Merge pull request #122 from maykinmedia/feature/openinwoner-release-…

…1.5.0 Feature/openinwoner release 1.5.0
maykinmedia · Aug 9, 2024 · fc85a59 · fc85a59
2 parents d2401bf + 30a3554
commit fc85a59
Show file tree

Hide file tree

Showing 7 changed files with 271 additions and 54 deletions.
diff --git a/charts/openinwoner/Chart.yaml b/charts/openinwoner/Chart.yaml
@@ -3,8 +3,8 @@ name: openinwoner
 description: Platform voor gemeenten en overheden om producten inzichtelijker en toegankelijker te maken voor inwoners.
 
 type: application
-version: 1.4.0
-appVersion: "1.17.2"
+version: 1.5.0
+appVersion: "1.19.0"
 
 dependencies:
   - name: redis

diff --git a/charts/openinwoner/README.md b/charts/openinwoner/README.md
@@ -1,6 +1,6 @@
 # openinwoner
 
-![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.3](https://img.shields.io/badge/AppVersion-1.8.3-informational?style=flat-square)
+![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.19.0](https://img.shields.io/badge/AppVersion-1.19.0-informational?style=flat-square)
 
 Platform voor gemeenten en overheden om producten inzichtelijker en toegankelijker te maken voor inwoners.
 
