From bd6519c66646594fe4f43bca11de84c28a228611 Mon Sep 17 00:00:00 2001 From: Sergi Philipsen Date: Thu, 2 Feb 2023 16:38:16 +0100 Subject: [PATCH] feat: update helm chart and add installation instructions for jwt (#22) --- charts/zaakbrug/Chart.yaml | 4 +- charts/zaakbrug/README.md | 67 +++++++++++++++++++++++ charts/zaakbrug/templates/deployment.yaml | 12 ++-- charts/zaakbrug/values.yaml | 10 ++-- 4 files changed, 80 insertions(+), 13 deletions(-) diff --git a/charts/zaakbrug/Chart.yaml b/charts/zaakbrug/Chart.yaml index dc73a62f8..8f51814e7 100644 --- a/charts/zaakbrug/Chart.yaml +++ b/charts/zaakbrug/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 1.0 +appVersion: 1.0.4 description: Install ZaakBrug (zds-to-zgw) on Haven, powerd by the Frank!Framework name: zaakbrug type: application -version: 0.2.0 +version: 0.2.1 home: https://github.com/ibissource/zaakbrug icon: "https://raw.githubusercontent.com/ibissource/zaakbrug/master/zaakbrug-icon.png" diff --git a/charts/zaakbrug/README.md b/charts/zaakbrug/README.md index 43cad4269..34de32464 100644 --- a/charts/zaakbrug/README.md +++ b/charts/zaakbrug/README.md @@ -1,2 +1,69 @@ # ZaakBrug 2.0 +## Installation + +### Required values + +Some values need to be filled in for the Frank! to work. + +These values are: + +- frank.instance.name +- frank.dtap.stage +- connections.jdbc (we're working on a disable database option) + +### ZaakBrug values + +For the ZaakBrug to work correctly some values need to be verified and other have to be filled in. + +Check if all the zgw.endpoints are configured right. Add a configMap to both zgw.globalsConfigMap and zgs.profilesConfigMap + +#### Globals and Profiles + +The Globals.json should contain organizations and role mappings. + +The Profiles.json contains information about zaakTypes. The reason this file is separate, is to make it more sharable with other gemeentes. + +These files need to be added to the namespace as a configMap. The name of the configMap and the key of the data should be added in the values.yaml under .name and .subPath. + +### Credentials + +The credentials are added differently so the server can handle them differently. The credentials won't be logged or shown, in contrary to all other properties. + +#### Database credentials + +User and password can be set with values like so: + +```yaml +username: postgres +password: ExamplePassword +# Or with property parameters +username: ${database/username} +password: ${database/password} +``` + +A nice way to set the variables is with a credentials.properties. + +The property parameters used for the values will point to the right credential in the credentials.properties (you can call it differently) file. + +Create a secret with the properties you want to set, for example: + +```properties +database/username=test +database/password=test +``` + +Now set the values: frank.credentials.secret (secret name) and frank.credentials.key (key of the data) + +#### Zaak JWT + +The ZaakBrug will automatically generate a JWT token. + +To set the client id and secret, add these credentials to your credentials secret (the one mentioned above). + +```properties +zaken-api.jwt/username=ZaakBrug +zaken-api.jwt/password=secret1234 +``` + +The username is used for the client is and the password is used for the secret. \ No newline at end of file diff --git a/charts/zaakbrug/templates/deployment.yaml b/charts/zaakbrug/templates/deployment.yaml index 1fc73f9ee..b2cd8bbec 100644 --- a/charts/zaakbrug/templates/deployment.yaml +++ b/charts/zaakbrug/templates/deployment.yaml @@ -47,19 +47,19 @@ spec: mountPath: /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml subPath: context.xml readOnly: true - {{- if .Values.zaakbrug.globalsConfigMap }} + {{- if .Values.zaakbrug.globalsConfigMap.name }} - name: {{ template "zaakbrug.fullname" . }}-profiles-json mountPath: /opt/frank/configurations/Translate/Globals.json readOnly: true subPath: {{ .Values.zaakbrug.profilesConfigMap.subPath }} {{- end }} - {{- if .Values.zaakbrug.profilesConfigMap }} + {{- if .Values.zaakbrug.profilesConfigMap.name }} - name: {{ template "zaakbrug.fullname" . }}-profiles-json mountPath: /opt/frank/configurations/Translate/Profiles.json readOnly: true subPath: {{ .Values.zaakbrug.profilesConfigMap.subPath }} {{- end }} - {{- if .Values.frank.credentials }} + {{- if .Values.frank.credentials.secret }} - name: {{ template "zaakbrug.fullname" . }}-credentials mountPath: /opt/frank/secrets/ readOnly: true @@ -87,17 +87,17 @@ spec: - name: {{ template "zaakbrug.fullname" . }}-specifics configMap: name: {{ template "zaakbrug.fullname" . }}-specifics - {{- if .Values.zaakbrug.globalsConfigMap }} + {{- if .Values.zaakbrug.globalsConfigMap.name }} - name: {{ template "zaakbrug.fullname" . }}-globals-json configMap: name: {{ .Values.zaakbrug.globalsConfigMap.name }} {{- end }} - {{- if .Values.zaakbrug.profilesConfigMap }} + {{- if .Values.zaakbrug.profilesConfigMap.name }} - name: {{ template "zaakbrug.fullname" . }}-profiles-json configMap: name: {{ .Values.zaakbrug.globalsConfigMap.name }} {{- end }} - {{- if .Values.frank.credentials }} + {{- if .Values.frank.credentials.secret }} - name: {{ template "zaakbrug.fullname" . }}-credentials secret: secretName: {{ .Values.frank.credentials.secret }} diff --git a/charts/zaakbrug/values.yaml b/charts/zaakbrug/values.yaml index 5f2853a8d..00e03f7dd 100644 --- a/charts/zaakbrug/values.yaml +++ b/charts/zaakbrug/values.yaml @@ -4,7 +4,7 @@ image: repository: wearefrank/zaakbrug pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "latest" + tag: "" imagePullSecrets: [] nameOverride: "" @@ -112,11 +112,11 @@ zaakbrug: enkelvoudiginformatieobjecten: "documenten/api/v1/enkelvoudiginformatieobjecten" zaakinformatieobjecten: "zaken/api/v1/zaakinformatieobjecten" globalsConfigMap: - name: - key: + name: "" + key: "" profilesConfigMap: - name: - key: + name: "" + key: "" frank: # Secret containing the contents of the credentials.properties