diff --git a/charts/openforms2bpel/Chart.lock b/charts/openforms2bpel/Chart.lock new file mode 100644 index 0000000..95f7659 --- /dev/null +++ b/charts/openforms2bpel/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: ff-common + repository: https://frankframework.github.io/charts/ + version: 0.1.24 +digest: sha256:afb8e8490d3986457eb76ec6b20dfc44cb83866895195548abe245c09b270b65 +generated: "2024-11-15T13:21:27.3957982+01:00" diff --git a/charts/openforms2bpel/Chart.yaml b/charts/openforms2bpel/Chart.yaml new file mode 100644 index 0000000..ff81829 --- /dev/null +++ b/charts/openforms2bpel/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: openforms2bpel +description: A Helm chart for running a Frank! on Kubernetes +version: 1.0.0 +appVersion: 1.0.1 +type: application +home: https://wearefrank.github.io/openforms2bpel +icon: https://raw.githubusercontent.com/wearefrank/charts/master/openforms2bpel/icon.svg + +dependencies: + - name: ff-common + version: ~0.1.23 + repository: https://frankframework.github.io/charts/ diff --git a/charts/openforms2bpel/README.md b/charts/openforms2bpel/README.md new file mode 100644 index 0000000..00fea1d --- /dev/null +++ b/charts/openforms2bpel/README.md @@ -0,0 +1,325 @@ +# 🔌Frank!Framework Template Chart + +This template Helm Chart can be copied as a start point for a new Frank!. + +This chart won't be published because it is not in the `charts` folder. + +## Usage + +[Helm](https://helm.sh) must be installed to use the charts. Please refer to +Helm's [documentation](https://helm.sh/docs) to get started. + +Once Helm has been set up correctly, add the repo as follows: + +```shell +helm repo add frankframework https://frankframework.github.io/charts +``` + +If you had already added this repo earlier, run `helm repo update` to retrieve +the latest versions of the packages. You can then run `helm search repo +frankframework` to see the charts. + +To install the ff-template chart: + +```shell +helm install my-ff-template frankframework/ff-template +``` + +To uninstall the chart: + +```shell +helm delete my-ff-template +``` + +## Parameters + +### Common parameters + +| Name | Description | Value | +| ------------------ | -------------------------------------------------------------------------------------------- | ----- | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | + +### Frank!Framework image parameters + +| Name | Description | Value | +| ------------------- | ---------------------------------------------------------- | ---------------- | +| `image.registry` | Frank!Framework image registry | `wearefrank` | +| `image.repository` | Frank!Framework image repository | `openforms2bpel` | +| `image.tag` | Frank!Framework image tag (immutable tags are recommended) | `""` | +| `image.pullPolicy` | Frank!Framework image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Frank!Framework image pull secrets | `[]` | + +### Frank! Configuration parameters + +| Name | Description | Value | +| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | ----------- | +| `frank.memory.percentage` | Set if the values for the memory are in percentages | `false` | +| `frank.memory.minimum` | Sets the initial size of the heap that will be used by the Frank!Framework | `1G` | +| `frank.memory.maximum` | Sets the maximum size of the heap that will be used by the Frank!Framework | `1G` | +| `frank.dtap.stage` | (Required) Set the `DTAP` stage. Options: `LOC`, `DEV`, `TST`, `ACC`, `PRD` | `""` | +| `frank.dtap.side` | Set the `DTAP` side of where the instance is running | `""` | +| `frank.credentials.secret` | Set the secret name of the existing secret | `""` | +| `frank.credentials.key` | Set the key inside the secret that contains the data (e.g. `credentials.properties`) | `""` | +| `frank.instance.name` | Set the name of the Frank! instance (default is the `fullname`) | `""` | +| `frank.configurations.names` | Set the configurations to load. Leave empty to use the default | `[]` | +| `frank.security.certificateStores` | Define certificate (key/trust) stores to mount in the resources folder of the Frank! | `[]` | +| `frank.security.certificateStores.secretName` | Name of the secret where the certificate store is located in | `""` | +| `frank.security.certificateStores.key` | The key in the secret where the certificate store is located in | `""` | +| `frank.security.certificateStores.resourceUrl` | The path to the certificate store in the Resource folder, the key will be used as default value | `undefined` | +| `frank.security.http.authentication` | Set http authentication for the Frank! | `false` | +| `frank.security.http.localUsers` | Set localUsers who can log in on the Frank! | `[]` | +| `frank.security.http.localUsers.username` | Set the username of the user | `""` | +| `frank.security.http.localUsers.password` | Set the password of the user | `""` | +| `frank.security.http.localUsers.roles` | Set the roles of the user. Options: `IbisTester`, `IbisDataAdmin`, `IbisAdmin`, `IbisWebService`, `IbisObserver` | `[]` | +| `frank.security.http.activeDirectory.enabled` | Enable Active Directory for authentication | `false` | +| `frank.security.http.activeDirectory.url` | Set url for Active Directory | `""` | +| `frank.security.http.activeDirectory.baseDn` | Set baseDn for Active Directory users | `""` | +| `frank.security.http.activeDirectory.roleMapping.tester` | Map the role for Tester | `""` | +| `frank.security.http.activeDirectory.roleMapping.dataAdmin` | Map the role for DataAdmin | `""` | +| `frank.security.http.activeDirectory.roleMapping.admin` | Map the role for Admin | `""` | +| `frank.security.http.activeDirectory.roleMapping.webService` | Map the role for WebService | `""` | +| `frank.security.http.activeDirectory.roleMapping.observer` | Map the role for Observer | `""` | +| `frank.server.transactionManager` | Set the transaction manager for Tomcat. Options: `NARAYANA`, `BTM`, `` | `""` | +| `frank.properties` | Set Yaml properties for configuring the Frank!Framework or configurations | `{}` | +| `frank.environmentVariables` | Set extra environment variables for the Frank! | `{}` | +| `frank.javaOpts` | Append custom options to the `JAVA_OPTS` environment variable for the Frank! | `""` | + +### Frank!Framework Connection parameters + +| Name | Description | Value | +| --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `connections.create` | Create a `context.xml` and possibly overwrite the existing one, to configure the connections/resources. | `true` | +| `connections.jdbc` | Set multiple database connections. One connection should have an empty name, so it'll get picked up by default (unless `jdbc.required=false` is set) | `[]` | +| `connections.jdbc.name` | Name of the connection (leave empty to use default: `jdbc/${.Values.instance.name}` in lowercase) | `""` | +| `connections.jdbc.type` | DBMS type. Options: `oracle`, `mssql`, `mysql`, `mariadb`, `postgresql`, `db2`, `mongodb` | `""` | +| `connections.jdbc.host` | Host of where the database can be reached (like in the same cluster e.g. `..svc.cluster.local`) | `""` | +| `connections.jdbc.post` | Port for the database (leave empty for default) | `""` | +| `connections.jdbc.database` | Name of the database to use (default is `.Values.instance.name`) | `""` | +| `connections.jdbc.username` | Username to connect to the database (or use string template for use with credentials e.g. `${database/username}`) | `""` | +| `connections.jdbc.password` | Password to connect to the database (or use string template for use with credentials e.g. `${database/password}`) | `""` | +| `connections.jdbc.ssl` | Set to `true` is the connection uses SSL, default is `false` | `""` | +| `connections.jms` | Set multiple message services | `[]` | +| `connections.jms.name` | Name of the connection (leave empty to use default: `jms/${.Values.instance.name}` in lowercase) | `""` | +| `connections.jms.type` | MQ type. Options: `artemis`, `activemq` | `""` | +| `connections.jms.host` | Host of where the MQ can be reached (like in the same cluster e.g. `..svc.cluster.local`) | `""` | +| `connections.jms.post` | Port for the MQ (leave empty for default) | `""` | + +### Frank!Framework deployment parameters + +The startup probe will enable blue-green deployment, which are great for uptime during upgrades and such. +It (and the liveness probe) will check if the console is accessible, until a better health endpoint is available. +The readiness probe will check if all adapters are running using the server health endpoint + +| Name | Description | Value | +| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | --------- | +| `replicaCount` | Number of Frank!Framework replicas to deploy | `1` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `40` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `12` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `0` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `12` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `probesEnabled` | Toggle probes. This should only be used if a Frank! needs to be kept while in a bad state (for debugging purposes) | `{}` | +| `probesEnabled.startupProbe` | Toggle startupProbe | `{}` | +| `probesEnabled.livenessProbe` | Toggle livenessProbe | `{}` | +| `probesEnabled.readinessProbe` | Toggle readinessProbe | `{}` | +| `resources` | Set the resources for the Frank!Framework containers | `{}` | +| `resources.limits` | The resources limits for the Frank!Framework containers | `""` | +| `resources.requests.memory` | The requested memory for the Frank!Framework containers | `""` | +| `resources.requests.cpu` | The requested cpu for the Frank!Framework containers | `""` | +| `terminationGracePeriodSeconds` | Number of seconds after which pods are forcefully killed | `60` | +| `terminationGracePeriodSeconds` | Note: Lower values may cause running adapters to fail | | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Set tolerations for pod assignment | `[]` | +| `affinity` | Set affinity for pod assignment | `{}` | +| `timeZone` | used for database connection and log timestamps | `Etc/UTC` | + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.type` | Frank!Framework service type | `ClusterIP` | +| `service.port` | Frank!Framework service port | `80` | +| `ingress.enabled` | Enable ingress record generation for Frank! | `false` | +| `ingress.className` | IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.hosts` | Set hosts for ingress | `[]` | +| `ingress.hosts.host` | Set hostname | `""` | +| `ingress.hosts.paths` | Set multiple paths | `[]` | +| `ingress.hosts.paths.path` | Set path (context url) | `""` | +| `ingress.hosts.paths.pathType` | Set type of path | `""` | +| `ingress.tls` | Define tls secrets for hosts (implementation not done yet) | `[]` | + +### Other Parameters + +| Name | Description | Value | +| ---------------------------- | --------------------------------------------------------- | ------ | +| `serviceAccount.create` | Enable creation of ServiceAccount for Frank!Framework pod | `true` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `podAnnotations` | Annotations for Frank!Framework pods | `{}` | +| `podLabels` | Extra labels for Frank!Framework pods | `{}` | +| `podSecurityContext` | Set Frank!Framework pod's Security Context | `{}` | +| `securityContext` | Set Frank!Framework container's Security Context | `{}` | + +### Persistence + +Persistence is used for keeping heap dumps. They can be found at `/heap-dumps` with persistence enabled. +Otherwise, they can be found at `/usr/local/tomcat/logs` + +| Name | Description | Value | +| --------------------------- | ---------------------------------------------------------------------------------- | ------- | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `false` | +| `persistence.storageClass` | Persistent Volume storage class | `""` | +| `persistence.accessModes` | Persistent Volume access modes | `[]` | +| `persistence.size` | Persistent Volume size | `5Gi` | +| `persistence.dataSource` | Custom PVC data source | `{}` | +| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | +| `persistence.selector` | Selector to match an existing Persistent Volume for the Frank!Framework's data PVC | `{}` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | + +### openforms2bpel + + +### Connections + +| Name | Description | Value | +| ------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------- | ------- | +| `openforms2bpel.connections.bpelBasicService.endpoint` | Endpoint at which this service binding is served. | `""` | +| `openforms2bpel.connections.bpelBasicService.verifyHostname` | Should the hostname in the certificate be checked against the actual hostname of the service. | `true` | +| `openforms2bpel.connections.bpelBasicService.allowSelfSignedCerts` | Should self-signed certificates be accepted. | `false` | +| `openforms2bpel.connections.bpelBasicService.ignoreExpiredCerts` | Should certificate expiration error be ignored. | `false` | +| `openforms2bpel.connections.bpelBasicService.authAlias` | Reference to an auth alias to be used as credentials for this service. | `""` | +| `openforms2bpel.connections.bpelBasicService.timeout` | Time in ms to wait till the service call yields a result. | `60000` | +| `openforms2bpel.connections.bpelDocumentsService.endpoint` | Endpoint at which this service binding is