@@ -28,6 +28,16 @@ helm install my-release my-repo/openinwoner
 | autoscaling.minReplicas | int | `1` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
 | autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
+| azureVaultSecret.contentType | string | `""` |  |
+| azureVaultSecret.objectName | string | `""` |  |
+| azureVaultSecret.secretName | string | `"{{ .Values.existingSecret }}"` |  |
+| azureVaultSecret.vaultName | string | `nil` |  |
+| beat.podLabels | object | `{}` |  |
+| beat.replicaCount | int | `1` |  |
+| beat.resources | object | `{}` |  |
+| celeryMonitor.podLabels | object | `{}` |  |
+| celeryMonitor.replicaCount | int | `1` |  |
+| celeryMonitor.resources | object | `{}` |  |
 | elasticsearch.coordinating.replicaCount | int | `1` |  |
 | elasticsearch.data.persistence.enabled | bool | `false` |  |
 | elasticsearch.data.persistence.size | string | `"8Gi"` |  |
@@ -41,7 +51,7 @@ helm install my-release my-repo/openinwoner
 | elasticsearch.master.resources.requests.cpu | string | `"25m"` |  |
 | elasticsearch.master.resources.requests.memory | string | `"256Mi"` |  |
 | existingSecret | string | `nil` |  |
-| extraDeploy | list | `[]` | Optionally specify additional resources to deploy |
+| extraDeploy | list | `[]` | Extra objects to deploy (value evaluated as a template) |
 | extraEnvVars | list | `[]` | Array with extra environment variables to add |
 | extraIngress | list | `[]` |  |
 | extraVolumeMounts | list | `[]` | Optionally specify extra list of additional volumeMounts |
@@ -84,9 +94,9 @@ helm install my-release my-repo/openinwoner
 | nginx.securityContext.readOnlyRootFilesystem | bool | `false` |  |
 | nginx.securityContext.runAsNonRoot | bool | `true` |  |
 | nginx.securityContext.runAsUser | int | `101` |  |
-| nginx.service.annotations | object | `{}` | Optionally specify extra annotations |
-| nginx.service.port | int | `80` | |
-| nginx.service.type | string | `"ClusterIP"` | | 
+| nginx.service.annotations | object | `{}` |  |
+| nginx.service.port | int | `80` |  |
+| nginx.service.type | string | `"ClusterIP"` |  |
 | nodeSelector | object | `{}` |  |
 | pdb.create | bool | `false` |  |
 | pdb.maxUnavailable | string | `""` |  |
@@ -123,16 +133,22 @@ helm install my-release my-repo/openinwoner
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
 | settings.allowedHosts | string | `""` |  |
+| settings.brpVersion | string | `""` |  |
 | settings.cache.axes | string | `""` | Sets 'CACHE_AXES' var, only required when tags.redis is false |
 | settings.cache.default | string | `""` | Sets 'CACHE_DEFAULT' var, only required when tags.redis is false |
+| settings.celery.brokerUrl | string | `""` |  |
+| settings.celery.logLevel | string | `"debug"` |  |
+| settings.celery.resultBackend | string | `""` |  |
 | settings.database.host | string | `""` |  |
 | settings.database.name | string | `""` |  |
 | settings.database.password | string | `""` |  |
 | settings.database.port | int | `5432` |  |
 | settings.database.sslmode | string | `"prefer"` |  |
 | settings.database.username | string | `""` |  |
 | settings.debug | bool | `false` |  |
+| settings.digidMock | string | `""` |  |
 | settings.djangoSettingsModule | string | `"open_inwoner.conf.docker"` |  |
+| settings.eherkenningMock | string | `""` |  |
 | settings.elasticSearchHost | string | `""` | Elasticsearch hostname, only required when tags.elasticsearch is false |
 | settings.elasticapm.token | string | `""` |  |
 | settings.elasticapm.url | string | `""` |  |
@@ -147,9 +163,8 @@ helm install my-release my-repo/openinwoner
 | settings.loadFixtures | bool | `false` | Will load all fixtures in /app/src/open_inwoner/conf/fixtures/*.json |
 | settings.secretKey | string | `""` | Generate secret key at https://djecrety.ir/ |
 | settings.sentry.dsn | string | `""` |  |
-| settings.twoFactorAuthentication.forceOtpAdmin | bool | `true` | Enforce 2 Factor Authentication in the admin or not. Default True. You'll probably want to disable this when using OIDC. |
-| settings.twoFactorAuthentication.patchAdmin | bool | `true` | Whether to use the 2 Factor Authentication login flow for the admin or not. Default True. You'll probably want to disable this when using OIDC. |
-| settings.useXForwardedHost | bool | `true` |  |
+| settings.smsgateway.apikey | string | `""` |  |
+| settings.smsgateway.backend | string | `""` | For example "open_inwoner.accounts.gateways.MessageBird" |
 | settings.uwsgi.harakiri | string | `""` |  |
 | settings.uwsgi.master | bool | `false` |  |
 | settings.uwsgi.maxRequests | string | `""` |  |
@@ -158,4 +173,21 @@ helm install my-release my-repo/openinwoner
 | tags.elasticsearch | bool | `true` |  |
 | tags.redis | bool | `true` |  |
 | tolerations | list | `[]` |  |
+| worker.autoscaling.enabled | bool | `false` |  |
+| worker.autoscaling.maxReplicas | int | `100` |  |
+| worker.autoscaling.minReplicas | int | `1` |  |
+| worker.autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| worker.autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
+| worker.concurrency | int | `4` |  |
+| worker.livenessProbe.exec.command[0] | string | `"python"` |  |
+| worker.livenessProbe.exec.command[1] | string | `"/app/bin/check_celery_worker_liveness.py"` |  |
+| worker.livenessProbe.failureThreshold | int | `3` |  |
+| worker.livenessProbe.initialDelaySeconds | int | `60` |  |
+| worker.livenessProbe.periodSeconds | int | `10` |  |
+| worker.livenessProbe.successThreshold | int | `1` |  |
+| worker.livenessProbe.timeoutSeconds | int | `5` |  |
+| worker.maxWorkerLivenessDelta | string | `""` |  |
+| worker.podLabels | object | `{}` |  |
+| worker.replicaCount | int | `1` |  |
+| worker.resources | object | `{}` |  |
 
diff --git a/charts/openinwoner/templates/_helpers.tpl b/charts/openinwoner/templates/_helpers.tpl
@@ -161,34 +161,34 @@ app.kubernetes.io/name: {{ include "openinwoner.beatName" . }}
 {{- end }}
 
