Merge pull request #378 from maykinmedia/feature/openvtb-helmchart

Open VTB helm chart

Author: alextreme

charts/openvtb/.helmignore

@@ -0,0 +1,20 @@
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/openvtb/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## 0.1.0 (2026-03-27)
+
+- First chart release! 🎉

charts/openvtb/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 22.0.1
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  version: 2.31.4
+digest: sha256:f6d1db0bc3e6c719c2cf81b0905885f3b3588880b1a5109027f2f40593f9f05e
+generated: "2026-03-27T11:02:08.844017305+01:00"

charts/openvtb/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+appVersion: 0.1.0
+description: Register en API's voor Verzoeken, Taken en Berichten.
+name: openvtb
+type: application
+version: 0.1.0
+
+dependencies:
+  - name: redis
+    version: 22.0.1
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - redis
+  - name: common
+    version: 2.31.4
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+    - bitnami-common

charts/openvtb/README.md

@@ -0,0 +1,228 @@
+# Open VTB Chart
+
+Register en API's voor Verzoeken, Taken en Berichten.
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+
+## Introduction
+
+This chart can be used to deploy Open VTB on a Kubernetes cluster using the Helm package manager.
+
+* [Source code](https://github.com/maykinmedia/open-vtb/)
+* [Docker image](https://hub.docker.com/r/maykinmedia/open-vtb)
+
+## Quickstart
+
+```bash
+helm repo add maykinmedia https://maykinmedia.github.io/charts/
+helm install openvtb maykinmedia/openvtb
+```
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.bitnami.com/bitnami | common | 2.31.4 |
+| https://charts.bitnami.com/bitnami | redis | 22.0.1 |
+
+## Configuration and installation details
+
+### Django specific configuration
+
+**Secret key**
+
+Django makes use of a secret key to provide cryptographic signing.
+This key should be set to a unique, unpredictable value.
+Without the `SECRET_KEY` environment variable, the application will not start.
+
+The key can be configured with the value `settings.secretKey`. You can use a [web tool](https://djecrety.ir/) to generate it.
+
+**Warning**: Running with a known secret key defeats many of Django’s security protections and can lead to privilege escalation and remote code execution vulnerabilities.
+
+### Automatic configuration
+
+The application can be automatically configured with `django-setup-configuration`.
+To enable the automatic configuration, the following values should be set:
+
+```yaml
+global:
+  configuration:
+    enabled: true
+
+configuration:
+  enabled: true
+  job:
+    enabled: true
+```
+
+The yaml data needed to configure the application should be provided in the value `configuration.data`.
+In the `values.yaml` file you can find an example of what the configuration should look like.
+The configuration can include sensitive data. To avoid having sensitive values in the `values.yaml` file, it is possible to reference
+environment variables. This can be done with the following syntax:
+
+```yaml
+configuration:
+  data:
+    someSensitiveVariable:
+      from_value:
+        env: SOME_SENSITIVE_VARIABLE
+```
+These environment variables should be provided in a secret, whose name must then be referenced
+with the value `existingConfigurationSecret` so that it is added to the environment of the Job pod.
+
+### Open Telemetry
+
+Open VTB supports the Open Telemetry Protocol.
+
+We recommend deploying one or more Open Telemetry Collector instances in your cluster to receive
+telemetry. Alternatively, you can use any vendor that speaks the OTLP protocol.
+
+The environment variables that the Open Telemetry SDK supports can be found [here](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#general-sdk-configuration).
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.behaviour | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| autoscaling.targetMemoryUtilizationPercentage | int | `80` |  |
+| azureVaultSecret.contentType | string | `""` |  |
+| azureVaultSecret.objectName | string | `""` |  |
+| azureVaultSecret.secretName | string | `"{{ .Values.existingSecret }}"` |  |
+| azureVaultSecret.vaultName | string | `nil` |  |
+| configuration.enabled | bool | `false` |  |
+| configuration.job.backoffLimit | int | `6` |  |
+| configuration.job.enabled | bool | `false` | Run the setup configuration command as a job |
+| configuration.job.resources | object | `{}` |  |
+| configuration.job.restartPolicy | string | `"OnFailure"` |  |
+| configuration.job.ttlSecondsAfterFinished | int | `0` | 0 Will clean the job after it is finished |
+| configuration.overwrite | bool | `true` |  |
+| configuration.secrets | object | `{}` |  |
+| configuration.superuser.email | string | `""` |  |
+| configuration.superuser.password | string | `""` |  |
+| configuration.superuser.username | string | `""` |  |
+| configurationSecretsName | string | `""` |  |
+| existingConfigurationSecret | string | `nil` |  |
+| existingSecret | string | `nil` |  |
+| extraEnvVars | list | `[]` | Array with extra environment variables to add |
+| extraIngress | list | `[]` | Specify extra ingresses, for example if you have multiple ingress classes |
+| extraVolumeMounts | list | `[]` | Optionally specify extra list of additional volumeMounts |
+| extraVolumes | list | `[]` | Optionally specify extra list of additional volumes |
+| fullnameOverride | string | `""` |  |
+| global.configuration.enabled | bool | `false` |  |
+| global.configuration.overwrite | bool | `true` |  |