served. | `""` | +| `openforms2bpel.connections.bpelDocumentsService.verifyHostname` | Should the hostname in the certificate be checked against the actual hostname of the service. | `true` | +| `openforms2bpel.connections.bpelDocumentsService.allowSelfSignedCerts` | Should self-signed certificates be accepted. | `false` | +| `openforms2bpel.connections.bpelDocumentsService.ignoreExpiredCerts` | Should certificate expiration error be ignored. | `false` | +| `openforms2bpel.connections.bpelDocumentsService.timeout` | Time in ms to wait till the service call yields a result. | `60000` | +| `openforms2bpel.connections.bpelCasesService.endpoint` | Endpoint at which this service binding is served. | `""` | +| `openforms2bpel.connections.bpelCasesService.verifyHostname` | Should the hostname in the certificate be checked against the actual hostname of the service. | `true` | +| `openforms2bpel.connections.bpelCasesService.allowSelfSignedCerts` | Should self-signed certificates be accepted. | `false` | +| `openforms2bpel.connections.bpelCasesService.ignoreExpiredCerts` | Should certificate expiration error be ignored. | `false` | +| `openforms2bpel.connections.bpelCasesService.timeout` | Time in ms to wait till the service call yields a result. | `60000` | +| `openforms2bpel.connections.bpelMtomService.endpoint` | Endpoint at which this service binding is served. | `""` | +| `openforms2bpel.connections.bpelMtomService.verifyHostname` | Should the hostname in the certificate be checked against the actual hostname of the service. | `true` | +| `openforms2bpel.connections.bpelMtomService.allowSelfSignedCerts` | Should self-signed certificates be accepted. | `false` | +| `openforms2bpel.connections.bpelMtomService.ignoreExpiredCerts` | Should certificate expiration error be ignored. | `false` | +| `openforms2bpel.connections.bpelMtomService.timeout` | Time in ms to wait till the service call yields a result. | `60000` | +| `openforms2bpel.connections.bpelBasicStatusUpdateService.endpoint` | Endpoint at which this service binding is served. | `""` | +| `openforms2bpel.connections.bpelBasicStatusUpdateService.verifyHostname` | Should the hostname in the certificate be checked against the actual hostname of the service. | `true` | +| `openforms2bpel.connections.bpelBasicStatusUpdateService.allowSelfSignedCerts` | Should self-signed certificates be accepted. | `false` | +| `openforms2bpel.connections.bpelBasicStatusUpdateService.ignoreExpiredCerts` | Should certificate expiration error be ignored. | `false` | +| `openforms2bpel.connections.bpelBasicStatusUpdateService.timeout` | Time in ms to wait till the service call yields a result. | `60000` | +| `openforms2bpel.connections.bpelPaymentService.endpoint` | Endpoint at which this service binding is served. | `""` | +| `openforms2bpel.connections.bpelPaymentService.verifyHostname` | Should the hostname in the certificate be checked against the actual hostname of the service. | `true` | +| `openforms2bpel.connections.bpelPaymentService.allowSelfSignedCerts` | Should self-signed certificates be accepted. | `false` | +| `openforms2bpel.connections.bpelPaymentService.ignoreExpiredCerts` | Should certificate expiration error be ignored. | `false` | +| `openforms2bpel.connections.bpelPaymentService.timeout` | Time in ms to wait till the service call yields a result. | `60000` | +| `openforms2bpel.connections.bpelGegMagService.endpoint` | Endpoint at which this service binding is served. | `""` | +| `openforms2bpel.connections.bpelGegMagService.verifyHostname` | Should the hostname in the certificate be checked against the actual hostname of the service. | `true` | +| `openforms2bpel.connections.bpelGegMagService.allowSelfSignedCerts` | Should self-signed certificates be accepted. | `false` | +| `openforms2bpel.connections.bpelGegMagService.ignoreExpiredCerts` | Should certificate expiration error be ignored. | `false` | +| `openforms2bpel.connections.bpelGegMagService.timeout` | Time in ms to wait till the service call yields a result. | `60000` | +| `openforms2bpel.connections.notificatiesApi.rootUrl` | Root url of the 'Notificaties API' that is used to subscribe at. | `""` | +| `openforms2bpel.connections.notificatiesApi.authType` | Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header. | `""` | +| `openforms2bpel.connections.notificatiesApi.authAlias` | Reference to an auth alias to be used as credentials for this api. | `""` | +| `openforms2bpel.connections.notificatiesApi.timeout` | Time in ms to wait till the api call yields a result. | `60000` | +| `openforms2bpel.connections.notificatiesApi.subscription.callback` | Fully qualified url to the notification callback of openforms2bpel. | `""` | +| `openforms2bpel.connections.notificatiesApi.subscription.authAlias` | Reference to an auth alias to be used as authorization key for calling the callback endpoint. | `""` | +| `openforms2bpel.connections.notificatiesApi.subscription.filters.objectType` | Url of the objecttype to filter the notifications on. | `""` | +| `openforms2bpel.connections.documentenApi.authType` | Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header. | `""` | +| `openforms2bpel.connections.documentenApi.authAlias` | Reference to an auth alias to be used as credentials for this api. | `""` | +| `openforms2bpel.connections.documentenApi.timeout` | Time in ms to wait till the api call yields a result. | `60000` | +| `openforms2bpel.connections.objectsApi.authType` | Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header. | `""` | +| `openforms2bpel.connections.objectsApi.authAlias` | Reference to an auth alias to be used as credentials for this api. | `""` | +| `openforms2bpel.connections.objectsApi.timeout` | Timeout used in 'Objects API' calls. | `60000` | +| `openforms2bpel.connections.noReplySmtp.enabled` | Enable connecting to the configured SMTP server/replay. | `false` | +| `openforms2bpel.connections.noReplySmtp.host` | Host of the SMTP server/relay. | `""` | +| `openforms2bpel.connections.noReplySmtp.port` | Port of the SMTP server/relay. | `587` | +| `openforms2bpel.connections.noReplySmtp.useSsl` | Connect securely to the SMTP server/relay with SSL. | `true` | +| `openforms2bpel.connections.noReplySmtp.authAlias` | Reference to an auth alias to be used as credentials for authorizing with the SMTP server/relay. | `""` | +| `openforms2bpel.connections.noReplySmtp.timeout` | Timeout used when sending emails. | `60000` | +| `openforms2bpel.connections.noReplySmtp.defaultFromName` | The default no-reply sender's name that is shown with the no-reply sender's e-mail address. | `""` | +| `openforms2bpel.connections.noReplySmtp.defaultFromAddress` | The default no-reply sender's e-mail address that used when sending e-mails. | `""` | +| `openforms2bpel.connections.noReplySmtp.signatureFromName` | The no-reply sender's name used in the signature of the e-mail body. | `""` | + +### Mail Templates + +| Name | Description | Value | +| ---------------------------------------------------- | ------------------------------------------------------------------------------------------ | ----- | +| `openforms2bpel.mailTemplates.existingConfigMap` | The name of the configmap containing the mail templates. | `""` | +| `openforms2bpel.mailTemplates.templates` | Mail templates that can be referenced by name on a variety of functional error scenario's. | `[]` | +| `openforms2bpel.mailTemplates.templates.name` | Name of the mail template that can be referenced. | `""` | +| `openforms2bpel.mailTemplates.templates.subject` | Mail subject text. | `""` | +| `openforms2bpel.mailTemplates.templates.messageType` | ContentType of the message. Options: 'text/plain', 'text/html'. | `""` | +| `openforms2bpel.mailTemplates.templates.message` | Mail message body. A limit degree of variable substitution is available. | `""` | + +### Formdata + +| Name | Description | Value | +| --------------------------------------------- | -------------------------------------------------------------- | ----- | +| `openforms2bpel.formdata.existingConfigMap` | The name of the configmap containing the formdata stylesheets. | `""` | +| `openforms2bpel.formdata.collectorStylesheet` | Multi-line value for FormDataCollector_ObjectsApi_Custom.xslt. | `""` | +| `openforms2bpel.formdata.transformStylesheet` | Multi-line value for FormDataTransform_Custom.xslt. | `""` | + +### Workflows + +| Name | Description | Value | +| ------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------- | ------- | +| `openforms2bpel.workflows.autoRetries.enabled` | Enable automatic retries. For all workflows(unless overriden). | `true` | +| `openforms2bpel.workflows.autoRetries.cronExpression` | Cron expression used for retry interval/schedule. For all workflows(unless overriden). | `""` | +| `openforms2bpel.workflows.autoRetries.maxRetries` | Maximum amount an errorstore item is retried. For all workflows(unless overriden). | `5` | +| `openforms2bpel.workflows.autoRetries.workflowSelector.enabled` | Enable automatic retries. Override for this specific workflow. | `true` | +| `openforms2bpel.workflows.autoRetries.workflowSelector.cronExpression` | Cron expression used for retry interval/schedule. Override for this specific workflow. | `""` | +| `openforms2bpel.workflows.autoRetries.workflowSelector.maxRetries` | Maximum amount an errorstore item is retried. Override for this specific workflow. | `5` | +| `openforms2bpel.workflows.autoRetries.addDocumentsToCase.enabled` | Enable automatic retries. Override for this specific workflow. | `true` | +| `openforms2bpel.workflows.autoRetries.addDocumentsToCase.cronExpression` | Cron expression used for retry interval/schedule. Override for this specific workflow. | `""` | +| `openforms2bpel.workflows.autoRetries.addDocumentsToCase.maxRetries` | Maximum amount an errorstore item is retried. Override for this specific workflow. | `5` | +| `openforms2bpel.workflows.autoRetries.updatePaymentCommand.enabled` | Enable automatic retries. Override for this specific workflow. | `true` | +| `openforms2bpel.workflows.autoRetries.updatePaymentCommand.cronExpression` | Cron expression used for retry interval/schedule. Override for this specific workflow. | `""` | +| `openforms2bpel.workflows.autoRetries.updatePaymentCommand.maxRetries` | Maximum amount an errorstore item is retried. Override for this specific workflow. | `5` | +| `openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.enabled` | Enable automatic retries. Override for this specific workflow. | `true` | +| `openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.cronExpression` | Cron expression used for retry interval/schedule. Override for this specific workflow. | `""` | +| `openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.maxRetries` | Maximum amount an errorstore item is retried. Override for this specific workflow. | `5` | +| `openforms2bpel.workflows.scheduledStartReceiver.workflowSelector.enabled` | Enable scheduled start the receiver of this specific workflow. | `false` | +| `openforms2bpel.workflows.scheduledStartReceiver.workflowSelector.cronExpression` | Cron expression used to schedule starting the receiver of this specific workflow. | `""` | +| `openforms2bpel.workflows.scheduledStopReceiver.workflowSelector.enabled` | Enable scheduled stop the receiver of this specific workflow. | `false` | +| `openforms2bpel.workflows.scheduledStopReceiver.workflowSelector.cronExpression` | Cron expression used to schedule stopping the receiver of this specific workflow. | `""` | +| `openforms2bpel.workflows.onErrorActions.onCaseNotFound.sendMail` | Enable sending a mail to the form initiator when this specific error occurs. | `false` | +| `openforms2bpel.workflows.onErrorActions.onCaseNotFound.templateName` | Name of the mail template to be used when this specific error occurs. | `""` | +| `openforms2bpel.workflows.onErrorActions.onSubjectNotEqualsCaseSubject.sendMail` | Enable sending a mail to the form initiator when this specific error occurs. | `false` | +| `openforms2bpel.workflows.onErrorActions.onSubjectNotEqualsCaseSubject.templateName` | Name of the mail template to be used when this specific error occurs. | `""` | +| `openforms2bpel.workflows.onErrorActions.onCaseClosed.sendMail` | Enable sending a mail to the form initiator when this specific error occurs. | `false` | +| `openforms2bpel.workflows.onErrorActions.onCaseClosed.templateName` | Name of the mail template to be used when this specific error occurs. | `""` | + +## Configuration and installation details + +### DTAP Stage + +The Frank!Framework will start with different settings enabled, depending on what DTAP stage is configured. + +For more information about DTAP stages read: https://frank-manual.readthedocs.io/en/latest/deploying/dtapAndProperties.html + +## Notable changes + +### 0.1.5 + +The `.Values.frank.memory` notation has been changed. It is now possible to define a minimum and a maximum, and to set percentages. + +### 0.1.4 + +The `.Values.frank.dtap.stage` and `.Values.frank.dtap.side` are now empty by default. + +* `.Values.frank.dtap.stage` is now required and should be set to the right stage. Read more in the [Installation details](#dtap-stage) +* `.Values.frank.dtap.side` will default to the release namespace deployed in. diff --git a/charts/openforms2bpel/icon.svg b/charts/openforms2bpel/icon.svg new file mode 100644 index 0000000..8888c37 --- /dev/null +++ b/charts/openforms2bpel/icon.svg @@ -0,0 +1,5 @@ + + + + + diff --git a/charts/openforms2bpel/templates/NOTES.txt b/charts/openforms2bpel/templates/NOTES.txt new file mode 100644 index 0000000..c08f4b4 --- /dev/null +++ b/charts/openforms2bpel/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ff-common.