diff --git a/charts/open-notificaties/Chart.yaml b/charts/open-notificaties/Chart.yaml index 4e0c2f8..73ac69a 100644 --- a/charts/open-notificaties/Chart.yaml +++ b/charts/open-notificaties/Chart.yaml @@ -3,22 +3,22 @@ name: open-notificaties description: API voor het routeren van notificaties type: application -version: 0.8.0 +version: 0.8.1 appVersion: "1.4.0" dependencies: - name: postgresql - version: ~10.12.0 + version: ~15.5.5 repository: https://charts.bitnami.com/bitnami tags: - postgresql - name: redis - version: ~13.0.0 + version: ~19.5.2 repository: https://charts.bitnami.com/bitnami tags: - redis - name: rabbitmq - version: ~8.23.0 + version: ~14.4.1 repository: https://charts.bitnami.com/bitnami tags: - rabbitmq diff --git a/charts/open-notificaties/README.md b/charts/open-notificaties/README.md index 4b79d6a..fac07ba 100644 --- a/charts/open-notificaties/README.md +++ b/charts/open-notificaties/README.md @@ -26,6 +26,28 @@ helm install open-notificaties open-zaak/open-notificaties \ :warning: The default settings are unsafe for production usage. Configure proper secrets, enable persistency and consider High Availability (HA) for the database and the application. +:warning: When you uninstall the chart, the PVCs will not be deleted. This can cause confusion during testing. + +If you want to use your own instances of Redis, Postgres and RabbitMQ instead, you can disable the subcharts: + +```bash + +helm install open-notificaties open-zaak/open-notificaties \ + --set "tags.redis=false" \ + --set "tags.postgresql=false" \ + --set "tags.rabbitmq=false" \ + --set "settings.database.host=postgres.gemeente.nl" \ + --set "settings.cache.default=redis.gemeente.nl:6379/1" \ + --set "settings.cache.axes=redis.gemeente.nl:6379/1" \ + --set "settings.celery.resultBackend=redis.gemeente.nl:6379/2" \ + --set "settings.messageBroker.host=rabbitmq.gemeente.nl" \ + --set "settings.allowedHosts=open-notificaties.gemeente.nl" \ + --set "ingress.enabled=true" \ + --set "ingress.hosts={open-notificaties.gemeente.nl}" +``` + +You will probably need to set more values to configure the connection to your own Redis, Postgres and RabbitMQ instances. + ## Chart and Open Notificaties versions alignment Not every version of the chart is compatible with every version of Open Notificaties. The @@ -40,71 +62,70 @@ table below describes the supported versions ## Configuration -| Parameter | Description | Default | -| --------- | ----------- | ------- | -| `tags.postgresql` | Install PostgreSQL subchart | `true` | -| `tags.redis` | Install Redis subchart | `true` | -| `tags.rabbitmq` | Install RabbitMQ subchart | `true` | -| `image.repository` | The repository of the Docker image | `openzaak/open-notificaties` | -| `image.tag` | The tag of the Docker image | `""` (uses `.Chart.AppVersion` by default) | -| `replicaCount` | The number of replicas | `1` | -| `podLabels` | Additional labels to be set on the open-notification API pods | `{}` | -| `ingress.enabled` | Expose the application through an ingress | `false` | -| `ingress.annotations` | Additional annotations on the API ingress | `{}` | -| `ingress.hosts` | Ingress hosts | `"{open-notificaties.gemeente.nl}"` | -| `ingress.tls` | Ingress TLS settings | `"[]"` | -| `existingSecret` | Refer to an existing secret to avoid managing secrets through Helm. See templates/secret.yaml for required contents of your existing secret. This secret is also used for the Worker and Flower components. | `null` | -| `settings.allowedHosts` | A comma-separated list of hosts allowed by the application | `"open-notificaties.gemeente.nl"` | -| `settings.secretKey` | The secret key of the application | `"SOME-RANDOM-SECRET"` | -| `settings.database.host` | The hostname of PostgreSQL | `"open-notificaties-postgresql"` | -| `settings.database.port` | The port of PostgreSQL | `5432` | -| `settings.database.username` | The username of PostgreSQL | `"postgres"` | -| `settings.database.password` | The password of PostgreSQL | `"SUPER-SECRET"` | -| `settings.database.name` | The database name of PostgreSQL | `"open-notificaties"` | -| `settings.database.sslmode` | The