.json; } {{- end }} \ No newline at end of file diff --git a/charts/openarchiefbeheer/templates/configmap.yaml b/charts/openarchiefbeheer/templates/configmap.yaml index 4251493..417895c 100644 --- a/charts/openarchiefbeheer/templates/configmap.yaml +++ b/charts/openarchiefbeheer/templates/configmap.yaml @@ -11,6 +11,9 @@ data: {{- end }} ENVIRONMENT: {{ .Values.settings.environment | default (include "openarchiefbeheer.fullname" .) }} ALLOWED_HOSTS: "{{ include "openarchiefbeheer.fullname" . }},{{ include "openarchiefbeheer.fullname" . }}.{{ .Release.Namespace }},{{ .Values.settings.allowedHosts | replace " " "" | toString }}" + REACT_APP_API_URL: {{ .Values.settings.react.apiUrl | toString | quote }} + REACT_APP_API_PATH: {{ .Values.settings.react.apiPath | toString | quote }} + REACT_APP_ZAAK_URL_TEMPLATE: {{ .Values.settings.react.zaakUrlTemplate | toString | quote }} {{- if .Values.tags.redis }} CACHE_DEFAULT: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }} CACHE_AXES: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }} @@ -41,18 +44,62 @@ data: {{- if .Values.settings.email.defaultFrom }} DEFAULT_FROM_EMAIL: {{ .Values.settings.email.defaultFrom | toString | quote }} {{- end }} - {{- if .Values.settings.uwsgi.master }} - UWSGI_MASTER: {{ if .Values.settings.uwsgi.master }}"1"{{ else }}"0"{{ end }} + {{- if .Values.settings.cookie.sessionCookieSamesite }} + SESSION_COOKIE_SAMESITE: "{{ .Values.settings.cookie.sessionCookieSamesite }}" {{- end }} - {{- if .Values.settings.uwsgi.threads }} - UWSGI_THREADS: {{ .Values.settings.uwsgi.threads | toString | quote }} + {{- if .Values.settings.cookie.sessionCookieSecure }} + SESSION_COOKIE_SECURE: "{{ .Values.settings.cookie.sessionCookieSecure }}" {{- end }} - {{- if .Values.settings.uwsgi.processes }} - UWSGI_PROCESSES: {{ .Values.settings.uwsgi.processes | toString | quote }} + {{- if .Values.settings.cookie.csrfCookieSamesite }} + CSRF_COOKIE_SAMESITE: "{{ .Values.settings.cookie.csrfCookieSamesite }}" {{- end }} - {{- if .Values.settings.uwsgi.maxRequests }} - UWSGI_MAX_REQUESTS: {{ .Values.settings.uwsgi.maxRequests | toString | quote }} + {{- if .Values.settings.cookie.csrfCookieSecure }} + CSRF_COOKIE_SECURE: "{{ .Values.settings.cookie.csrfCookieSecure }}" {{- end }} - {{- if .Values.settings.uwsgi.harakiri }} - UWSGI_HARAKIRI: {{ .Values.settings.uwsgi.harakiri | toString | quote }} + {{- if .Values.settings.enableAdminNavSidebar }} + ENABLE_ADMIN_NAV_SIDEBAR: "{{ .Values.settings.enableAdminNavSidebar }}" {{- end }} + {{- if .Values.settings.twoFactorAuthentication.forceOtpAdmin }} + TWO_FACTOR_FORCE_OTP_ADMIN: "{{ .Values.settings.twoFactorAuthentication.forceOtpAdmin }}" + {{- end }} + {{- if .Values.settings.twoFactorAuthentication.patchAdmin }} + TWO_FACTOR_PATCH_ADMIN: "{{ .Values.settings.twoFactorAuthentication.patchAdmin }}" + {{- end }} + {{- if .Values.settings.subpath }} + SUBPATH: "{{ .Values.settings.subpath }}" + {{- end }} + {{- if .Values.settings.throttling.enable }} + ENABLE_THROTTLING: "{{ .Values.settings.throttling.enable }}" + {{- end }} + {{- if .Values.settings.throttling.rateAnonymous }} + THROTTLE_RATE_ANON: "{{ .Values.settings.throttling.rateAnonymous }}" + {{- end }} + {{- if .Values.settings.throttling.rateUser }} + THROTTLE_RATE_USER: "{{ .Values.settings.throttling.rateUser }}" + {{- end }} + {{- if .Values.settings.cors.allowedOrigins }} + CORS_ALLOWED_ORIGINS: "{{ .Values.settings.cors.allowedOrigins }}" + {{- end }} + {{- if .Values.settings.cors.allowedOriginsRegexes }} + CORS_ALLOWED_ORIGIN_REGEXES: "{{ .Values.settings.cors.allowedOriginsRegexes }}" + {{- end }} + {{- if .Values.settings.cors.allowAllOrigins }} + CORS_ALLOW_ALL_ORIGINS: "{{ .Values.settings.cors.allowAllOrigins }}" + {{- end }} + {{- if .Values.settings.cors.extraAllowHeaders }} + CORS_EXTRA_ALLOW_HEADERS: "{{ .Values.settings.cors.extraAllowHeaders }}" + {{- end }} + {{- if .Values.settings.csrf.trustedOrigins }} + CSRF_TRUSTED_ORIGINS: "{{ .Values.settings.csrf.trustedOrigins }}" + {{- end }} + {{- if .Values.tags.redis }} + CACHE_DEFAULT: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }} + CACHE_AXES: {{ printf "%s-master.