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ff-common.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ff-common.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ff-common.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/charts/openforms2bpel/templates/configmap.openforms2bpel.env.yaml b/charts/openforms2bpel/templates/configmap.openforms2bpel.env.yaml new file mode 100644 index 0000000..1af5e2f --- /dev/null +++ b/charts/openforms2bpel/templates/configmap.openforms2bpel.env.yaml @@ -0,0 +1,4 @@ +{{- template "ff-common.configmap.env" (list . "openforms2bpel.configmap.env") -}} +{{- define "openforms2bpel.configmap.env" -}} +data: +{{- end -}} \ No newline at end of file diff --git a/charts/openforms2bpel/templates/configmap.openforms2bpel.formdata.yaml b/charts/openforms2bpel/templates/configmap.openforms2bpel.formdata.yaml new file mode 100644 index 0000000..0bf32f0 --- /dev/null +++ b/charts/openforms2bpel/templates/configmap.openforms2bpel.formdata.yaml @@ -0,0 +1,20 @@ +{{/* +ConfigMap for generating MailTemplates.xml +*/}} +{{- if (not .Values.openforms2bpel.formdata.existingConfigMap) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "ff-common.fullname" . }}-formdata + labels: + {{- include "ff-common.labels" . | nindent 4 }} +data: + {{- with .Values.openforms2bpel.formdata.collectorStylesheet }} + FormDataCollector_ObjectsApi_Custom.xslt: |- + {{- toString . | nindent 4 }} + {{- end }} + {{- with .Values.openforms2bpel.formdata.transformStylesheet }} + FormDataTransform_Custom.xslt: |- + {{- toString . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/openforms2bpel/templates/configmap.openforms2bpel.mailtemplates.yaml b/charts/openforms2bpel/templates/configmap.openforms2bpel.mailtemplates.yaml new file mode 100644 index 0000000..9807889 --- /dev/null +++ b/charts/openforms2bpel/templates/configmap.openforms2bpel.mailtemplates.yaml @@ -0,0 +1,28 @@ +{{/* +ConfigMap for generating MailTemplates.xml +*/}} +{{- if (not .Values.openforms2bpel.mailTemplates.existingConfigMap) -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "ff-common.fullname" . }}-mailtemplates + labels: + {{- include "ff-common.labels" . | nindent 4 }} +data: + MailTemplates.xml: |- + + + {{- range .Values.openforms2bpel.mailTemplates.templates }} + + {{ .name }} + {{ .subject }} + {{ .messageType | default "text/html" }} + + + + + {{- end }} + +{{- end -}} diff --git a/charts/openforms2bpel/templates/configmap.openforms2bpel.specifics.yaml b/charts/openforms2bpel/templates/configmap.openforms2bpel.specifics.yaml new file mode 100644 index 0000000..3df1d3f --- /dev/null +++ b/charts/openforms2bpel/templates/configmap.openforms2bpel.specifics.yaml @@ -0,0 +1,152 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "ff-common.fullname" . }}-specifics + labels: + {{- include "ff-common.labels" . | nindent 4 }} +data: + {{- with .Values.openforms2bpel.connections }} + {{- with .bpelBasicService }} + openforms2bpel.connections.bpelBasicService.endpoint: "{{ .endpoint }}" + openforms2bpel.connections.bpelBasicService.verifyHostname: "{{ .verifyHostname }}" + openforms2bpel.connections.bpelBasicService.allowSelfSignedCerts: "{{ .allowSelfSignedCerts }}" + openforms2bpel.connections.bpelBasicService.ignoreExpiredCerts: "{{ .ignoreExpiredCerts }}" + openforms2bpel.connections.bpelBasicService.authAlias: "{{ .authAlias }}" + openforms2bpel.connections.bpelBasicService.timeout: "{{ .timeout }}" + {{- end }} + {{- with .bpelDocumentsService }} + openforms2bpel.connections.bpelDocumentsService.endpoint: "{{ .endpoint }}" + openforms2bpel.connections.bpelDocumentsService.verifyHostname: "{{ .verifyHostname }}" + openforms2bpel.connections.bpelDocumentsService.allowSelfSignedCerts: "{{ .allowSelfSignedCerts }}" + openforms2bpel.connections.bpelDocumentsService.ignoreExpiredCerts: "{{ .ignoreExpiredCerts }}" + openforms2bpel.connections.bpelDocumentsService.timeout: "{{ .timeout }}" + {{- end }} + {{- with .bpelCasesService }} + openforms2bpel.connections.bpelCasesService.endpoint: "{{ .endpoint }}" + openforms2bpel.connections.bpelCasesService.verifyHostname: "{{ .verifyHostname }}" + openforms2bpel.connections.bpelCasesService.allowSelfSignedCerts: "{{ .allowSelfSignedCerts }}" + openforms2bpel.connections.bpelCasesService.ignoreExpiredCerts: "{{ .ignoreExpiredCerts }}" + openforms2bpel.connections.bpelCasesService.timeout: "{{ .timeout }}" + {{- end }} + {{- with .bpelMtomService }} + openforms2bpel.connections.bpelMtomService.endpoint: "{{ .endpoint }}" + openforms2bpel.connections.bpelMtomService.verifyHostname: "{{ .verifyHostname }}" + openforms2bpel.connections.bpelMtomService.allowSelfSignedCerts: "{{ .allowSelfSignedCerts }}" + openforms2bpel.connections.bpelMtomService.ignoreExpiredCerts: "{{ .ignoreExpiredCerts }}" + openforms2bpel.connections.bpelMtomService.timeout: "{{ .timeout }}" + {{- end }} + {{- with .bpelBasicStatusUpdateService }} + openforms2bpel.connections.bpelBasicStatusUpdateService.endpoint: "{{ .endpoint }}" + openforms2bpel.connections.bpelBasicStatusUpdateService.verifyHostname: "{{ .verifyHostname }}" + openforms2bpel.connections.bpelBasicStatusUpdateService.allowSelfSignedCerts: "{{ .allowSelfSignedCerts }}" + openforms2bpel.connections.bpelBasicStatusUpdateService.ignoreExpiredCerts: "{{ .ignoreExpiredCerts }}" + openforms2bpel.connections.bpelBasicStatusUpdateService.timeout: "{{ .timeout }}" + {{- end }} + {{- with .bpelPaymentService }} + openforms2bpel.connections.bpelPaymentService.endpoint: "{{ .endpoint }}" + openforms2bpel.connections.bpelPaymentService.verifyHostname: "{{ .verifyHostname }}" + openforms2bpel.connections.bpelPaymentService.allowSelfSignedCerts: "{{ .allowSelfSignedCerts }}" + openforms2bpel.connections.bpelPaymentService.ignoreExpiredCerts: "{{ .ignoreExpiredCerts }}" + openforms2bpel.connections.bpelPaymentService.timeout: "{{ .timeout }}" + {{- end }} + {{- with .bpelGegMagService }} + openforms2bpel.connections.bpelGegMagService.endpoint: "{{ .endpoint }}" + openforms2bpel.connections.bpelGegMagService.verifyHostname: "{{ .verifyHostname }}" + openforms2bpel.connections.bpelGegMagService.allowSelfSignedCerts: "{{ .allowSelfSignedCerts }}" + openforms2bpel.connections.bpelGegMagService.ignoreExpiredCerts: "{{ .ignoreExpiredCerts }}" + openforms2bpel.connections.bpelGegMagService.timeout: "{{ .timeout }}" + {{- end }} + {{- with .notificatiesApi }} + openforms2bpel.connections.notificatiesApi.rootUrl: "{{ .rootUrl }}" + openforms2bpel.connections.notificatiesApi.authType: "{{ .authType }}" + openforms2bpel.connections.notificatiesApi.authAlias: "{{ .authAlias }}" + openforms2bpel.connections.notificatiesApi.timeout: "{{ .timeout }}" + {{- with .subscription }} + openforms2bpel.connections.notificatiesApi.subscription.callback: "{{ .callback }}" + openforms2bpel.connections.notificatiesApi.subscription.authAlias: "{{ .authAlias }}" + {{- with .filters }} + openforms2bpel.connections.notificatiesApi.subscription.filters.objectType: "{{ .objectType }}" + {{- end }} + {{- end }} + {{- end }} + {{- with .documentenApi }} + openforms2bpel.connections.documentenApi.authType: "{{ .authType }}" + openforms2bpel.connections.documentenApi.authAlias: "{{ .authAlias }}" + openforms2bpel.connections.documentenApi.timeout: "{{ .timeout }}" + {{- end }} + {{- with .objectsApi }} + openforms2bpel.connections.objectsApi.authType: "{{ .authType }}" + openforms2bpel.connections.objectsApi.authAlias: "{{ .authAlias }}" + openforms2bpel.connections.objectsApi.timeout: "{{ .timeout }}" + {{- end }} + {{- with .noReplySmtp }} + openforms2bpel.connections.noReplySmtp.enabled: "{{ .enabled }}" + openforms2bpel.connections.noReplySmtp.host: "{{ .host }}" + openforms2bpel.connections.noReplySmtp.port: "{{ .port }}" + openforms2bpel.connections.noReplySmtp.useSsl: "{{ .useSsl }}" + openforms2bpel.connections.noReplySmtp.authAlias: "{{ .authAlias }}" + openforms2bpel.connections.noReplySmtp.timeout: "{{ .timeout }}" + openforms2bpel.connections.noReplySmtp.defaultFromName: "{{ .defaultFromName }}" + openforms2bpel.connections.noReplySmtp.defaultFromAddress: "{{ .defaultFromAddress }}" + openforms2bpel.connections.noReplySmtp.signatureFromName: "{{ .signatureFromName | default .defaultFromName }}" + {{- end }} + {{- end }} + {{- with .Values.openforms2bpel.formdata }} + {{- if or .collectorStylesheet .existingConfigMap }} + openforms2bpel.formdata.collectorStylesheetFile: "FormDataCollector_ObjectsApi_Custom.xslt" + {{- else }} + openforms2bpel.formdata.collectorStylesheetFile: "FormDataCollector_ObjectsApi_Default.xslt" + {{- end }} + {{- if or .transformStylesheet .existingConfigMap }} + openforms2bpel.formdata.transformStylesheetFile: "FormDataTransform_Custom.xslt" + {{- else }} + openforms2bpel.formdata.transformStylesheetFile: "FormDataTransform_Default.xslt" + {{- end }} + {{- end }} + {{- with .Values.openforms2bpel.workflows }} + {{- with .autoRetries }} + openforms2bpel.workflows.autoRetries.enabled: "{{ .enabled }}" + openforms2bpel.workflows.autoRetries.cronExpression: "{{ .cronExpression }}" + openforms2bpel.workflows.autoRetries.maxRetries: "{{ .maxRetries }}" + {{- with .workflowSelector }} + openforms2bpel.workflows.autoRetries.workflowSelector.enabled: "{{ .enabled | default "${openforms2bpel.workflows.autoRetries.enabled}" }}" + openforms2bpel.workflows.autoRetries.workflowSelector.cronExpression: "{{ .cronExpression | default "${openforms2bpel.workflows.autoRetries.cronExpression}" }}" + openforms2bpel.workflows.autoRetries.workflowSelector.maxRetries: "{{ .maxRetries | default "${openforms2bpel.workflows.autoRetries.maxRetries}" }}" + {{- end }} + {{- with .addDocumentsToCase }} + openforms2bpel.workflows.autoRetries.addDocumentsToCase.enabled: "{{ .enabled | default "${openforms2bpel.workflows.autoRetries.enabled}" }}" + openforms2bpel.workflows.autoRetries.addDocumentsToCase.cronExpression: "{{ .cronExpression | default "${openforms2bpel.workflows.autoRetries.cronExpression}" }}" + openforms2bpel.workflows.autoRetries.addDocumentsToCase.maxRetries: "{{ .maxRetries | default "${openforms2bpel.workflows.autoRetries.maxRetries}" }}" + {{- end }} + {{- with .updatePaymentCommand }} + openforms2bpel.workflows.autoRetries.updatePaymentCommand.enabled: "{{ .enabled | default "${openforms2bpel.workflows.autoRetries.enabled}" }}" + openforms2bpel.workflows.autoRetries.updatePaymentCommand.cronExpression: "{{ .cronExpression | default "${openforms2bpel.workflows.autoRetries.cronExpression}" }}" + openforms2bpel.workflows.autoRetries.updatePaymentCommand.maxRetries: "{{ .maxRetries | default "${openforms2bpel.workflows.autoRetries.maxRetries}" }}" + {{- end }} + {{- with .sendNoReplyUserEmail }} + openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.enabled: "{{ .enabled | default "${openforms2bpel.workflows.autoRetries.enabled}" }}" + openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.cronExpression: "{{ .cronExpression | default "${openforms2bpel.workflows.autoRetries.cronExpression}" }}" + openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.maxRetries: "{{ .maxRetries | default "${openforms2bpel.workflows.autoRetries.maxRetries}" }}" + {{- end }} + {{- end }} + {{- with .scheduledStartReceiver }} + openforms2bpel.workflows.scheduledStartReceiver.workflowSelector.enabled: "{{ .enabled }}" + openforms2bpel.workflows.scheduledStartReceiver.workflowSelector.cronExpression: "{{ .cronExpression }}" + {{- end }} + {{- with .scheduledStopReceiver }} + openforms2bpel.workflows.scheduledStopReceiver.workflowSelector.enabled: "{{ .enabled }}" + openforms2bpel.workflows.scheduledStopReceiver.workflowSelector.cronExpression: "{{ .cronExpression }}" + {{- end }} + {{- with .onErrorActions.onCaseNotFound }} + openforms2bpel.workflows.onErrorActions.onCaseNotFound.sendMail: "{{ .sendMail }}" + openforms2bpel.workflows.onErrorActions.onCaseNotFound.templateName: "{{ .templateName }}" + {{- end }} + {{- with .onErrorActions.onSubjectNotEqualsCaseSubject }} + openforms2bpel.workflows.onErrorActions.onSubjectNotEqualsCaseSubject.sendMail: "{{ .sendMail }}" + openforms2bpel.workflows.onErrorActions.onSubjectNotEqualsCaseSubject.templateName: "{{ .templateName }}" + {{- end }} + {{- with .onErrorActions.onCaseClosed }} + openforms2bpel.workflows.onErrorActions.onCaseClosed.sendMail: "{{ .sendMail }}" + openforms2bpel.workflows.onErrorActions.onCaseClosed.templateName: "{{ .templateName }}" + {{- end }} + {{- end }} diff --git a/charts/openforms2bpel/templates/deployment.yaml b/charts/openforms2bpel/templates/deployment.yaml new file mode 100644 index 0000000..e3b8884 --- /dev/null +++ b/charts/openforms2bpel/templates/deployment.yaml @@ -0,0 +1,140 @@ +{{- template "ff-common.deployment" (list . "openforms2bpel.deployment") -}} +{{- define "openforms2bpel.deployment" -}} +spec: + template: + metadata: + annotations: + checksum/configmap.env: {{ include (print $.Template.BasePath "/configmap.openforms2bpel.env.yaml") . | sha256sum }} + checksum/configmap.specifics: {{ include (print $.Template.BasePath "/configmap.openforms2bpel.specifics.yaml") . | sha256sum }} + checksum/configmap.mailtemplates: {{ include (print $.Template.BasePath "/configmap.openforms2bpel.mailtemplates.yaml") . | sha256sum }} + checksum/configmap.formdata: {{ include (print $.Template.BasePath "/configmap.openforms2bpel.formdata.yaml") . | sha256sum }} + spec: + containers: + - + {{ include "ff-common.container" (list . "openforms2bpel.deployment.container") | nindent 10}} + volumes: + {{- if .Values.securityContext.readOnlyRootFilesystem }} + - name: tmpfs + emptyDir: { } + {{- end }} + {{- if .Values.application.credentials.secret }} + - name: {{ template "ff-common.fullname" . }}-credentials + secret: + secretName: {{ .Values.application.credentials.secret }} + {{- end }} + {{- if .Values.application.security.http.localUsers }} + - name: {{ template "ff-common.fullname" . }}-tomcat-users + configMap: + name: {{ template "ff-common.fullname" . }}-tomcat-users + {{- end }} + {{- if .Values.connections.create }} + - name: {{ template "ff-common.fullname" . }}-context + configMap: + name: {{ template "ff-common.fullname" . }}-context + {{- end }} + {{- if .Values.application.security.http.activeDirectory.enabled }} + - name: {{ template "ff-common.fullname" . }}-ldap-role-mapping + configMap: + name: {{ template "ff-common.fullname" . }}-ldap-role-mapping + {{- end }} + {{- if .Values.persistence.enabled }} + - name: {{ template "ff-common.fullname" . }}-data + persistentVolumeClaim: + claimName: {{ template "ff-common.fullname" . }}-data + {{- end }} + {{- range $i, $e := .Values.application.security.certificateStores }} + - name: {{ template "ff-common.fullname" $ }}-certificate-store-{{ $i }} + secret: + secretName: {{ $e.secretName }} + items: + - key: {{ $e.key }} + path: {{ $e.key }} + defaultMode: 0664 + {{- end }} + {{- if .Values.openforms2bpel.mailTemplates }} + - name: {{ template "ff-common.fullname" . }}-mailtemplates + configMap: + {{- if .Values.openforms2bpel.mailTemplates.existingConfigMap }} + name: {{ .Values.openforms2bpel.mailTemplates.existingConfigMap }} + {{- else }} + name: {{ template "ff-common.fullname" . }}-mailtemplates + {{- end }} + {{- end -}} + {{- if .Values.openforms2bpel.formdata }} + - name: {{ template "ff-common.fullname" . }}-formdata + configMap: + {{- if .Values.openforms2bpel.formdata.existingConfigMap }} + name: {{ .Values.openforms2bpel.formdata.existingConfigMap }} + {{- else }} + name: {{ template "ff-common.fullname" . }}-formdata + {{- end }} + {{- end -}} +{{- end -}} +{{- define "openforms2bpel.deployment.container" -}} +envFrom: + - configMapRef: + name: {{ template "ff-common.fullname" . }}-env + - configMapRef: + name: {{ template "ff-common.fullname" . }}-specifics +volumeMounts: + {{- if .Values.securityContext.readOnlyRootFilesystem }} + - mountPath: /usr/local/tomcat/logs + name: tmpfs + - mountPath: /usr/local/tomcat/conf/Catalina + name: tmpfs + - mountPath: /usr/local/tomcat/work/Catalina/localhost + name: tmpfs + - mountPath: /usr/local/tomcat/temp + name: tmpfs + {{- end }} + {{- if .Values.application.security.http.localUsers }} + - name: {{ template "ff-common.fullname" . }}-tomcat-users + mountPath: /usr/local/tomcat/conf/tomcat-users.xml + subPath: tomcat-users.xml + readOnly: true + {{- end }} + {{- if .Values.application.security.http.activeDirectory.enabled }} + - name: {{ template "ff-common.fullname" . }}-ldap-role-mapping + mountPath: /usr/local/tomcat/webapps/ROOT/WEB-INF/classes/ldap-role-mapping.properties + subPath: ldap-role-mapping.properties + readOnly: true + {{- end }} + {{- if .Values.application.credentials.secret }} + - name: {{ template "ff-common.fullname" . }}-credentials + mountPath: /opt/frank/secrets/ + readOnly: true + {{- end }} + {{- if .Values.connections.create }} + - name: {{ template "ff-common.fullname" . }}-context + mountPath: /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml + subPath: context.xml + readOnly: true + {{- end }} + {{- if .Values.persistence.enabled }} + - name: {{ template "ff-common.fullname" . }}-data + subPath: heap-dumps + mountPath: /heap-dumps + {{- end }} + {{- range $i, $e := .Values.application.security.certificateStores }} + - name: {{ template "ff-common.fullname" $ }}-certificate-store-{{ $i }} + mountPath: /opt/frank/resources/{{ $e.resourceUrl | default $e.key }} + subPath: {{ $e.key }} + readOnly: true + {{- end }} + {{- if .Values.openforms2bpel.mailTemplates }} + - name: {{ template "ff-common.fullname" . }}-mailtemplates + mountPath: /opt/frank/resources/MailTemplates.xml + subPath: MailTemplates.xml + readOnly: true + {{- end }} + {{- if .Values.openforms2bpel.formdata }} + - name: {{ template "ff-common.fullname" . }}-formdata + mountPath: /opt/frank/resources/FormDataCollector_ObjectsApi_Custom.xslt + subPath: FormDataCollector_ObjectsApi_Custom.xslt + readOnly: true + - name: {{ template "ff-common.fullname" . }}-formdata + mountPath: /opt/frank/resources/FormDataTransform_Custom.xslt + subPath: FormDataTransform_Custom.xslt + readOnly: true + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/openforms2bpel/templates/manifest.yaml b/charts/openforms2bpel/templates/manifest.yaml new file mode 100644 index 0000000..0207c46 --- /dev/null +++ b/charts/openforms2bpel/templates/manifest.yaml @@ -0,0 +1,15 @@ +{{ template "ff-common.configmap.context.tpl" . }} +--- +{{ template "ff-common.configmap.tomcat-users.tpl" . }} +--- +{{ template "ff-common.configmap.ldap-role-mapping.tpl" . }} +--- +{{ template "ff-common.hpa.tpl"}} +--- +{{ template "ff-common.serviceAccount.tpl" . }} +--- +{{ template "ff-common.service.tpl" . }} +--- +{{ template "ff-common.ingress.tpl" . }} +--- +{{ template "ff-common.configmap.k8s-specifics.tpl" . }} diff --git a/charts/openforms2bpel/values.schema.json b/charts/openforms2bpel/values.schema.json new file mode 100644 index 0000000..d8f17c7 --- /dev/null +++ b/charts/openforms2bpel/values.schema.json @@ -0,0 +1,1135 @@ +{ + "title": "Chart Values", + "type": "object", + "properties": { + "nameOverride": { + "type": "string", + "description": "String to partially override common.names.fullname template (will maintain the release name)", + "default": "" + }, + "fullnameOverride": { + "type": "string", + "description": "String to fully override common.names.fullname template", + "default": "" + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Frank!Framework image registry", + "default": "wearefrank" + }, + "repository": { + "type": "string", + "description": "Frank!Framework image repository", + "default": "openforms2bpel" + }, + "tag": { + "type": "string", + "description": "Frank!Framework image tag (immutable tags are recommended)", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "Frank!Framework image pull policy", + "default": "IfNotPresent" + }, + "pullSecrets": { + "type": "array", + "description": "Frank!Framework image pull secrets", + "default": [], + "items": {} + } + } + }, + "frank": { + "type": "object", + "properties": { + "memory": { + "type": "object", + "properties": { + "percentage": { + "type": "boolean", + "description": "Set if the values for the memory are in percentages", + "default": false + }, + "minimum": { + "type": "string", + "description": "Sets the initial size of the heap that will be used by the Frank!Framework", + "default": "1G" + }, + "maximum": { + "type": "string", + "description": "Sets the maximum size of the heap that will be used by the Frank!Framework", + "default": "1G" + } + } + }, + "dtap": { + "type": "object", + "properties": { + "stage": { + "type": "string", + "description": "(Required) Set the `DTAP` stage. Options: `LOC`, `DEV`, `TST`, `ACC`, `PRD`", + "default": "" + }, + "side": { + "type": "string", + "description": "Set the `DTAP` side of where the instance is running", + "default": "" + } + } + }, + "credentials": { + "type": "object", + "properties": { + "secret": { + "type": "string", + "description": "Set the secret name of the existing secret", + "default": "" + }, + "key": { + "type": "string", + "description": "Set the key inside the secret that contains the data (e.g. `credentials.properties`)", + "default": "" + } + } + }, + "instance": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Set the name of the Frank! instance (default is the `fullname`)", + "default": "" + } + } + }, + "configurations": { + "type": "object", + "properties": { + "names": { + "type": "array", + "description": "Set the configurations to load. Leave empty to use the default", + "default": [], + "items": {} + } + } + }, + "security": { + "type": "object", + "properties": { + "certificateStores": { + "type": "array", + "description": "Define certificate (key/trust) stores to mount in the resources folder of the Frank!", + "default": [], + "items": {} + }, + "http": { + "type": "object", + "properties": { + "authentication": { + "type": "boolean", + "description": "Set http authentication for the Frank!", + "default": false + }, + "localUsers": { + "type": "array", + "description": "Set localUsers who can log in on the Frank!", + "default": [], + "items": {} + }, + "activeDirectory": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Active Directory for authentication", + "default": false + }, + "url": { + "type": "string", + "description": "Set url for Active Directory", + "default": "" + }, + "baseDn": { + "type": "string", + "description": "Set baseDn for Active Directory users", + "default": "" + }, + "roleMapping": { + "type": "object", + "properties": { + "tester": { + "type": "string", + "description": "Map the role for Tester", + "default": "" + }, + "dataAdmin": { + "type": "string", + "description": "Map the role for DataAdmin", + "default": "" + }, + "admin": { + "type": "string", + "description": "Map the role for Admin", + "default": "" + }, + "webService": { + "type": "string", + "description": "Map the role for WebService", + "default": "" + }, + "observer": { + "type": "string", + "description": "Map the role for Observer", + "default": "" + } + } + } + } + } + } + } + } + }, + "server": { + "type": "object", + "properties": { + "transactionManager": { + "type": "string", + "description": "Set the transaction manager for Tomcat. Options: `NARAYANA`, `BTM`, ``", + "default": "NARAYANA" + } + } + }, + "javaOpts": { + "type": "string", + "description": "Append custom options to the `JAVA_OPTS` environment variable for the Frank!", + "default": "" + } + } + }, + "connections": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Create a `context.xml` and possibly overwrite the existing one, to configure the connections/resources.", + "default": true + }, + "jdbc": { + "type": "array", + "description": "Set multiple database connections. One connection should have an empty name, so it'll get picked up by default (unless `jdbc.required=false` is set)", + "default": [], + "items": {} + }, + "jms": { + "type": "array", + "description": "Set multiple message services", + "default": [], + "items": {} + } + } + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "", + "default": false + }, + "minReplicas": { + "type": "number", + "description": "", + "default": 1 + }, + "maxReplicas": { + "type": "number", + "description": "", + "default": 100 + }, + "targetCPUUtilizationPercentage": { + "type": "number", + "description": "", + "default": 80 + }, + "targetMemoryUtilizationPercentage": { + "type": "number", + "description": "", + "default": 80 + } + } + }, + "replicaCount": { + "type": "number", + "description": "Number of Frank!Framework replicas to deploy", + "default": 1 + }, + "startupProbe": { + "type": "object", + "properties": { + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for startupProbe", + "default": 40 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for startupProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for startupProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for startupProbe", + "default": 12 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for startupProbe", + "default": 1 + } + } + }, + "ingress": { + "type": "object", + "properties": { + "hosts": { + "type": "array", + "description": "", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string", + "description": "" + }, + "paths": { + "type": "array", + "description": "", + "items": { + "type": "object", + "properties": { + "path": { + "type": "string", + "description": "" + }, + "pathType": { + "type": "string", + "description": "" + } + } + } + } + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enable ingress record generation for Frank!", + "default": false + }, + "className": { + "type": "string", + "description": "IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)", + "default": "" + }, + "annotations": { + "type": "object", + "description": "Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.", + "default": {} + }, + "tls": { + "type": "array", + "description": "Define tls secrets for hosts (implementation not done yet)", + "default": [], + "items": {} + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for livenessProbe", + "default": 0 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for livenessProbe", + "default": 10 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for livenessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for livenessProbe", + "default": 12 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for livenessProbe", + "default": 1 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for readinessProbe", + "default": 0 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for readinessProbe", + "default": 5 + }, + "timeoutSeconds": { + "type": "number", + "description": "Timeout seconds for readinessProbe", + "default": 1 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for readinessProbe", + "default": 3 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for readinessProbe", + "default": 1 + } + } + }, + "terminationGracePeriodSeconds": { + "type": "number", + "description": "Number of seconds after which pods are forcefully killed", + "default": 60 + }, + "nodeSelector": { + "type": "object", + "description": "Node labels for pod assignment", + "default": {} + }, + "tolerations": { + "type": "array", + "description": "Set tolerations for pod assignment", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "Set affinity for pod assignment", + "default": {} + }, + "timeZone": { + "type": "string", + "description": "used for database connection and log timestamps", + "default": "Etc/UTC" + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Frank!Framework service type", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "Frank!Framework service port", + "default": 80 + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Enable creation of ServiceAccount for Frank!Framework pod", + "default": true + }, + "annotations": { + "type": "object", + "description": "Additional custom annotations for the ServiceAccount", + "default": {} + }, + "name": { + "type": "string", + "description": "The name of the ServiceAccount to use.", + "default": "" + } + } + }, + "podAnnotations": { + "type": "object", + "description": "Annotations for Frank!Framework pods", + "default": {} + }, + "podLabels": { + "type": "object", + "description": "Extra labels for Frank!Framework pods", + "default": {} + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable persistence using Persistent Volume Claims", + "default": false + }, + "storageClass": { + "type": "string", + "description": "Persistent Volume storage class", + "default": "" + }, + "accessModes": { + "type": "array", + "description": "Persistent Volume access modes", + "default": [ + "ReadWriteOnce" + ], + "items": { + "type": "string" + } + }, + "size": { + "type": "string", + "description": "Persistent Volume size", + "default": "5Gi" + }, + "dataSource": { + "type": "object", + "description": "Custom PVC data source", + "default": {} + }, + "existingClaim": { + "type": "string", + "description": "The name of an existing PVC to use for persistence", + "default": "" + }, + "selector": { + "type": "object", + "description": "Selector to match an existing Persistent Volume for the Frank!Framework's data PVC", + "default": {} + }, + "annotations": { + "type": "object", + "description": "Persistent Volume Claim annotations", + "default": {} + } + } + }, + "openforms2bpel": { + "type": "object", + "properties": { + "connections": { + "type": "object", + "properties": { + "bpelBasicService": { + "type": "object", + "properties": { + "endpoint": { + "type": "string", + "description": "Endpoint at which this service binding is served.", + "default": "https://bpel-basic-service/bpelBasicService" + }, + "verifyHostname": { + "type": "boolean", + "description": "Should the hostname in the certificate be checked against the actual hostname of the service.", + "default": true + }, + "allowSelfSignedCerts": { + "type": "boolean", + "description": "Should self-signed certificates be accepted.", + "default": false + }, + "ignoreExpiredCerts": { + "type": "boolean", + "description": "Should certificate expiration error be ignored.", + "default": false + }, + "authAlias": { + "type": "string", + "description": "Reference to an auth alias to be used as credentials for this service.", + "default": "bpel-basic-npa" + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the service call yields a result.", + "default": 60000 + } + } + }, + "bpelDocumentsService": { + "type": "object", + "properties": { + "endpoint": { + "type": "string", + "description": "Endpoint at which this service binding is served.", + "default": "https://bpel-documents-service/bpelDocumentsService" + }, + "verifyHostname": { + "type": "boolean", + "description": "Should the hostname in the certificate be checked against the actual hostname of the service.", + "default": true + }, + "allowSelfSignedCerts": { + "type": "boolean", + "description": "Should self-signed certificates be accepted.", + "default": false + }, + "ignoreExpiredCerts": { + "type": "boolean", + "description": "Should certificate expiration error be ignored.", + "default": false + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the service call yields a result.", + "default": 60000 + } + } + }, + "bpelCasesService": { + "type": "object", + "properties": { + "endpoint": { + "type": "string", + "description": "Endpoint at which this service binding is served.", + "default": "https://bpel-cases-service/bpelCasesService" + }, + "verifyHostname": { + "type": "boolean", + "description": "Should the hostname in the certificate be checked against the actual hostname of the service.", + "default": true + }, + "allowSelfSignedCerts": { + "type": "boolean", + "description": "Should self-signed certificates be accepted.", + "default": false + }, + "ignoreExpiredCerts": { + "type": "boolean", + "description": "Should certificate expiration error be ignored.", + "default": false + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the service call yields a result.", + "default": 60000 + } + } + }, + "bpelMtomService": { + "type": "object", + "properties": { + "endpoint": { + "type": "string", + "description": "Endpoint at which this service binding is served.", + "default": "https://bpel-mtom-service/bpelMtomService" + }, + "verifyHostname": { + "type": "boolean", + "description": "Should the hostname in the certificate be checked against the actual hostname of the service.", + "default": true + }, + "allowSelfSignedCerts": { + "type": "boolean", + "description": "Should self-signed certificates be accepted.", + "default": false + }, + "ignoreExpiredCerts": { + "type": "boolean", + "description": "Should certificate expiration error be ignored.", + "default": false + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the service call yields a result.", + "default": 60000 + } + } + }, + "bpelBasicStatusUpdateService": { + "type": "object", + "properties": { + "endpoint": { + "type": "string", + "description": "Endpoint at which this service binding is served.", + "default": "https://bpel-basic-status-update-service/bpelBasicStatusUpdateService" + }, + "verifyHostname": { + "type": "boolean", + "description": "Should the hostname in the certificate be checked against the actual hostname of the service.", + "default": true + }, + "allowSelfSignedCerts": { + "type": "boolean", + "description": "Should self-signed certificates be accepted.", + "default": false + }, + "ignoreExpiredCerts": { + "type": "boolean", + "description": "Should certificate expiration error be ignored.", + "default": false + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the service call yields a result.", + "default": 60000 + } + } + }, + "bpelPaymentService": { + "type": "object", + "properties": { + "endpoint": { + "type": "string", + "description": "Endpoint at which this service binding is served.", + "default": "https://bpel-payment-service/bpelPaymentService" + }, + "verifyHostname": { + "type": "boolean", + "description": "Should the hostname in the certificate be checked against the actual hostname of the service.", + "default": true + }, + "allowSelfSignedCerts": { + "type": "boolean", + "description": "Should self-signed certificates be accepted.", + "default": false + }, + "ignoreExpiredCerts": { + "type": "boolean", + "description": "Should certificate expiration error be ignored.", + "default": false + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the service call yields a result.", + "default": 60000 + } + } + }, + "bpelGegMagService": { + "type": "object", + "properties": { + "endpoint": { + "type": "string", + "description": "Endpoint at which this service binding is served.", + "default": "https://bpel-gegmag-service/bpelGegMagService" + }, + "verifyHostname": { + "type": "boolean", + "description": "Should the hostname in the certificate be checked against the actual hostname of the service.", + "default": true + }, + "allowSelfSignedCerts": { + "type": "boolean", + "description": "Should self-signed certificates be accepted.", + "default": false + }, + "ignoreExpiredCerts": { + "type": "boolean", + "description": "Should certificate expiration error be ignored.", + "default": false + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the service call yields a result.", + "default": 60000 + } + } + }, + "notificatiesApi": { + "type": "object", + "properties": { + "rootUrl": { + "type": "string", + "description": "Root url of the 'Notificaties API' that is used to subscribe at.", + "default": "https://notificaties-api/api/v1/" + }, + "authType": { + "type": "string", + "description": "Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header.", + "default": "jwt" + }, + "authAlias": { + "type": "string", + "description": "Reference to an auth alias to be used as credentials for this api.", + "default": "notificaties-api" + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the api call yields a result.", + "default": 60000 + }, + "subscription": { + "type": "object", + "properties": { + "callback": { + "type": "string", + "description": "Fully qualified url to the notification callback of openforms2bpel.", + "default": "https://openforms2bpel/api/v1/form-object-callback" + }, + "authAlias": { + "type": "string", + "description": "Reference to an auth alias to be used as authorization key for calling the callback endpoint.", + "default": "forms-object-callback" + }, + "filters": { + "type": "object", + "properties": { + "objectType": { + "type": "string", + "description": "Url of the objecttype to filter the notifications on.", + "default": "https://objecttypes-api/api/v2/objecttypes/uuid" + } + } + } + } + } + } + }, + "documentenApi": { + "type": "object", + "properties": { + "authType": { + "type": "string", + "description": "Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header.", + "default": "jwt" + }, + "authAlias": { + "type": "string", + "description": "Reference to an auth alias to be used as credentials for this api.", + "default": "documenten-api" + }, + "timeout": { + "type": "number", + "description": "Time in ms to wait till the api call yields a result.", + "default": 60000 + } + } + }, + "objectsApi": { + "type": "object", + "properties": { + "authType": { + "type": "string", + "description": "Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header.", + "default": "value" + }, + "authAlias": { + "type": "string", + "description": "Reference to an auth alias to be used as credentials for this api.", + "default": "objects-api" + }, + "timeout": { + "type": "number", + "description": "Timeout used in 'Objects API' calls.", + "default": 60000 + } + } + }, + "noReplySmtp": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable connecting to the configured SMTP server/replay.", + "default": false + }, + "host": { + "type": "string", + "description": "Host of the SMTP server/relay.", + "default": "https://smtp-relay/" + }, + "port": { + "type": "number", + "description": "Port of the SMTP server/relay.", + "default": 587 + }, + "useSsl": { + "type": "boolean", + "description": "Connect securely to the SMTP server/relay with SSL.", + "default": true + }, + "authAlias": { + "type": "string", + "description": "Reference to an auth alias to be used as credentials for authorizing with the SMTP server/relay.", + "default": "noreply-smtp" + }, + "timeout": { + "type": "number", + "description": "Timeout used when sending emails.", + "default": 60000 + }, + "defaultFromName": { + "type": "string", + "description": "The default no-reply sender's name that is shown with the no-reply sender's e-mail address.", + "default": "Gemeente X" + }, + "defaultFromAddress": { + "type": "string", + "description": "The default no-reply sender's e-mail address that used when sending e-mails.", + "default": "no-reply@gemeente-x.local" + }, + "signatureFromName": { + "type": "string", + "description": "The no-reply sender's name used in the signature of the e-mail body.", + "default": "" + } + } + } + } + }, + "mailTemplates": { + "type": "object", + "properties": { + "existingConfigMap": { + "type": "string", + "description": "The name of the configmap containing the mail templates.", + "default": "" + }, + "templates": { + "type": "array", + "description": "Mail templates that can be referenced by name on a variety of functional error scenario's.", + "default": [], + "items": {} + } + } + }, + "formdata": { + "type": "object", + "properties": { + "existingConfigMap": { + "type": "string", + "description": "The name of the configmap containing the formdata stylesheets.", + "default": "" + }, + "collectorStylesheet": { + "type": "string", + "description": "Multi-line