SSL-mode used by the postgres client. See [docs](https://www.postgresql.org/docs/current/libpq-ssl.html) for more info | `"prefer"` | -| `settings.numProxies` | The number of reverse proxies between client and backend container. Set this to 1 if exposing the application through an ingress | `0` | -| `settings.cache.default` | The Redis cache for the default cache | `"open-notificaties-redis-master:6379/0"` | -| `settings.cache.axes` | The Redis cache for the axes cache | `"open-notificaties-redis-master:6379/0"` | -| `settings.email.host` | The hostname of the SMTP server | `"localhost"` | -| `settings.email.port` | The port of the SMTP server | `25` | -| `settings.email.username` | The username of the SMTP server | `""` | -| `settings.email.password` | The password of the SMTP server | `""` | -| `settings.email.useTLS` | Use TLS for connecting to SMTP server | `false` | -| `settings.sentry.dsn` | The DSN for Sentry Logging | `""` | -| `settings.messageBroker.host` | The URL to the Celery broker | `"open-notificaties-rabbitmq"` | -| `settings.celery.resultBackend` | The URL to the Celery result backend | `"redis://open-notificaties-redis-master:6379/1"` | -| `settings.isHttps` | Used to construct absolute URLs and controls a variety of security settings | `true` | -| `settings.debug` | Only set this to True on a local development environment. Various other security settings are derived from this setting | `false` | -| `settings.autoRetry.maxRetries` | Maximum number of notification delivery retries. If `null`, the upstream defaults are used. | `null` | -| `settings.autoRetry.backoff` | Exponential backoff, boolean or number. If a number, applies as a scale factor. If `null`, the upstream defaults are used. | `null` | -| `settings.autoRetry.backoffMax` | Upper limit (in seconds) of the exponential backoff. If `null`, the upstream defaults are used. | `null` | -| `settings.flower.urlPrefix` | If enabled, deploy Flower on a non-root URL | `""` | -| `settings.flower.basicAuth` | Secure Flower with [Basic Authentication](https://flower.readthedocs.io/en/latest/config.html#basic-auth). This is a comma-separated list of `username:password`. You should configure this when `flower.ingress.enabled` is set to true. | `""` | -| `worker.podLabels` | Additional labels to be set on the open-notification worker pods | `{}` | -| `postgresql.persistence.enabled` | Enable PostgreSQL persistency | `false` | -| `postgresql.persistence.size` | Configure PostgreSQL size | `"1Gi"` | -| `postgresql.persistence.existingClaim` | Use an existing persistent volume claim | `null` | -| `postgresql.postgresqlDatabase` | The PostgreSQL database name | `"open-notificaties"` | -| `postgresql.postgresqlPassword` | The PostgreSQL administrative password | `"SUPER-SECRET"` | -| `flower.enabled` | Whether or not to deploy the [Flower](https://flower.readthedocs.io/en/latest/) component, which is a monitoring tool for Celery | `false` | -| `flower.replicaCount` | The number of replicas for Celery Flower | `1` | -| `flower.podLabels` | Additional labels to be set for Celery Flower | `{}` | -| `flower.extraEnvVars` | Configure Flower through additional environment variables. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` | -| `flower.extraEnvVarsSecret` | Configure Flower through additional environment variables. This property should contain secrets like basic-auth. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` | -| `flower.ingress.enabled` | Use a dedicated Ingress for Flower, which can act as a Management Ingress. When `Values.ingress.enabled` is set to true and this parameter to false, then Flower will be exposed on the main Ingress. | `false` | -| `flower.ingress.annotations` | Additional annotations on the Flower Ingress | `{}` | -| `flower.ingress.hosts` | Flower Ingress hosts | `"{open-notificaties-flower.gemeente.nl}"` | -| `flower.ingress.tls` | Flower Ingress TLS settings | `"[]"` | -| `redis.usePassword` | Use a Redis password | `false` | -| `redis.cluster.enabled` | Enable Redis cluster | `false` | -| `redis.persistence.existingClaim` | Use