 {{/*
-Create a name for Flower
-We truncate at 56 chars in order to provide space for the "-flower" suffix
+Create a name for Celery Monitor
+We truncate at 56 chars in order to provide space for the "-celery-monitor" suffix
 */}}
-{{- define "openinwoner.flowerName" -}}
-{{ include "openinwoner.name" . | trunc 56 | trimSuffix "-" }}-flower
+{{- define "openinwoner.celeryMonitorName" -}}
+{{ include "openinwoner.name" . | trunc 56 | trimSuffix "-" }}-celery-monitor
 {{- end }}
 
 {{/*
-Create a default fully qualified name for Flower.
-We truncate at 56 chars in order to provide space for the "-flower" suffix
+Create a default fully qualified name for celeryMonitor.
+We truncate at 56 chars in order to provide space for the "-celeryMonitor" suffix
 */}}
-{{- define "openinwoner.flowerFullname" -}}
-{{ include "openinwoner.fullname" . | trunc 56 | trimSuffix "-" }}-flower
+{{- define "openinwoner.celeryMonitorFullname" -}}
+{{ include "openinwoner.fullname" . | trunc 56 | trimSuffix "-" }}-celery-monitor
 {{- end }}
 
 {{/*
-Flower labels
+celeryMonitor labels
 */}}
-{{- define "openinwoner.flowerLabels" -}}
+{{- define "openinwoner.celeryMonitorLabels" -}}
 {{ include "openinwoner.commonLabels" . }}
-{{ include "openinwoner.flowerSelectorLabels" . }}
+{{ include "openinwoner.celeryMonitorSelectorLabels" . }}
 {{- end }}
 
 {{/*
-Flower selector labels
+celeryMonitor selector labels
 */}}
-{{- define "openinwoner.flowerSelectorLabels" -}}
-app.kubernetes.io/name: {{ include "openinwoner.flowerName" . }}
+{{- define "openinwoner.celeryMonitorSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "openinwoner.celeryMonitorName" . }}
 {{- end }}
 
 {{/*

diff --git a/charts/openinwoner/templates/configmap.yaml b/charts/openinwoner/templates/configmap.yaml
@@ -28,6 +28,13 @@ data:
   {{- end }}
   CELERY_LOGLEVEL:  {{ .Values.settings.celery.logLevel | upper | toString | quote }}
   DIGID_MOCK: {{ .Values.settings.digidMock | toString | quote }}
+  EHERKENNING_MOCK: {{ .Values.settings.eherkenningMock | toString | quote }}
+  {{- if .Values.settings.smsgateway.backend }}
+  ACCOUNTS_SMS_GATEWAY_BACKEND:  {{ .Values.settings.smsgateway.backend | toString | quote }}
+  {{- end }}
+  {{- if .Values.settings.brpVersion }}
+  BRP_VERSION: {{ .Values.settings.brpVersion | toString | quote }}
+  {{- end }}
   DB_NAME: {{ .Values.settings.database.name | toString | quote }}
   DB_HOST: {{ .Values.settings.database.host | toString | quote }}
   DB_USER: {{ .Values.settings.database.username | toString | quote }}
@@ -49,8 +56,6 @@ data:
   {{- if .Values.settings.elasticapm.url }}
   ELASTIC_APM_SERVICE_NAME: {{ .Values.settings.elasticapm.serviceName | toString |  quote }}
   {{- end }}
-  TWO_FACTOR_FORCE_OTP_ADMIN: {{ if .Values.settings.twoFactorAuthentication.forceOtpAdmin }}"True"{{ else }}"False"{{ end }}
-  TWO_FACTOR_PATCH_ADMIN: {{ if .Values.settings.twoFactorAuthentication.patchAdmin }}"True"{{ else }}"False"{{ end }}
   {{- if .Values.settings.uwsgi.master }}
   UWSGI_MASTER:  {{ if .Values.settings.uwsgi.master }}"1"{{ else }}"0"{{ end }}
   {{- end }}