value for FormDataCollector_ObjectsApi_Custom.xslt.", + "default": "" + }, + "transformStylesheet": { + "type": "string", + "description": "Multi-line value for FormDataTransform_Custom.xslt.", + "default": "" + } + } + }, + "workflows": { + "type": "object", + "properties": { + "autoRetries": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable automatic retries. For all workflows(unless overriden).", + "default": true + }, + "cronExpression": { + "type": "string", + "description": "Cron expression used for retry interval/schedule. For all workflows(unless overriden).", + "default": "0 0/30 * * * ?" + }, + "maxRetries": { + "type": "number", + "description": "Maximum amount an errorstore item is retried. For all workflows(unless overriden).", + "default": 5 + }, + "workflowSelector": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable automatic retries. Override for this specific workflow.", + "default": true + }, + "cronExpression": { + "type": "string", + "description": "Cron expression used for retry interval/schedule. Override for this specific workflow.", + "default": "0 0/30 * * * ?" + }, + "maxRetries": { + "type": "number", + "description": "Maximum amount an errorstore item is retried. Override for this specific workflow.", + "default": 5 + } + } + }, + "addDocumentsToCase": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable automatic retries. Override for this specific workflow.", + "default": true + }, + "cronExpression": { + "type": "string", + "description": "Cron expression used for retry interval/schedule. Override for this specific workflow.", + "default": "0 0/30 * * * ?" + }, + "maxRetries": { + "type": "number", + "description": "Maximum amount an errorstore item is retried. Override for this specific workflow.", + "default": 5 + } + } + }, + "updatePaymentCommand": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable automatic retries. Override for this specific workflow.", + "default": true + }, + "cronExpression": { + "type": "string", + "description": "Cron expression used for retry interval/schedule. Override for this specific workflow.", + "default": "0 0/30 * * * ?" + }, + "maxRetries": { + "type": "number", + "description": "Maximum amount an errorstore item is retried. Override for this specific workflow.", + "default": 5 + } + } + }, + "sendNoReplyUserEmail": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable automatic retries. Override for this specific workflow.", + "default": true + }, + "cronExpression": { + "type": "string", + "description": "Cron expression used for retry interval/schedule. Override for this specific workflow.", + "default": "0 0/30 * * * ?" + }, + "maxRetries": { + "type": "number", + "description": "Maximum amount an errorstore item is retried. Override for this specific workflow.", + "default": 5 + } + } + } + } + }, + "scheduledStartReceiver": { + "type": "object", + "properties": { + "workflowSelector": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable scheduled start the receiver of this specific workflow.", + "default": false + }, + "cronExpression": { + "type": "string", + "description": "Cron expression used to schedule starting the receiver of this specific workflow.", + "default": "0 * 5 * * ?" + } + } + } + } + }, + "scheduledStopReceiver": { + "type": "object", + "properties": { + "workflowSelector": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable scheduled stop the receiver of this specific workflow.", + "default": false + }, + "cronExpression": { + "type": "string", + "description": "Cron expression used to schedule stopping the receiver of this specific workflow.", + "default": "0 * 0 * * ?" + } + } + } + } + }, + "onErrorActions": { + "type": "object", + "properties": { + "onCaseNotFound": { + "type": "object", + "properties": { + "sendMail": { + "type": "boolean", + "description": "Enable sending a mail to the form initiator when this specific error occurs.", + "default": false + }, + "templateName": { + "type": "string", + "description": "Name of the mail template to be used when this specific error occurs.", + "default": "" + } + } + }, + "onSubjectNotEqualsCaseSubject": { + "type": "object", + "properties": { + "sendMail": { + "type": "boolean", + "description": "Enable sending a mail to the form initiator when this specific error occurs.", + "default": false + }, + "templateName": { + "type": "string", + "description": "Name of the mail template to be used when this specific error occurs.", + "default": "" + } + } + }, + "onCaseClosed": { + "type": "object", + "properties": { + "sendMail": { + "type": "boolean", + "description": "Enable sending a mail to the form initiator when this specific error occurs.", + "default": false + }, + "templateName": { + "type": "string", + "description": "Name of the mail template to be used when this specific error occurs.", + "default": "" + } + } + } + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/charts/openforms2bpel/values.yaml b/charts/openforms2bpel/values.yaml new file mode 100644 index 0000000..1f8e206 --- /dev/null +++ b/charts/openforms2bpel/values.yaml @@ -0,0 +1,811 @@ +## @section Common parameters +## + +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" + +## @section Frank!Framework image parameters +## + +## Frank!Framework image +## ref: https://nexus.frankframework.org/#browse/browse:frankframework-docker:v2%2Ffrankframework%2Ftags/ +## @param image.registry Frank!Framework image registry +## @param image.repository Frank!Framework image repository +## @param image.tag Frank!Framework image tag (immutable tags are recommended) +## +image: + registry: wearefrank + repository: openforms2bpel + tag: "" + ## @param image.pullPolicy Frank!Framework image pull policy + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## @param image.pullSecrets Frank!Framework image pull secrets + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - name: myRegistryKeySecretName + ## + pullSecrets: [] + +## @section Frank! Configuration parameters +## + +## @skip frank [object] +## +frank: + ## @param frank.memory.percentage Set if the values for the memory are in percentages + ## @param frank.memory.minimum Sets the initial size of the heap that will be used by the Frank!Framework + ## @param frank.memory.maximum Sets the maximum size of the heap that will be used by the Frank!Framework + ## For Java 8 it is best suited to use the same amount of memory for both the minimum and maximum. + ## For Java 11 and above, it is possible to use percentages. E.g. minimum: 20.0, maximum: 80.0. + ## ref: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/java.html#BABDJJFI + ## + memory: + percentage: false + minimum: 1G + maximum: 1G + ## @skip frank.dtap [object] + ## @param frank.dtap.stage (Required) Set the `DTAP` stage. Options: `LOC`, `DEV`, `TST`, `ACC`, `PRD` + ## @param frank.dtap.side Set the `DTAP` side of where the instance is running + ## + dtap: + stage: "" + side: "" + ## @skip frank.credentials [object] + ## @param frank.credentials.secret Set the secret name of the existing secret + ## @param frank.credentials.key Set the key inside the secret that contains the data (e.g. `credentials.properties`) + ## + credentials: + secret: "" + key: "" + ## @skip frank.instance [string] + ## @param frank.instance.name Set the name of the Frank! instance (default is the `fullname`) + ## + instance: + name: "" + ## @skip frank.configurations [object] + ## @param frank.configurations.names [array] Set the configurations to load. Leave empty to use the default + ## e.g. + ## configurations.names: + ## - main + ## + configurations: + names: [] + ## @skip frank.security [object] + ## @skip frank.security.http [object] + ## + security: + ## @param frank.security.certificateStores [array] Define certificate (key/trust) stores to mount in the resources folder of the Frank! + ## @param frank.security.certificateStores.secretName [string] Name of the secret where the certificate store is located in + ## @param frank.security.certificateStores.key [string] The key in the secret where the certificate store is located in + ## @param frank.security.certificateStores.resourceUrl [string, nullable] The path to the certificate store in the Resource folder, the key will be used as default value + ## + certificateStores: [] + http: + ## @param frank.security.http.authentication Set http authentication for the Frank! + ## + authentication: false + ## @param frank.security.http.localUsers [array] Set localUsers who can log in on the Frank! + ## @param frank.security.http.localUsers.username [string] Set the username of the user + ## @param frank.security.http.localUsers.password [string] Set the password of the user + ## @param frank.security.http.localUsers.roles [array] Set the roles of the user. Options: `IbisTester`, `IbisDataAdmin`, `IbisAdmin`, `IbisWebService`, `IbisObserver` + ## e.g. + ## localUsers: + ## - username: Tester + ## password: ChangeMe! + ## roles: + ## - IbisTester + ## + localUsers: [] + ## @skip frank.security.http.activeDirectory [object] + ## @param frank.security.http.activeDirectory.enabled Enable Active Directory for authentication + ## @param frank.security.http.activeDirectory.url Set url for Active Directory + ## @param frank.security.http.activeDirectory.baseDn Set baseDn for Active Directory users + ## @skip frank.security.http.activeDirectory.roleMapping [object] + ## @param frank.security.http.activeDirectory.roleMapping.tester Map the role for Tester + ## @param frank.security.http.activeDirectory.roleMapping.dataAdmin Map the role for DataAdmin + ## @param frank.security.http.activeDirectory.roleMapping.admin Map the role for Admin + ## @param frank.security.http.activeDirectory.roleMapping.webService Map the role for WebService + ## @param frank.security.http.activeDirectory.roleMapping.observer Map the role for Observer + ## + activeDirectory: + enabled: false + url: "" + baseDn: "" + roleMapping: + tester: "" + dataAdmin: "" + admin: "" + webService: "" + observer: "" + ## @skip frank.server [object] + ## + server: + ## @param frank.server.transactionManager [string] Set the transaction manager for Tomcat. Options: `NARAYANA`, `BTM`, `` + ## + transactionManager: NARAYANA + ## @param frank.properties [object] Set Yaml properties for configuring the Frank!Framework or configurations + ## properties ref: https://github.com/frankframework/frankframework/blob/master/core/src/main/resources/AppConstants.properties + ## implementation ref: https://github.com/frankframework/frankframework/blob/master/commons/src/main/java/org/frankframework/util/YamlParser.java + ## + properties: {} + ## @param frank.environmentVariables [object] Set extra environment variables for the Frank! + ## + environmentVariables: {} + ## @param frank.javaOpts [string] Append custom options to the `JAVA_OPTS` environment variable for the Frank! + ## + javaOpts: "" + +## @section Frank!Framework Connection parameters +## + +## @skip connections [object] +## +connections: + ## @param connections.create Create a `context.xml` and possibly overwrite the existing one, to configure the connections/resources. + ## + create: true + ## @param connections.jdbc [array] Set multiple database connections. One connection should have an empty name, so it'll get picked up by default (unless `jdbc.required=false` is set) + ## @param connections.jdbc.name [nullable,string] Name of the connection (leave empty to use default: `jdbc/${.Values.instance.name}` in lowercase) + ## @param connections.jdbc.type [string] DBMS type. Options: `oracle`, `mssql`, `mysql`, `mariadb`, `postgresql`, `db2`, `mongodb` + ## @param connections.jdbc.host [string] Host of where the database can be reached (like in the same cluster e.g. `..svc.cluster.local`) + ## @param connections.jdbc.post [nullable,string] Port for the database (leave empty for default) + ## @param connections.jdbc.database [nullable,string] Name of the database to use (default is `.Values.instance.name`) + ## @param connections.jdbc.username [string] Username to connect to the database (or use string template for use with credentials e.g. `${database/username}`) + ## @param connections.jdbc.password [string] Password to connect to the database (or use string template for use with credentials e.g. `${database/password}`) + ## @param connections.jdbc.ssl [nullable,string] Set to `true` is the connection uses SSL, default is `false` + ## + jdbc: [] + ## @param connections.jms [array] Set multiple message services + ## @param connections.jms.name [nullable,string] Name of the connection (leave empty to use default: `jms/${.Values.instance.name}` in lowercase) + ## @param connections.jms.type [string] MQ type. Options: `artemis`, `activemq` + ## @param connections.jms.host [string] Host of where the MQ can be reached (like in the same cluster e.g. `..svc.cluster.local`) + ## @param connections.jms.post [nullable,string] Port for the MQ (leave empty for default) + ## + jms: [] + +## @section Frank!Framework deployment parameters +## @descriptionStart +## The startup probe will enable blue-green deployment, which are great for uptime during upgrades and such. +## It (and the liveness probe) will check if the console is accessible, until a better health endpoint is available. +## The readiness probe will check if all adapters are running