Merge pull request #14 from NL-AMS-LOCGOV/issue/#13

Issue/#13

charts/open-notificaties/Chart.yaml

@@ -3,8 +3,8 @@ name: open-notificaties
 description: API voor het routeren van notificaties
 
 type: application
-version: 0.3.1
-appVersion: 1.1.0
+version: 0.3.2
+appVersion: 1.1.5
 
 dependencies:
   - name: postgresql

charts/open-notificaties/templates/deployment.yaml

@@ -16,9 +16,9 @@ spec:
       annotations:
         checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
         {{- include "open-notificaties.selectorLabels" . | nindent 8 }}
     spec:
@@ -87,29 +87,29 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-  {{- include "open-notificaties.workerSelectorLabels" . | nindent 6 }}
+      {{- include "open-notificaties.workerSelectorLabels" . | nindent 6 }}
   template:
     metadata:
       annotations:
         checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
         {{- with .Values.podAnnotations }}
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
     {{- include "open-notificaties.workerSelectorLabels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
-      {{- toYaml . | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "open-notificaties.serviceAccountName" . }}
       securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}-worker
           securityContext:
-          {{- toYaml .Values.securityContext | nindent 12 }}
+            {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           envFrom:
@@ -118,19 +118,19 @@ spec:
             - configMapRef:
                 name: {{ include "open-notificaties.fullname" . }}
           resources:
-          {{- toYaml .Values.workerResources | nindent 12 }}
+            {{- toYaml .Values.workerResources | nindent 12 }}
           command:
             - /celery_worker.sh
       {{- with .Values.nodeSelector }}
       nodeSelector:
-      {{- toYaml . | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.affinity }}
       affinity:
-      {{- toYaml . | nindent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
-      {{- toYaml . | nindent 8 }}
-  {{- end }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
 

charts/open-zaak/Chart.yaml

@@ -3,8 +3,8 @@ name: open-zaak
 description: Productiewaardige API's voor Zaakgericht Werken
 
 type: application
-version: 0.2.2
-appVersion: 1.3.0
+version: 0.3.0
+appVersion: 1.3.5
 
 dependencies:
   - name: postgresql

charts/open-zaak/templates/_helpers.tpl

@@ -33,13 +33,20 @@ Create chart name and version as used by the chart label.
 {{/*
 Common labels
 */}}
-{{- define "open-zaak.labels" -}}
+{{- define "open-zaak.commonLabels" -}}
 helm.sh/chart: {{ include "open-zaak.chart" . }}
-{{ include "open-zaak.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Open Zaak labels
+*/}}
+{{- define "open-zaak.labels" -}}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{ include "open-zaak.commonLabels" . }}
+{{ include "open-zaak.selectorLabels" . }}
 {{- end }}
 
 {{/*
@@ -60,3 +67,35 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create a name for NGINX
+We truncate at 57 chars in order to provide space for the "-nginx" suffix
+*/}}
+{{- define "open-zaak.nginxName" -}}
+{{ include "open-zaak.name" . | trunc 57 | trimSuffix "-" }}-nginx
+{{- end }}
+
+{{/*
+Create a default fully qualified name for NGINX.
+We truncate at 57 chars in order to provide space for the "-nginx" suffix
+*/}}
+{{- define "open-zaak.nginxFullname" -}}
+{{ include "open-zaak.fullname" . | trunc 57 | trimSuffix "-" }}-nginx
+{{- end }}
+
+{{/*
+NGINX labels
+*/}}
+{{- define "open-zaak.nginxLabels" -}}
+{{ include "open-zaak.commonLabels" . }}
+{{ include "open-zaak.nginxSelectorLabels" . }}
+{{- end }}
+
+{{/*
+NGINX selector labels
+*/}}
+{{- define "open-zaak.nginxSelectorLabels" -}}
+app.kubernetes.io/name: {{ include "open-zaak.nginxName" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/open-zaak/templates/configmap-nginx.yaml

@@ -0,0 +1,84 @@
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "open-zaak.nginxFullname" . }}
+  labels:
+  {{- include "open-zaak.nginxLabels" . | nindent 4 }}
+data:
+  proxy: |
+    proxy_pass_header Server;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Host $server_name;
+    proxy_set_header X-Scheme $scheme;
+    proxy_connect_timeout 300s;
+    proxy_read_timeout 300s;
+
+    proxy_redirect off;
+    proxy_pass_request_headers on;
+    proxy_pass http://{{ include "open-zaak.fullname" . }}.{{ .Release.Namespace }};
+    proxy_http_version 1.1;  # required if you're using istio, otherwise you get HTTP 426 errors
+
+  default.conf: |
+    server {
+      listen       80 default_server;
+      server_name  {{ .Values.settings.allowedHosts  | replace "," " "}} localhost};
+      server_tokens off;
+
+      gzip on;
+      gzip_http_version 1.0;
+      gzip_comp_level 2;
+      gzip_min_length 1100;
+      gzip_buffers 4 8k;
+      gzip_proxied any;
+      gzip_types
+        # text/html is always compressed by HttpGzipModule
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        text/x-component
+        application/javascript
+        application/json
+        application/xml
+        application/rss+xml
+        font/truetypenginc
+        font/opentype
+        application/vnd.ms-fontobject
+        image/svg+xml;
+      gzip_static on;
+      gzip_proxied  expired no-cache no-store private auth;
+      gzip_disable "MSIE [1-6]\.";
+      gzip_vary on;
+
+      add_header Feature-Policy "autoplay 'none'; camera 'none'" always;
+      add_header Referrer-Policy "same-origin";
+      add_header X-Content-Type-Options "nosniff";
+      add_header X-XSS-Protection "1; mode=block";
+
+      location / {
+          include conf.d/proxy;
+
+          location /documenten/api/v1/enkelvoudiginformatieobjecten {
+              client_max_body_size 4G;
+              include conf.d/proxy;
+          }
+      }
+
+      location /_health/ {
+          access_log off;
+          error_log /var/log/nginx/error.log error;
+          return 200 'OK';
+      }
+
+      location /private-media/ {
+          internal;
+          alias /app/private-media/;
+      }
+
+      error_page  404              /404.html;
+      error_page  413              /413.json;
+      error_page  500 502 503 504  /500.json;
+    }
+  {{- end }}