diff --git a/charts/openinwoner/templates/deployment.yaml b/charts/openinwoner/templates/deployment.yaml
@@ -51,15 +51,6 @@ spec:
             - name: http
               containerPort: 8000
               protocol: TCP
-          {{- if .Values.settings.loadFixtures }}
-          lifecycle:
-            postStart:
-              exec:
-                command:
-                  - "/bin/bash"
-                  - "-c"
-                  - /app/src/manage.py loaddata  /app/src/open_inwoner/conf/fixtures/*.json
-          {{- end }}
           livenessProbe:
             httpGet:
               path: /admin/
@@ -114,6 +105,180 @@ spec:
 
 ---
 
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "openinwoner.beatFullname" . }}
+  labels:
+  {{- include "openinwoner.beatLabels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.beat.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "openinwoner.beatSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+    {{- include "openinwoner.beatSelectorLabels" . | nindent 8 }}
+    {{- with .Values.beat.podLabels }}
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "openinwoner.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "openinwoner.beatFullname" . }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            {{- if .Values.extraEnvVars }}
+            {{- include "openinwoner.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.existingSecret | default (include "openinwoner.fullname" .) }}
+            - configMapRef:
+                name: {{ include "openinwoner.fullname" . }}
+          resources:
+            {{- toYaml .Values.beat.resources | nindent 12 }}
+          command:
+            - /celery_beat.sh
+          volumeMounts:
+            - name: media
+              mountPath: /app/private_media
+              subPath: {{ .Values.persistence.privateMediaMountSubpath | default "openinwoner/private_media" }}
+            - name: media
+              mountPath: /app/media
+              subPath: {{ .Values.persistence.mediaMountSubpath  | default "openinwoner/media" }}
+            {{- if .Values.extraVolumeMounts }}
+            {{- include "openinwoner.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }}
+            {{- end }}
+      volumes:
+        - name: media
+          persistentVolumeClaim:
+          {{- if .Values.persistence.enabled }}
+            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "openinwoner.fullname" . }}{{- end }}
+          {{- else }}
+          emptyDir: { }
+          {{- end }}
+        {{- if .Values.extraVolumes }}
+        {{- include "openinwoner.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 8 }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "openinwoner.celeryMonitorFullname" . }}
+  labels:
+  {{- include "openinwoner.celeryMonitorLabels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.celeryMonitor.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "openinwoner.celeryMonitorSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+    {{- include "openinwoner.celeryMonitorSelectorLabels" . | nindent 8 }}
+    {{- with .Values.celeryMonitor.podLabels }}
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "openinwoner.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "openinwoner.celeryMonitorFullname" . }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            {{- if .Values.extraEnvVars }}
+            {{- include "openinwoner.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.existingSecret | default (include "openinwoner.fullname" .) }}
+            - configMapRef:
+                name: {{ include "openinwoner.fullname" . }}
+          resources:
+            {{- toYaml .Values.celeryMonitor.resources | nindent 12 }}
+          command:
+            - /celery_monitor.sh
+          volumeMounts:
+            - name: media
+              mountPath: /app/private_media
+              subPath: {{ .Values.persistence.privateMediaMountSubpath | default "openinwoner/private_media" }}
+            - name: media
+              mountPath: /app/media
+              subPath: {{ .Values.persistence.mediaMountSubpath  | default "openinwoner/media" }}
+            {{- if .Values.extraVolumeMounts }}
+            {{- include "openinwoner.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }}
+            {{- end }}
+      volumes:
+        - name: media
+          persistentVolumeClaim:
+          {{- if .Values.persistence.enabled }}
+            claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "openinwoner.fullname" . }}{{- end }}
+          {{- else }}
+          emptyDir: { }
+          {{- end }}
+        {{- if .Values.extraVolumes }}
+        {{- include "openinwoner.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 8 }}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+---
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -205,7 +370,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
 
----      
+---
 
 apiVersion: apps/v1
 kind: Deployment