existing persistent volume claim for Redis | `""` | -| `redis.master.persistence.enabled` | Enable persistency for Redis master | `false` | -| `redis.master.persistence.size` | The size of the Redis master persistent volume | `"1Gi"` | -| `rabbitmq.auth.username` | RabbitMQ username | `"guest"` | -| `rabbitmq.auth.password` | RabbitMQ password | `"guest"` | -| `rabbitmq.auth.erlangCookie` | RabbitMQ Erlang Cookie | `"SUPER-SECRET"` | -| `rabbitmq.persistence.enabled` | Enable RabbitMQ persistency | `false` | -| `rabbitmq.persistence.size` | Configure RabbitMQ size | `"1Gi"` | -| `rabbitmq.persistence.existingClaim` | Use an existing persistent volume claim | `null` | +| Parameter | Description | Default | +|-------------------------------------------------------| ----------- | ------- | +| `tags.postgresql` | Install PostgreSQL subchart | `true` | +| `tags.redis` | Install Redis subchart | `true` | +| `tags.rabbitmq` | Install RabbitMQ subchart | `true` | +| `image.repository` | The repository of the Docker image | `openzaak/open-notificaties` | +| `image.tag` | The tag of the Docker image | `""` (uses `.Chart.AppVersion` by default) | +| `replicaCount` | The number of replicas | `1` | +| `podLabels` | Additional labels to be set on the open-notification API pods | `{}` | +| `ingress.enabled` | Expose the application through an ingress | `false` | +| `ingress.annotations` | Additional annotations on the API ingress | `{}` | +| `ingress.hosts` | Ingress hosts | `"{open-notificaties.gemeente.nl}"` | +| `ingress.tls` | Ingress TLS settings | `"[]"` | +| `existingSecret` | Refer to an existing secret to avoid managing secrets through Helm. See templates/secret.yaml for required contents of your existing secret. This secret is also used for the Worker and Flower components. | `null` | +| `settings.allowedHosts` | A comma-separated list of hosts allowed by the application | `"open-notificaties.gemeente.nl"` | +| `settings.secretKey` | The secret key of the application | `"SOME-RANDOM-SECRET"` | +| `settings.database.host` | The hostname of PostgreSQL | `"open-notificaties-postgresql"` | +| `settings.database.port` | The port of PostgreSQL | `5432` | +| `settings.database.username` | The username of PostgreSQL | `"postgres"` | +| `settings.database.password` | The password of PostgreSQL | `"SUPER-SECRET"` | +| `settings.database.name` | The database name of PostgreSQL | `"open-notificaties"` | +| `settings.database.sslmode` | The SSL-mode used by the postgres client. See [docs](https://www.postgresql.org/docs/current/libpq-ssl.html) for more info | `"prefer"` | +| `settings.numProxies` | The number of reverse proxies between client and backend container. Set this to 1 if exposing the application through an ingress | `0` | +| `settings.cache.default` | The Redis cache for the default cache | `"open-notificaties-redis-master:6379/0"` | +| `settings.cache.axes` | The Redis cache for the axes cache | `"open-notificaties-redis-master:6379/0"` | +| `settings.email.host` | The hostname of the SMTP server | `"localhost"` | +| `settings.email.port` | The port of the SMTP server | `25` | +| `settings.email.username` | The username of the SMTP server | `""` | +| `settings.email.password` | The password of the SMTP server | `""` | +| `settings.email.useTLS` | Use TLS for connecting to SMTP server | `false` | +| `settings.sentry.dsn` | The DSN for Sentry Logging | `""` | +| `settings.messageBroker.host` | The URL to the Celery broker | `"open-notificaties-rabbitmq"` | +| `settings.celery.resultBackend` | The URL to the Celery result backend | `"redis://open-notificaties-redis-master:6379/1"` | +| `settings.isHttps` | Used to construct absolute URLs and controls a variety of security settings | `true` | +| `settings.debug` | Only set this to True on a local development environment. Various other security settings are derived from this setting | `false` | +| `settings.autoRetry.maxRetries` | Maximum number of notification delivery retries. If `null`, the upstream defaults are used. | `null` | +| `settings.autoRetry.backoff` | Exponential backoff, boolean or number. If a