diff --git a/charts/openzaak/CHANGELOG.md b/charts/openzaak/CHANGELOG.md index 2201bea3..e6870f0e 100644 --- a/charts/openzaak/CHANGELOG.md +++ b/charts/openzaak/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## 1.14.0 (XXXX-XX-XX) + +- Bumped the application version to 1.27.0. +- Added support for the environment variables to configure Azure Blob Storage and S3 storage for the Documenten API. +- Added support for the environment variables `ENABLE_CLOUD_EVENTS` and `NOTIFICATIONS_SOURCE` to configure cloud events. +- Removed leftover variables `NOTIF_OPENZAAK_SECRET` and `OPENZAAK_NOTIF_SECRET` which were no longer used in Open Zaak. + ## 1.13.1 (2026-02-06) - Updated the Readme. diff --git a/charts/openzaak/Chart.yaml b/charts/openzaak/Chart.yaml index 0daaa229..8476fbd4 100644 --- a/charts/openzaak/Chart.yaml +++ b/charts/openzaak/Chart.yaml @@ -3,8 +3,8 @@ name: openzaak description: Productiewaardige API's voor Zaakgericht Werken type: application -version: 1.13.1 -appVersion: 1.26.0 +version: 1.14.0-rc.0 +appVersion: 1.27.0 dependencies: - name: redis diff --git a/charts/openzaak/README.md b/charts/openzaak/README.md index b1048d5b..41caaf74 100644 --- a/charts/openzaak/README.md +++ b/charts/openzaak/README.md @@ -2,7 +2,7 @@ Productiewaardige API's voor Zaakgericht Werken -![Version: 1.13.1](https://img.shields.io/badge/Version-1.13.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.26.0](https://img.shields.io/badge/AppVersion-1.26.0-informational?style=flat-square) +![Version: 1.14.0-rc.0](https://img.shields.io/badge/Version-1.14.0--rc.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.27.0](https://img.shields.io/badge/AppVersion-1.27.0-informational?style=flat-square) ## Introduction @@ -53,6 +53,18 @@ configuration: The yaml data needed to configure the application should be provided in the value `configuration.data`. To see how to configure, see the Open Zaak [documentation](https://open-zaak.readthedocs.io/en/stable/installation/config/openzaak_config_cli.html). +## Documenten API backend + +Open Zaak supports using three different backends for the Documenten API: the file system, Azure Blob Storage and S3 storage. + +In order to configure the backend, use the `settings.documentApiBackend` value and if using the Azure Blob Storage or the S3 storage, +configure the values under `settings.azureBlobStorage` and `settings.s3storage`. + +You can find more information about how to specify each value in the [Open Zaak documentation](https://open-zaak.readthedocs.io/en/1.27.0/installation/config/env_config.html#documenten-api). + +Note that for Azure Blob storage, your cluster needs to have the Blob storage CSI driver enabled. For S3 storage, your cluster needs to have the Amazon S3 CSI driver enabled. +You can find more information in the Open Zaak documentation for both the [Azure Blob Storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/azure_blob_storage.html) and the [S3 storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/s3_storage.html). + ## Values | Key | Type | Default | Description | @@ -202,6 +214,15 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `""` | | | settings.allowedHosts | string | `""` | | +| settings.azureBlobStorage.accountName | string | `""` | | +| settings.azureBlobStorage.apiStorageVersion | string | `""` | | +| settings.azureBlobStorage.clientId | string | `""` | | +| settings.azureBlobStorage.clientSecret | string | `""` | | +| settings.azureBlobStorage.connectionTimeout | int | `5` | | +| settings.azureBlobStorage.container | string | `"openzaak"` | | +| settings.azureBlobStorage.location | string | `"documenten"` | | +| settings.azureBlobStorage.tenantId | string | `""` | | +| settings.azureBlobStorage.urlExpirationTime | int | `60` | | | settings.cache.axes | string | `""` | | | settings.cache.default | string | `""` | | | settings.cache.portalLocker | string | `""` | | @@ -231,6 +252,7 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc | settings.debug | bool | `false` | | | settings.disable2fa | bool | `false` | Disable two factor authentication | | settings.djangoSettingsModule | string | `"openzaak.conf.docker"` | | +| settings.documentApiBackend | string | `"filesystem"` | Backend to use for the Documenten API. Supported values: filesystem | azure_blob_storage | s3_storage | | settings.elasticapm.serviceName | string | `""` | | | settings.elasticapm.token | string | `""` | | | settings.elasticapm.url | string | `""` | | @@ -240,12 +262,14 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc | settings.email.port | int | `25` | | | settings.email.useTLS | bool | `false` | | | settings.email.username | string | `""` | | +| settings.enableCloudEvents | bool | `false` | | | settings.environment | string | `""` | | | settings.flower.basicAuth | string | `""` | | | settings.flower.urlPrefix | string | `""` | | | settings.isHttps | bool | `true` | | | settings.jwtExpiry | int | `3600` | | | settings.notificationsDisabled | bool | `false` | | +| settings.notificationsSource | string | `"openzaak"` | | | settings.numProxies | int | `1` | use 2 if enabling ingress | | settings.otel.disabled | bool | `true` | If the OpenTelemetrySDK should be disabled. Opentelemtry is enabled by default, Set this values to 'true' to disable openTelemetry. | | settings.otel.exporterOtlpEndpoint | string | `""` | Network address where to send the metrics to. Examples are: https://otel.example.com:4318 or http://otel-collector.namespace.cluster.svc:4317. | @@ -255,6 +279,16 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc | settings.otel.metricExportInterval | int | `60000` | How often (in milliseconds) the metrics are exported. Exports run in a background thread. | | settings.otel.metricExportTimeout | int | `10000` | Timeout of the requests to the collector (in milliseconds) | | settings.otel.resourceAttributes | list | `[]` | Resource attributes can be used to specify additional information about the instance. These are collected by the Kubernetes attributes processor. | +| settings.s3storage.accessKeyId | string | `""` | | +| settings.s3storage.customDomain | string | `""` | | +| settings.s3storage.endpointUrl | string | `""` | | +| settings.s3storage.fileOverwrite | bool | `false` | | +| settings.s3storage.location | string | `"documenten/"` | | +| settings.s3storage.maxMemorySize | int | `0` | | +| settings.s3storage.querystringExpire | int | `60` | | +| settings.s3storage.regionName | string | `""` | | +| settings.s3storage.secretAccessKey | string | `""` | | +| settings.s3storage.storageBucketName | string | `"openzaak"` | | | settings.secretKey | string | `""` | Generate secret key at https://djecrety.ir/ | | settings.sentry.dsn | string | `""` | | | settings.siteDomain | string | `""` | Defines the primary domain where the application is hosted. Defaults to "" | diff --git a/charts/openzaak/README.md.gotmpl b/charts/openzaak/README.md.gotmpl index 60bb8a46..6ab65bef 100644 --- a/charts/openzaak/README.md.gotmpl +++ b/charts/openzaak/README.md.gotmpl @@ -48,4 +48,16 @@ configuration: The yaml data needed to configure the application should be provided in the value `configuration.data`. To see how to configure, see the Open Zaak [documentation](https://open-zaak.readthedocs.io/en/stable/installation/config/openzaak_config_cli.html). +## Documenten API backend + +Open Zaak supports using three different backends for the Documenten API: the file system, Azure Blob Storage and S3 storage. + +In order to configure the backend, use the `settings.documentApiBackend` value and if using the Azure Blob Storage or the S3 storage, +configure the values under `settings.azureBlobStorage` and `settings.s3storage`. + +You can find more information about how to specify each value in the [Open Zaak documentation](https://open-zaak.readthedocs.io/en/1.27.0/installation/config/env_config.html#documenten-api). + +Note that for Azure Blob storage, your cluster needs to have the Blob storage CSI driver enabled. For S3 storage, your cluster needs to have the Amazon S3 CSI driver enabled. +You can find more information in the Open Zaak documentation for both the [Azure Blob Storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/azure_blob_storage.html) and the [S3 storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/s3_storage.html). + {{ template "chart.valuesSection" . }} diff --git a/charts/openzaak/charts/redis-17.3.14.tgz b/charts/openzaak/charts/redis-17.3.14.tgz deleted file mode 100644 index 09954922..00000000 Binary files a/charts/openzaak/charts/redis-17.3.14.tgz and /dev/null differ diff --git a/charts/openzaak/templates/configmap.yaml b/charts/openzaak/templates/configmap.yaml index 5a0dbcc3..1097987f 100644 --- a/charts/openzaak/templates/configmap.yaml +++ b/charts/openzaak/templates/configmap.yaml @@ -142,3 +142,29 @@ data: OTEL_METRIC_EXPORT_INTERVAL: {{ .Values.settings.otel.metricExportInterval | toString | quote }} OTEL_METRIC_EXPORT_TIMEOUT: {{ .Values.settings.otel.metricExportTimeout | toString | quote }} {{- end }} + DOCUMENTEN_API_BACKEND: {{ .Values.settings.documentApiBackend | toString | quote }} + {{- if eq .Values.settings.documentApiBackend "azure_blob_storage" }} + AZURE_ACCOUNT_NAME: {{ .Values.settings.azureBlobStorage.accountName | toString | quote }} + AZURE_CLIENT_ID: {{ .Values.settings.azureBlobStorage.clientId | toString | quote }} + AZURE_TENANT_ID: {{ .Values.settings.azureBlobStorage.tenantId | toString | quote }} + AZURE_CONTAINER: {{ .Values.settings.azureBlobStorage.container | toString | quote }} + AZURE_LOCATION: {{ .Values.settings.azureBlobStorage.location | toString | quote }} + AZURE_CONNECTION_TIMEOUT_SECS: {{ int .Values.settings.azureBlobStorage.connectionTimeout | quote }} + AZURE_STORAGE_API_VERSION: {{ .Values.settings.azureBlobStorage.apiStorageVersion | toString | quote }} + AZURE_URL_EXPIRATION_SECS: {{ int .Values.settings.azureBlobStorage.urlExpirationTime | quote }} + {{- end }} + {{- if eq .Values.settings.documentApiBackend "s3_storage" }} + S3_ACCESS_KEY_ID: {{ .Values.settings.s3storage.accessKeyId | toString | quote }} + S3_STORAGE_BUCKET_NAME: {{ .Values.settings.s3storage.storageBucketName | toString | quote }} + S3_MAX_MEMORY_SIZE: {{ .Values.settings.s3storage.maxMemorySize | toString | quote }} + S3_QUERYSTRING_EXPIRE: {{ .Values.settings.s3storage.querystringExpire | toString | quote }} + S3_FILE_OVERWRITE: {{ if .Values.settings.s3storage.fileOverwrite }}"True"{{ else }}"False"{{ end }} + S3_LOCATION: {{ .Values.settings.s3storage.location | toString | quote }} + S3_REGION_NAME: {{ .Values.settings.s3storage.regionName | toString | quote }} + S3_ENDPOINT_URL: {{ .Values.settings.s3storage.endpointUrl | toString | quote }} + S3_CUSTOM_DOMAIN: {{ .Values.settings.s3storage.customDomain | toString | quote }} + {{- end }} + ENABLE_CLOUD_EVENTS: {{ if .Values.settings.enableCloudEvents }}"True"{{ else }}"False"{{ end }} + {{- if .Values.settings.notificationsSource }} + NOTIFICATIONS_SOURCE: {{ .Values.settings.notificationsSource | toString | quote }} + {{- end }} diff --git a/charts/openzaak/templates/secret.yaml b/charts/openzaak/templates/secret.yaml index c2529c05..501b7a54 100644 --- a/charts/openzaak/templates/secret.yaml +++ b/charts/openzaak/templates/secret.yaml @@ -19,18 +19,16 @@ stringData: {{- if .Values.settings.email.password }} EMAIL_HOST_PASSWORD: {{ .Values.settings.email.password | toString | quote }} {{- end }} - {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}} - {{ if .Values.configuration.notificatiesAuthorization.enabled }} - NOTIF_OPENZAAK_SECRET: {{ .Values.global.configuration.notificatiesOpenzaakSecret | default .Values.configuration.notificatiesAuthorization.notifcationOpenzaakSecret | toString | quote }} - {{- end }} - {{ if .Values.configuration.notificaties.enabled }} - OPENZAAK_NOTIF_SECRET: {{ .Values.global.configuration.openzaakNotificatiesSecret | default .Values.configuration.notificaties.openzaakNotificationSecret | toString | quote }} - {{- end }} - {{- end }} {{ if .Values.configuration.superuser.username }} DJANGO_SUPERUSER_PASSWORD: {{ .Values.configuration.superuser.password | toString | quote }} {{- end }} {{- if not .Values.settings.otel.disabled }} OTEL_EXPORTER_OTLP_HEADERS: "{{ range $index, $item := .Values.settings.otel.exporterOtlpHeaders }}{{ if $index }},{{ end }}{{ .key }}={{ .value }}{{ end }}" {{- end }} + {{- if eq .Values.settings.documentApiBackend "azure_blob_storage" }} + AZURE_CLIENT_SECRET: {{ .Values.settings.azureBlobStorage.clientSecret | toString | quote }} + {{- end }} + {{- if eq .Values.settings.documentApiBackend "s3_storage" }} + S3_SECRET_ACCESS_KEY: {{ .Values.settings.s3storage.secretAccessKey | toString | quote }} + {{- end }} {{- end }} diff --git a/charts/openzaak/values.yaml b/charts/openzaak/values.yaml index e20a2024..e0ab3e70 100644 --- a/charts/openzaak/values.yaml +++ b/charts/openzaak/values.yaml @@ -445,6 +445,34 @@ settings: # -- Timeout of the requests to the collector (in milliseconds) metricExportTimeout: 10000 + # -- Backend to use for the Documenten API. Supported values: filesystem | azure_blob_storage | s3_storage + documentApiBackend: filesystem + azureBlobStorage: + accountName: "" + clientSecret: "" + clientId: "" + tenantId: "" + container: "openzaak" + location: "documenten" + connectionTimeout: 5 + apiStorageVersion: "" + urlExpirationTime: 60 + s3storage: + accessKeyId: "" + secretAccessKey: "" + storageBucketName: "openzaak" + maxMemorySize: 0 + querystringExpire: 60 + fileOverwrite: false + location: "documenten/" + regionName: "" + endpointUrl: "" + customDomain: "" + + enableCloudEvents: false + notificationsSource: "openzaak" + + worker: replicaCount: 2 concurrency: 4