using the server health endpoint +## @descriptionEnd +## + +## @param replicaCount Number of Frank!Framework replicas to deploy +## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 +## +replicaCount: 1 + +## Configure extra options for Frank!Framework containers' startup probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + initialDelaySeconds: 40 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 12 + successThreshold: 1 + +## Configure extra options for Frank!Framework containers' liveness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 12 + successThreshold: 1 + +## Configure extra options for Frank!Framework containers' readiness probe +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + +## @param probesEnabled [object] Toggle probes. This should only be used if a Frank! needs to be kept while in a bad state (for debugging purposes) +## @param probesEnabled.startupProbe [object] Toggle startupProbe +## @param probesEnabled.livenessProbe [object] Toggle livenessProbe +## @param probesEnabled.readinessProbe [object] Toggle readinessProbe +probesEnabled: + startupProbe: true + livenessProbe: true + readinessProbe: true + +## Frank!Framework container's resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources [object] Set the resources for the Frank!Framework containers +## @param resources.limits [string] The resources limits for the Frank!Framework containers +## @param resources.requests.memory [string] The requested memory for the Frank!Framework containers +## @param resources.requests.cpu [string] The requested cpu for the Frank!Framework containers +## e.g.: +## resources +## limits: +## cpu: 2000m +## memory: 4200M +## requests: +## cpu: 2000m +## memory: 4200M +## +resources: {} + +## @skip autoscaling +## +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: 80 + +## @param terminationGracePeriodSeconds Number of seconds after which pods are forcefully killed +## @extra terminationGracePeriodSeconds Note: Lower values may cause running adapters to fail +terminationGracePeriodSeconds: 60 + +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## @param tolerations Set tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## @param affinity Set affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} + +## @param timeZone used for database connection and log timestamps +## +timeZone: Etc/UTC + +## @section Traffic Exposure Parameters +## + +## Frank!Framework service parameters +## +service: + ## @param service.type Frank!Framework service type + ## + type: ClusterIP + ## @param service.port Frank!Framework service port + port: 80 + +## Configure the ingress resource that allows you to access the Frank!Framework installation +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for Frank! + ## + enabled: false + ## @param ingress.className IngressClass that will be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + className: "" + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## kubernetes.io/tls-acme: 'true' + ## + annotations: {} + ## @param ingress.hosts [array] Set hosts for ingress + ## @param ingress.hosts.host [string] Set hostname + ## @param ingress.hosts.paths [array] Set multiple paths + ## @param ingress.hosts.paths.path [string] Set path (context url) + ## @param ingress.hosts.paths.pathType [string] Set type of path + ## + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + ## @param ingress.tls [array] Define tls secrets for hosts (implementation not done yet) + ## e.g. + ## tls: + ## - secretName: chart-example-tls + ## hosts: + ## - chart-example.local + ## + tls: [] + +## @section Other Parameters +## + +## Frank!Framework Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for Frank!Framework pod + ## + create: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the ff-common.fullname template + ## + name: "" + +## @param podAnnotations Annotations for Frank!Framework pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## @param podLabels Extra labels for Frank!Framework pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext [object] Set Frank!Framework pod's Security Context +## +podSecurityContext: {} + +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param securityContext [object] Set Frank!Framework container's Security Context +## e.g. +## securityContext: {} +## capabilities: +## drop: +## - ALL +## readOnlyRootFilesystem: true +## runAsNonRoot: true +## runAsUser: 1000 +## +securityContext: {} + +## @section Persistence +## @descriptionStart +## Persistence is used for keeping heap dumps. They can be found at `/heap-dumps` with persistence enabled. +## Otherwise, they can be found at `/usr/local/tomcat/logs` +## @descriptionEnd +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: false + ## @param persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param persistence.accessModes [array] Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Persistent Volume size + ## + size: 5Gi + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" + ## @param persistence.selector Selector to match an existing Persistent Volume for the Frank!Framework's data PVC + ## If set, the PVC can't have a PV dynamically provisioned for it + ## E.g. + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param persistence.annotations Persistent Volume Claim annotations + ## You might need to add an annotation for selected node: + ## E.g: volume.kubernetes.io/selected-node: nodeName + ## Ref: https://kubernetes.io/docs/reference/labels-annotations-taints/#volume-kubernetes-io-selected-node + ## + annotations: {} + +## @skip openforms2bpel [object] +## @section openforms2bpel +## +openforms2bpel: + ## @skip openforms2bpel.connections [object] + ## @section Connections + ## + connections: + ## @skip openforms2bpel.connections.bpelBasicService [object] + ## @param openforms2bpel.connections.bpelBasicService.endpoint [string] Endpoint at which this service binding is served. + ## @param openforms2bpel.connections.bpelBasicService.verifyHostname Should the hostname in the certificate be checked against the actual hostname of the service. + ## @param openforms2bpel.connections.bpelBasicService.allowSelfSignedCerts Should self-signed certificates be accepted. + ## @param openforms2bpel.connections.bpelBasicService.ignoreExpiredCerts Should certificate expiration error be ignored. + ## @param openforms2bpel.connections.bpelBasicService.authAlias [string] Reference to an auth alias to be used as credentials for this service. + ## Can be configured in credentials.properties. + ## @param openforms2bpel.connections.bpelBasicService.timeout Time in ms to wait till the service call yields a result. + ## + bpelBasicService: + endpoint: "https://bpel-basic-service/bpelBasicService" + verifyHostname: true + allowSelfSignedCerts: false + ignoreExpiredCerts: false + authAlias: "bpel-basic-npa" + timeout: 60000 + ## @skip openforms2bpel.connections.bpelDocumentsService [object] + ## @param openforms2bpel.connections.bpelDocumentsService.endpoint [string] Endpoint at which this service binding is served. + ## @param openforms2bpel.connections.bpelDocumentsService.verifyHostname Should the hostname in the certificate be checked against the actual hostname of the service. + ## @param openforms2bpel.connections.bpelDocumentsService.allowSelfSignedCerts Should self-signed certificates be accepted. + ## @param openforms2bpel.connections.bpelDocumentsService.ignoreExpiredCerts Should certificate expiration error be ignored. + ## @param openforms2bpel.connections.bpelDocumentsService.timeout Time in ms to wait till the service call yields a result. + ## + bpelDocumentsService: + endpoint: "https://bpel-documents-service/bpelDocumentsService" + verifyHostname: true + allowSelfSignedCerts: false + ignoreExpiredCerts: false + timeout: 60000 + ## @skip openforms2bpel.connections.bpelCasesService [object] + ## @param openforms2bpel.connections.bpelCasesService.endpoint [string] Endpoint at which this service binding is served. + ## @param openforms2bpel.connections.bpelCasesService.verifyHostname Should the hostname in the certificate be checked against the actual hostname of the service. + ## @param openforms2bpel.connections.bpelCasesService.allowSelfSignedCerts Should self-signed certificates be accepted. + ## @param openforms2bpel.connections.bpelCasesService.ignoreExpiredCerts Should certificate expiration error be ignored. + ## @param openforms2bpel.connections.bpelCasesService.timeout Time in ms to wait till the service call yields a result. + ## + bpelCasesService: + endpoint: "https://bpel-cases-service/bpelCasesService" + verifyHostname: true + allowSelfSignedCerts: false + ignoreExpiredCerts: false + timeout: 60000 + ## @skip openforms2bpel.connections.bpelMtomService [object] + ## @param openforms2bpel.connections.bpelMtomService.endpoint [string] Endpoint at which this service binding is served. + ## @param openforms2bpel.connections.bpelMtomService.verifyHostname Should the hostname in the certificate be checked against the actual hostname of the service. + ## @param openforms2bpel.connections.bpelMtomService.allowSelfSignedCerts Should self-signed certificates be accepted. + ## @param openforms2bpel.connections.bpelMtomService.ignoreExpiredCerts Should certificate expiration error be ignored. + ## @param openforms2bpel.connections.bpelMtomService.timeout Time in ms to wait till the service call yields a result. + ## + bpelMtomService: + endpoint: "https://bpel-mtom-service/bpelMtomService" + verifyHostname: true + allowSelfSignedCerts: false + ignoreExpiredCerts: false + timeout: 60000 + ## @skip openforms2bpel.connections.bpelBasicStatusUpdateService [object] + ## @param openforms2bpel.connections.bpelBasicStatusUpdateService.endpoint [string] Endpoint at which this service binding is served. + ## @param openforms2bpel.connections.bpelBasicStatusUpdateService.verifyHostname Should the hostname in the certificate be checked against the actual hostname of the service. + ## @param openforms2bpel.connections.bpelBasicStatusUpdateService.allowSelfSignedCerts Should self-signed certificates be accepted. + ## @param openforms2bpel.connections.bpelBasicStatusUpdateService.ignoreExpiredCerts Should certificate expiration error be ignored. + ## @param openforms2bpel.connections.bpelBasicStatusUpdateService.timeout Time in ms to wait till the service call yields a result. + ## + bpelBasicStatusUpdateService: + endpoint: "https://bpel-basic-status-update-service/bpelBasicStatusUpdateService" + verifyHostname: true + allowSelfSignedCerts: false + ignoreExpiredCerts: false + timeout: 60000 + ## @skip openforms2bpel.connections.bpelPaymentService [object] + ## @param openforms2bpel.connections.bpelPaymentService.endpoint [string] Endpoint at which this service binding is served. + ## @param openforms2bpel.connections.bpelPaymentService.verifyHostname Should the hostname in the certificate be checked against the actual hostname of the service. + ## @param openforms2bpel.connections.bpelPaymentService.allowSelfSignedCerts Should self-signed certificates be accepted. + ## @param openforms2bpel.connections.bpelPaymentService.ignoreExpiredCerts Should certificate expiration error be ignored. + ## @param openforms2bpel.connections.bpelPaymentService.timeout Time in ms to wait till the service call yields a result. + ## + bpelPaymentService: + endpoint: "https://bpel-payment-service/bpelPaymentService" + verifyHostname: true + allowSelfSignedCerts: false + ignoreExpiredCerts: false + timeout: 60000 + ## @skip openforms2bpel.connections.bpelGegMagService [object] + ## @param openforms2bpel.connections.bpelGegMagService.endpoint [string] Endpoint at which this service binding is served. + ## @param openforms2bpel.connections.bpelGegMagService.verifyHostname Should the hostname in the certificate be checked against the actual hostname of the service. + ## @param openforms2bpel.connections.bpelGegMagService.allowSelfSignedCerts Should self-signed certificates be accepted. + ## @param openforms2bpel.connections.bpelGegMagService.ignoreExpiredCerts Should certificate expiration error be ignored. + ## @param openforms2bpel.connections.bpelGegMagService.timeout Time in ms to wait till the service call yields a result. + ## + bpelGegMagService: + endpoint: "https://bpel-gegmag-service/bpelGegMagService" + verifyHostname: true + allowSelfSignedCerts: false + ignoreExpiredCerts: false + timeout: 60000 + ## @skip openforms2bpel.connections.notificatiesApi [object] + ## @param openforms2bpel.connections.notificatiesApi.rootUrl [string] Root url of the 'Notificaties API' that is used to subscribe at. + ## @param openforms2bpel.connections.notificatiesApi.authType [string] Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header. + ## @param openforms2bpel.connections.notificatiesApi.authAlias [string] Reference to an auth alias to be used as credentials for this api. + ## Can be configured in credentials.properties. + ## @param openforms2bpel.connections.notificatiesApi.timeout Time in ms to wait till the api call yields a result. + ## + notificatiesApi: + rootUrl: "https://notificaties-api/api/v1/" + authType: "jwt" + authAlias: "notificaties-api" + timeout: 60000 + ## @skip openforms2bpel.connections.notificatiesApi.subscription [object] + ## @param openforms2bpel.connections.notificatiesApi.subscription.callback [string] Fully qualified url to the notification callback of openforms2bpel. + ## This url needs to be reachable from the 'Notificaties API'. + ## @param openforms2bpel.connections.notificatiesApi.subscription.authAlias [string] Reference to an auth alias to be used as authorization key for calling the callback endpoint. + ## Can be configured in credentials.properties. + ## + subscription: + callback: "https://openforms2bpel/api/v1/form-object-callback" + authAlias: "forms-object-callback" + ## @skip openforms2bpel.connections.notificatiesApi.subscription.filters [object] + ## @param openforms2bpel.connections.notificatiesApi.subscription.filters.objectType [string] Url of the objecttype to filter the notifications on. + ## + filters: + objectType: "https://objecttypes-api/api/v2/objecttypes/uuid" + ## @skip openforms2bpel.connections.documentenApi [object] + ## @param openforms2bpel.connections.documentenApi.authType [string] Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header. + ## @param openforms2bpel.connections.documentenApi.authAlias [string] Reference to an auth alias to be used as credentials for this api. + ## Can be configured in credentials.properties. + ## @param openforms2bpel.connections.documentenApi.timeout Time in ms to wait till the api call yields a result. + ## + documentenApi: + authType: "jwt" + authAlias: "documenten-api" + timeout: 60000 + ## @skip openforms2bpel.connections.objectsApi [object] + ## @param openforms2bpel.connections.objectsApi.authType [string] Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header. + ## @param openforms2bpel.connections.objectsApi.authAlias [string] Reference to an auth alias to be used as credentials for this api. + ## Can be configured in credentials.properties. + ## @param openforms2bpel.connections.objectsApi.timeout Timeout used in 'Objects API' calls. + ## + objectsApi: + authType: "value" + authAlias: "objects-api" + timeout: 60000 + ## @skip openforms2bpel.connections.noReplySmtp [object] + ## @param openforms2bpel.connections.noReplySmtp.enabled Enable connecting to the configured SMTP server/replay. + ## @param openforms2bpel.connections.noReplySmtp.host [string] Host of the SMTP server/relay. + ## @param openforms2bpel.connections.noReplySmtp.port Port of the SMTP server/relay. + ## @param openforms2bpel.connections.noReplySmtp.useSsl Connect securely to the SMTP server/relay with SSL. + ## @param openforms2bpel.connections.noReplySmtp.authAlias [string] Reference to an auth alias to be used as credentials for authorizing with the SMTP server/relay. + ## Can be configured in credentials.properties. + ## @param openforms2bpel.connections.noReplySmtp.timeout Timeout used when sending emails. + ## @param openforms2bpel.connections.noReplySmtp.defaultFromName [string] The default no-reply sender's name that is shown with the no-reply sender's e-mail address. + ## @param openforms2bpel.connections.noReplySmtp.defaultFromAddress [string] The default no-reply sender's e-mail address that used when sending e-mails. + ## @param openforms2bpel.connections.noReplySmtp.signatureFromName [string] The no-reply sender's name used in the signature of the e-mail body. + ## Defaults to the value configured in defaultFromName + ## + noReplySmtp: + enabled: false + host: "https://smtp-relay/" + port: 587 + useSsl: true + authAlias: "noreply-smtp" + timeout: 60000 + defaultFromName: "Gemeente X" + defaultFromAddress: "no-reply@gemeente-x.local" + signatureFromName: "" + ## @skip openforms2bpel.mailTemplates [object] + ## @section Mail Templates + ## + mailTemplates: + ## @param openforms2bpel.mailTemplates.existingConfigMap [string] The name of the configmap containing the mail templates. + ## @param openforms2bpel.mailTemplates.templates [array] Mail templates that can be referenced by name on a variety of functional error scenario's. + ## @param openforms2bpel.mailTemplates.templates.name [string] Name of the mail template that can be referenced. + ## @param openforms2bpel.mailTemplates.templates.subject [string] Mail subject text. + ## @param openforms2bpel.mailTemplates.templates.messageType [string] ContentType of the message. Options: 'text/plain', 'text/html'. + ## @param openforms2bpel.mailTemplates.templates.message [string] Mail message body. A limit degree of variable substitution is available. + ## ref: todo + ## + existingConfigMap: "" + templates: [] + ## Example mail template: + ## ```yaml + ## - name: "mail-template-name" + ## subject: "Document toevoegen aan zaak niet gelukt" + ## messageType: "text/html" + ## message: |- + ## Beste,
+ ##
+ ## U hebt eerder een aanvraag bij ons gedaan. U probeerde hier 1 of meer documenten aan toe te voegen. Dit is helaas niet gelukt omdat het aanvraagnummer (zaaknummer) niet klopte. Het juiste nummer staat in de bevestigingsmail van uw eerste aanvraag.
+ ##
+ ## Wilt u uw laatste aanvraag met de bestanden opnieuw naar ons toesturen met het juiste nummer?
+ ##
+ ## Bedankt voor uw medewerking.
+ ##
+ ## Met vriendelijke groet,
+ ## ${vars.signature-from-name}
+ ## ``` + + ## @skip openforms2bpel.formdata [object] + ## @section Formdata + ## The formdata can be transformed to however the back-end system likes to have have it, as it is not used for anything else in the integration. + ## The integration processes the raw form's object from the 'Objects API' for it's logic/data instead. + ## + formdata: + ## @param openforms2bpel.formdata.existingConfigMap [string] The name of the configmap containing the formdata stylesheets. + ## + existingConfigMap: "" + ## @param openforms2bpel.formdata.collectorStylesheet [string] Multi-line value for FormDataCollector_ObjectsApi_Custom.xslt. + ## This xslt stylesheet is responsible for copying the relevant parts of the form's object from the 'Objects API', that should + ## be considered the formdata. + ## When no custom stylesheet is supplied, the default stylesheet from the example below is used. + ## Default stylesheet: + ## ```xslt + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## ``` + ## + collectorStylesheet: "" + ## @param openforms2bpel.formdata.transformStylesheet [string] Multi-line value for FormDataTransform_Custom.xslt. + ## This xslt stylesheet is responsible for transforming the result of openforms2bpel.formdata.collectorStylesheet to the desired state for the + ## back-end system. For example: renaming, enriching, filtering, restructuring, etc. + ## When no custom stylesheet is supplied, the default stylesheet from the example below is used. + ## Default stylesheet: + ## ```xslt + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## + ## ``` + ## + transformStylesheet: "" + ## @skip openforms2bpel.workflows [object] + ## @section Workflows + ## + workflows: + ## @skip openforms2bpel.workflows.autoRetries [object] + ## @param openforms2bpel.workflows.autoRetries.enabled Enable automatic retries. For all workflows(unless overriden). + ## @param openforms2bpel.workflows.autoRetries.cronExpression [string] Cron expression used for retry interval/schedule. For all workflows(unless overriden). + ## @param openforms2bpel.workflows.autoRetries.maxRetries Maximum amount an errorstore item is retried. For all workflows(unless overriden). + ## + autoRetries: + enabled: true + cronExpression: "0 0/30 * * * ?" + maxRetries: 5 + ## @skip openforms2bpel.workflows.autoRetries.workflowSelector [object] + ## @param openforms2bpel.workflows.autoRetries.workflowSelector.enabled Enable automatic retries. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.workflowSelector.cronExpression [string] Cron expression used for retry interval/schedule. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.workflowSelector.maxRetries Maximum amount an errorstore item is retried. Override for this specific workflow. + ## + workflowSelector: + enabled: true + cronExpression: "0 0/30 * * * ?" + maxRetries: 5 + ## @skip openforms2bpel.workflows.autoRetries.addDocumentsToCase [object] + ## @param openforms2bpel.workflows.autoRetries.addDocumentsToCase.enabled Enable automatic retries. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.addDocumentsToCase.cronExpression [string] Cron expression used for retry interval/schedule. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.addDocumentsToCase.maxRetries Maximum amount an errorstore item is retried. Override for this specific workflow. + ## + addDocumentsToCase: + enabled: true + cronExpression: "0 0/30 * * * ?" + maxRetries: 5 + ## @skip openforms2bpel.workflows.autoRetries.updatePaymentCommand [object] + ## @param openforms2bpel.workflows.autoRetries.updatePaymentCommand.enabled Enable automatic retries. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.updatePaymentCommand.cronExpression [string] Cron expression used for retry interval/schedule. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.updatePaymentCommand.maxRetries Maximum amount an errorstore item is retried. Override for this specific workflow. + ## + updatePaymentCommand: + enabled: true + cronExpression: "0 0/30 * * * ?" + maxRetries: 5 + ## @skip openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail [object] + ## @param openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.enabled Enable automatic retries. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.cronExpression [string] Cron expression used for retry interval/schedule. Override for this specific workflow. + ## @param openforms2bpel.workflows.autoRetries.sendNoReplyUserEmail.maxRetries Maximum amount an errorstore item is retried. Override for this specific workflow. + ## + sendNoReplyUserEmail: + enabled: true + cronExpression: "0 0/30 * * * ?" + maxRetries: 5 + ## @skip openforms2bpel.workflows.scheduledStartReceiver [object] + scheduledStartReceiver: + ## @skip openforms2bpel.workflows.scheduledStartReceiver.workflowSelector [object] + ## @param openforms2bpel.workflows.scheduledStartReceiver.workflowSelector.enabled Enable scheduled start the receiver of this specific workflow. + ## Incoming form-objects are always accepted, but only processed when the receiver is active. + ## @param openforms2bpel.workflows.scheduledStartReceiver.workflowSelector.cronExpression [string] Cron expression used to schedule starting the receiver of this specific workflow. + ## + workflowSelector: + enabled: false + cronExpression: "0 * 5 * * ?" + ## @skip openforms2bpel.workflows.scheduledStopReceiver [object] + scheduledStopReceiver: + ## @skip openforms2bpel.workflows.scheduledStopReceiver.workflowSelector [object] + ## @param openforms2bpel.workflows.scheduledStopReceiver.workflowSelector.enabled Enable scheduled stop the receiver of this specific workflow. + ## Incoming form-objects are always accepted, but only processed when the receiver is active. + ## @param openforms2bpel.workflows.scheduledStopReceiver.workflowSelector.cronExpression [string] Cron expression used to schedule stopping the receiver of this specific workflow. + ## + workflowSelector: + enabled: false + cronExpression: "0 * 0 * * ?" + ## @skip openforms2bpel.workflows.onErrorActions [object] + onErrorActions: + ## @skip openforms2bpel.workflows.onErrorActions.onCaseNotFound [object] + ## @param openforms2bpel.workflows.onErrorActions.onCaseNotFound.sendMail Enable sending a mail to the form initiator when this specific error occurs. + ## Otherwise an exception is throw, which requires manual intervention. Enabling the sending of a mail requires 'openforms2bpel.connections.noReplySmtp' to be configured. + ## @param openforms2bpel.workflows.onErrorActions.onCaseNotFound.templateName [string] Name of the mail template to be used when this specific error occurs. + ## Mail templates can be configured in the 'openforms2bpel.mailTemplates' section. + ## + onCaseNotFound: + sendMail: false + templateName: "" + ## @skip openforms2bpel.workflows.onErrorActions.onSubjectNotEqualsCaseSubject [object] + ## @param openforms2bpel.workflows.onErrorActions.onSubjectNotEqualsCaseSubject.sendMail Enable sending a mail to the form initiator when this specific error occurs. + ## Otherwise an exception is throw, which requires manual intervention. Enabling the sending of a mail requires 'openforms2bpel.connections.noReplySmtp' to be configured. + ## @param openforms2bpel.workflows.onErrorActions.onSubjectNotEqualsCaseSubject.templateName [string] Name of the mail template to be used when this specific error occurs. + ## Mail templates can be configured in the 'openforms2bpel.mailTemplates' section. + ## + onSubjectNotEqualsCaseSubject: + sendMail: false + templateName: "" + ## @skip openforms2bpel.workflows.onErrorActions.onCaseClosed [object] + ## Mail templates can be configured in the 'openforms2bpel.mailTemplates' section. + ## @param openforms2bpel.workflows.onErrorActions.onCaseClosed.sendMail Enable sending a mail to the form initiator when this specific error occurs. + ## Otherwise an exception is throw, which requires manual intervention. Enabling the sending of a mail requires 'openforms2bpel.connections.noReplySmtp' to be configured. + ## @param openforms2bpel.workflows.onErrorActions.onCaseClosed.templateName [string] Name of the mail template to be used when this specific error occurs. + ## Mail templates can be configured in the 'openforms2bpel.mailTemplates' section. + ## + onCaseClosed: + sendMail: false + templateName: "" + +