number, applies as a scale factor. If `null`, the upstream defaults are used. | `null` | +| `settings.autoRetry.backoffMax` | Upper limit (in seconds) of the exponential backoff. If `null`, the upstream defaults are used. | `null` | +| `settings.flower.urlPrefix` | If enabled, deploy Flower on a non-root URL | `""` | +| `settings.flower.basicAuth` | Secure Flower with [Basic Authentication](https://flower.readthedocs.io/en/latest/config.html#basic-auth). This is a comma-separated list of `username:password`. You should configure this when `flower.ingress.enabled` is set to true. | `""` | +| `worker.podLabels` | Additional labels to be set on the open-notification worker pods | `{}` | +| `postgresql.primary.ersistence.enabled` | Enable PostgreSQL persistency | `false` | +| `postgresql.primary.persistence.size` | Configure PostgreSQL size | `"1Gi"` | +| `postgresql.primary.persistence.existingClaim` | Use an existing persistent volume claim | `null` | +| `postgresql.global.postgresql.auth.database` | The PostgreSQL database name | `"open-notificaties"` | +| `postgresql.global.postgresql.auth.postgresqlPassword` | The PostgreSQL administrative password | `"SUPER-SECRET"` | +| `flower.enabled` | Whether or not to deploy the [Flower](https://flower.readthedocs.io/en/latest/) component, which is a monitoring tool for Celery | `false` | +| `flower.replicaCount` | The number of replicas for Celery Flower | `1` | +| `flower.podLabels` | Additional labels to be set for Celery Flower | `{}` | +| `flower.extraEnvVars` | Configure Flower through additional environment variables. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` | +| `flower.extraEnvVarsSecret` | Configure Flower through additional environment variables. This property should contain secrets like basic-auth. For a full list of possibilities, see [Flower config docs](https://flower.readthedocs.io/en/latest/config.html) | `{}` | +| `flower.ingress.enabled` | Use a dedicated Ingress for Flower, which can act as a Management Ingress. When `Values.ingress.enabled` is set to true and this parameter to false, then Flower will be exposed on the main Ingress. | `false` | +| `flower.ingress.annotations` | Additional annotations on the Flower Ingress | `{}` | +| `flower.ingress.hosts` | Flower Ingress hosts | `"{open-notificaties-flower.gemeente.nl}"` | +| `flower.ingress.tls` | Flower Ingress TLS settings | `"[]"` | +| `redis.auth.enabled` | Use a Redis password | `false` | +| `redis.master.persistence.enabled` | Enable persistency for Redis master | `false` | +| `redis.master.persistence.size` | The size of the Redis master persistent volume | `"1Gi"` | +| `redis.master.persistence.existingClaim` | Use existing persistent volume claim for Redis | `""` | +| `rabbitmq.auth.username` | RabbitMQ username | `"guest"` | +| `rabbitmq.auth.password` | RabbitMQ password | `"guest"` | +| `rabbitmq.auth.erlangCookie` | RabbitMQ Erlang Cookie | `"SUPER-SECRET"` | +| `rabbitmq.persistence.enabled` | Enable RabbitMQ persistency | `false` | +| `rabbitmq.persistence.size` | Configure RabbitMQ size | `"1Gi"` | +| `rabbitmq.persistence.existingClaim` | Use an existing persistent volume claim | `null` | Check [values.yaml](./values.yaml) for all the possible configuration options. diff --git a/charts/open-notificaties/values.yaml b/charts/open-notificaties/values.yaml index 583bdfe..4244acd 100644 --- a/charts/open-notificaties/values.yaml +++ b/charts/open-notificaties/values.yaml @@ -191,31 +191,31 @@ settings: ####################### postgresql: - persistence: - enabled: false - size: 1Gi - existingClaim: null + primary: + persistence: + enabled: false + size: 1Gi + existingClaim: null - postgresqlDatabase: open-notificaties - postgresqlPassword: SUPER-SECRET + global: + postgresql: + auth: + database: open-notificaties + postgresPassword: SUPER-SECRET ################## # Redis subchart # ################## redis: - usePassword: false - - cluster: + auth: enabled: false - persistence: - existingClaim: null - master: persistence: enabled: false size: 1Gi + existingClaim: null ##################### # RabbitMQ subchart #