%s:6379/0" (include "common.names.fullname" .Subcharts.redis) .Release.Namespace | toString | quote }} + {{- else }} + CACHE_DEFAULT: {{ .Values.settings.cache.default | toString | quote }} + CACHE_AXES: {{ .Values.settings.cache.axes | toString | quote }} + {{- end }} + {{- if .Values.settings.requestsReadTimeout }} + REQUESTS_READ_TIMEOUT: {{ .Values.settings.requestsReadTimeout | toString | quote }} + {{- end }} + diff --git a/charts/openarchiefbeheer/templates/deployment.yaml b/charts/openarchiefbeheer/templates/deployment.yaml index 16d98d1..8e85cde 100644 --- a/charts/openarchiefbeheer/templates/deployment.yaml +++ b/charts/openarchiefbeheer/templates/deployment.yaml @@ -1,3 +1,5 @@ +--- +# Deployment of both frontend and backend (they are in the same image) apiVersion: apps/v1 kind: Deployment metadata: @@ -33,7 +35,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: {{ include "openarchiefbeheer.fullname" . }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -49,17 +51,8 @@ spec: {{- end }} ports: - name: http - containerPort: 8000 + containerPort: 8080 protocol: TCP - {{- if .Values.settings.loadDefaultRoles }} - lifecycle: - postStart: - exec: - command: - - "/bin/bash" - - "-c" - - /app/src/manage.py loaddata default_roles - {{- end }} livenessProbe: httpGet: path: / @@ -77,21 +70,21 @@ spec: value: {{ include "openarchiefbeheer.fullname" . | quote }} {{- toYaml .Values.readinessProbe | nindent 12 }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - - name: media + - name: {{ include "openarchiefbeheer.fullname" . }} mountPath: /app/private-media subPath: {{ .Values.persistence.privateMediaMountSubpath | default "openarchiefbeheer/private_media" }} - - name: media - mountPath: /app/media + - name: {{ include "openarchiefbeheer.fullname" . }} + mountPath: /app/media subPath: {{ .Values.persistence.mediaMountSubpath | default "openarchiefbeheer/media" }} {{- if .Values.extraVolumeMounts }} {{- include "openarchiefbeheer.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} {{- end }} volumes: - - name: media - persistentVolumeClaim: + - name: {{ include "openarchiefbeheer.fullname" . }} {{- if .Values.persistence.enabled }} + persistentVolumeClaim: claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "openarchiefbeheer.fullname" . }}{{- end }} {{- else }} emptyDir: { } @@ -114,6 +107,8 @@ spec: --- +# Deployment Nginx + apiVersion: apps/v1 kind: Deployment metadata: @@ -148,7 +143,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: nginx + - name: {{ include "openarchiefbeheer.nginxFullname" . }} securityContext: {{- toYaml .Values.nginx.securityContext | nindent 12 }} image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}" @@ -159,7 +154,7 @@ spec: port: http ports: - name: http - containerPort: 8080 + containerPort: 9000 resources: {{- toYaml .Values.nginx.resources | nindent 12 }} volumeMounts: @@ -173,8 +168,8 @@ spec: subPath: {{ .Values.persistence.mediaMountSubpath | default "openarchiefbeheer/media" }} volumes: - name: media - persistentVolumeClaim: {{- if .Values.persistence.enabled }} + persistentVolumeClaim: claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "openarchiefbeheer.fullname" . }}{{- end }} {{- else }} emptyDir: { } @@ -197,6 +192,7 @@ spec: --- +# Deployment celery apiVersion: apps/v1 kind: Deployment metadata: @@ -246,6 +242,10 @@ spec: {{- if .Values.extraEnvVars }} {{- include "openarchiefbeheer.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} {{- end }} + {{- if .Values.worker.livenessProbe }} + livenessProbe: + {{- toYaml .Values.worker.livenessProbe | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} command: @@ -285,31 +285,32 @@ spec: {{- end }} --- -{{ if .Values.flower.enabled -}} +# Deployment celery beat + apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "openarchiefbeheer.flowerFullname" . }} + name: {{ include "openarchiefbeheer.beatFullname" . }} labels: - {{- include "openarchiefbeheer.flowerLabels" . | nindent 4 }} + {{- include "openarchiefbeheer.beatLabels" . | nindent 4 }} spec: - replicas: {{ .Values.flower.replicaCount }} + replicas: {{ .Values.beat.replicaCount }} selector: matchLabels: - {{- include "openarchiefbeheer.flowerSelectorLabels" . | nindent 6 }} + {{- include "openarchiefbeheer.beatSelectorLabels" . | nindent 6 }} template: metadata: annotations: checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "openarchiefbeheer.flowerSelectorLabels" . | nindent 8 }} - {{- with .Values.flower.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{- include "openarchiefbeheer.beatSelectorLabels" . | nindent 8 }} + {{- with .Values.beat.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -319,35 +320,24 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ include "openarchiefbeheer.flowerFullname" . }} + - name: {{ include "openarchiefbeheer.beatFullname" . }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/celery_flower.sh"] - resources: - {{- toYaml .Values.flower.resources | nindent 12 }} + env: + {{- if .Values.extraEnvVars }} + {{- include "openarchiefbeheer.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} envFrom: - secretRef: name: {{ .Values.existingSecret | default (include "openarchiefbeheer.fullname" .) }} - configMapRef: name: {{ include "openarchiefbeheer.fullname" . }} - env: - {{- if .Values.extraEnvVars }} - {{- include "openarchiefbeheer.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 5555 - protocol: TCP - livenessProbe: - tcpSocket: - port: 5555 - {{- toYaml .Values.flower.livenessProbe | nindent 12 }} - readinessProbe: - tcpSocket: - port: 5555 - {{- toYaml .Values.flower.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.beat.resources | nindent 12 }} + command: + - /celery_beat.sh volumeMounts: - name: media mountPath: /app/private-media @@ -381,4 +371,3 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/openarchiefbeheer/templates/persistent-volume-claim.yaml b/charts/openarchiefbeheer/templates/pvc.yaml similarity index 100% rename from charts/openarchiefbeheer/templates/persistent-volume-claim.yaml rename to charts/openarchiefbeheer/templates/pvc.yaml diff --git a/charts/openarchiefbeheer/templates/service.yaml b/charts/openarchiefbeheer/templates/service.yaml index e6cbea4..793cc39 100644 --- a/charts/openarchiefbeheer/templates/service.yaml +++ b/charts/openarchiefbeheer/templates/service.yaml @@ -8,7 +8,7 @@ spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: 8000 + targetPort: 8080 protocol: TCP name: http selector: @@ -32,7 +32,7 @@ spec: type: {{ .Values.nginx.service.type }} ports: - port: {{ .Values.nginx.service.port }} - targetPort: 8080 + targetPort: 9000 name: http selector: {{- include "openarchiefbeheer.nginxSelectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/openarchiefbeheer/values.yaml b/charts/openarchiefbeheer/values.yaml index 971171e..bd1f995 100644 --- a/charts/openarchiefbeheer/values.yaml +++ b/charts/openarchiefbeheer/values.yaml @@ -4,7 +4,7 @@ tags: replicaCount: 1 image: - repository: maykinmedia/archiefbeheercomponent + repository: maykinmedia/open-archiefbeheer pullPolicy: IfNotPresent tag: "" @@ -33,19 +33,8 @@ securityContext: runAsNonRoot: true runAsUser: 1000 -livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 +livenessProbe: {} +readinessProbe: {} service: type: ClusterIP @@ -128,6 +117,7 @@ persistence: # Existing Secret must be defined for AzureVaultSecret to work existingSecret: null + # This will create an AzureVaultSecret object in k8s, only Multi Key Value Secret are supported by this chart # ref: https://akv2k8s.io/tutorials/sync/4-multi-key-value-secret/ https://learn.microsoft.com/en-us/azure/key-vault/secrets/multiline-secrets # Using this feature requires you to define existingSecret @@ -141,41 +131,17 @@ azureVaultSecret: # You must set .Values.existingSecret secretName: "{{ .Values.existingSecret }}" -# -- Array with extra environment variables to add extraEnvVars: [] -# e.g: -# extraEnvVars: -# - name: FOO -# value: "bar" - -# -- Optionally specify extra list of additional volumes extraVolumes: [] -# e.g: -# extraVolumes: -# - name: verify-certs -# configMap: -# name: verify-certs - -# -- Optionally specify extra list of additional volumeMounts extraVolumeMounts: [] -# e.g: -# extraVolumeMounts: -# - name: verify-certs -# mountPath: /etc/ssl/certs/extra-certs/ settings: allowedHosts: "" - djangoSettingsModule: archiefbeheercomponent.conf.docker - useXForwardedHost: true - + djangoSettingsModule: openarchiefbeheer.conf.docker # -- Generate secret key at https://djecrety.ir/ secretKey: "" - - # -- sets the 'ENVIRONMENT' variable environment: "" - - # -- Will run src/manage.py loaddata default_roles at pod startup (see docs) - loadDefaultRoles: false + requestsReadTimeout: "30" database: host: "" @@ -185,36 +151,44 @@ settings: name: "" sslmode: prefer + cookie: + sessionCookieSamesite: 'Lax' + sessionCookieSecure: true + csrfCookieSamesite: 'Lax' + csrfCookieSecure: true + + cors: + allowedOrigins: "" + allowedOriginsRegexes: "" + allowAllOrigins: false + extraAllowHeaders: "" + + throttling: + enable: true + rateAnonymous: "2500/hour" + rateUser: "15000/hour" + + twoFactorAuthentication: + forceOtpAdmin: true + patchAdmin: true + + csrf: + trustedOrigins: "" + sentry: dsn: "" cache: - # -- Sets 'CACHE_DEFAULT' var, only required when tags.redis is false default: "" - # -- Sets 'CACHE_AXES' var, only required when tags.redis is false axes: "" - # When not using the redis subcharts you can set them manually like this: - # default: myredisserver:6379/0 - # axes: myredisserver:6379/0 - # Celery cache settings, when the redis subchart is enabled these settings will be ignored and caching will default to the redis subchart services celery: - # e.g.: - # brokerUrl: redis://openforms-redis-master:6379/1 - # resultBackend: redis://openforms-redis-master:6379/1 brokerUrl: "" resultBackend: "" logLevel: debug debug: false - uwsgi: - master: '' - threads: '' - processes: '' - maxRequests: '' - harakiri: '' - email: host: localhost port: 25 @@ -222,24 +196,26 @@ settings: password: "" useTLS: false defaultFrom: "" + + uwsgi: + master: '' + threads: '' + processes: '' + maxRequests: '' + harakiri: '' + + react: + apiUrl: "" + apiPath: "/api/v1" + zaakUrlTemplate: "" worker: replicaCount: 1 concurrency: 4 podLabels: {} resources: {} - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 + livenessProbe: {} + readinessProbe: {} autoscaling: enabled: false minReplicas: 1 @@ -254,18 +230,16 @@ flower: service: type: ClusterIP port: 80 - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 + livenessProbe: {} + readinessProbe: {} + resources: {} + +beat: + enabled: true + replicaCount: 1 + podLabels: {} + livenessProbe: {} + readinessProbe: {} resources: {} nginx: @@ -273,12 +247,11 @@ nginx: repository: nginxinc/nginx-unprivileged pullPolicy: IfNotPresent tag: stable + existingConfigmap: null service: type: ClusterIP - port: 80 + port: 9000 annotations: {} - # -- mount existing nginx vhost config - existingConfigmap: null replicaCount: 1 podLabels: {} securityContext: @@ -290,18 +263,8 @@ nginx: runAsUser: 101 autoscaling: enabled: false - livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 + livenessProbe: {} + readinessProbe: {} resources: {} ##################