+| global.configuration.secrets | object | `{}` |  |
+| global.settings.databaseHost | string | `""` | Global databasehost, overrides setting.database.host |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"maykinmedia/open-vtb"` |  |
+| image.tag | string | `""` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts | list | `[]` | ingress hosts |
+| ingress.tls | list | `[]` |  |
+| livenessProbe.failureThreshold | int | `6` |  |
+| livenessProbe.initialDelaySeconds | int | `60` |  |
+| livenessProbe.periodSeconds | int | `10` |  |
+| livenessProbe.successThreshold | int | `1` |  |
+| livenessProbe.timeoutSeconds | int | `5` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| pdb.create | bool | `false` |  |
+| pdb.maxUnavailable | string | `""` |  |
+| pdb.minAvailable | int | `1` |  |
+| persistence.enabled | bool | `true` |  |
+| persistence.existingClaim | string | `nil` |  |
+| persistence.mediaMountSubpath | string | `"openvtb/media"` |  |
+| persistence.size | string | `"1Gi"` |  |
+| persistence.storageClassName | string | `""` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext.fsGroup | int | `1000` |  |
+| readinessProbe.failureThreshold | int | `6` |  |
+| readinessProbe.initialDelaySeconds | int | `30` |  |
+| readinessProbe.periodSeconds | int | `10` |  |
+| readinessProbe.successThreshold | int | `1` |  |
+| readinessProbe.timeoutSeconds | int | `5` |  |
+| redis.architecture | string | `"standalone"` |  |
+| redis.auth.enabled | bool | `false` |  |
+| redis.image.registry | string | `"docker.io"` |  |
+| redis.image.repository | string | `"redis"` |  |
+| redis.image.tag | string | `"8.0"` |  |
+| redis.master.persistence.enabled | bool | `true` |  |
+| redis.master.persistence.size | string | `"8Gi"` |  |
+| redis.master.persistence.storageClass | string | `""` |  |
+| redis.master.resources.requests.cpu | string | `"250m"` |  |
+| redis.master.resources.requests.memory | string | `"256Mi"` |  |
+| replicaCount | int | `2` |  |
+| resources | object | `{}` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.readOnlyRootFilesystem | bool | `false` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
+| securityContext.runAsUser | int | `1000` |  |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automountServiceAccountToken | bool | `true` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| settings.allowedHosts | string | `""` |  |
+| settings.cache.axes | string | `""` |  |
+| settings.cache.default | string | `""` |  |
+| settings.database.dbPool.dbPoolMaxIdle | int | `600` |  |
+| settings.database.dbPool.dbPoolMaxLifetime | int | `3600` |  |
+| settings.database.dbPool.dbPoolMaxSize | int | `4` |  |
+| settings.database.dbPool.dbPoolMaxWaiting | int | `0` |  |
+| settings.database.dbPool.dbPoolMinSize | int | `4` |  |
+| settings.database.dbPool.dbPoolNumWorkers | int | `3` |  |
+| settings.database.dbPool.dbPoolReconnectTimeout | int | `300` |  |
+| settings.database.dbPool.dbPoolTimeout | int | `30` |  |
+| settings.database.dbPool.enabled | bool | `false` |  |
+| settings.database.host | string | `""` |  |
+| settings.database.name | string | `""` |  |
+| settings.database.password | string | `""` |  |
+| settings.database.port | int | `5432` |  |
+| settings.database.sslmode | string | `"prefer"` |  |
+| settings.database.username | string | `""` |  |
+| settings.debug | bool | `false` |  |
+| settings.disable2fa | bool | `false` | Disable two factor authentication |
+| settings.djangoSettingsModule | string | `"openvtb.conf.docker"` |  |
+| settings.elasticapm.serviceName | string | `""` |  |
+| settings.elasticapm.token | string | `""` |  |
+| settings.elasticapm.url | string | `""` |  |
+| settings.email.defaultFrom | string | `""` |  |
+| settings.email.host | string | `"localhost"` |  |
+| settings.email.password | string | `""` |  |
+| settings.email.port | int | `25` |  |
+| settings.email.useTLS | bool | `false` |  |
+| settings.email.username | string | `""` |  |
+| settings.environment | string | `""` | sets the 'ENVIRONMENT' variable |
+| settings.isHttps | bool | `true` |  |
+| settings.otel.disabled | bool | `true` |  |
+| settings.otel.exporterOtlpEndpoint | string | `""` | Network address where to send the metrics to. Examples are: https://otel.example.com:4318 or http://otel-collector.namespace.cluster.svc:4317. |
+| settings.otel.exporterOtlpHeaders | list | `[]` | Any additional HTTP headers, for example if you need Basic auth. This is used in the secret.yaml, as it can contain credentials.  |
+| settings.otel.exporterOtlpMetricsInsecure | bool | `false` | Is true if the endoint is not protected with TLS. |
+| settings.otel.exporterOtlpProtocol | string | `"grpc"` | Controls the wire protocol for the OTLP data. Available options: grpc and http/protobuf. |
+| settings.otel.metricExportInterval | int | `60000` | Controls how often (in milliseconds) the metrics are exported. The exports run in a background thread and should not affect the performance of the application.  |
+| settings.otel.metricExportTimeout | int | `10000` | Controls the timeout of the requests to the collector (in milliseconds) |
+| settings.otel.resourceAttributes | list | `[]` | Resources Attributes can be used to specify additional information about the instance. |
+| settings.secretKey | string | `""` | Generate secret key at https://djecrety.ir/ |
+| settings.sentry.dsn | string | `""` |  |
+| settings.useXForwardedHost | bool | `false` |  |
+| settings.uwsgi.harakiri | string | `""` |  |
+| settings.uwsgi.master | string | `""` |  |
+| settings.uwsgi.maxRequests | string | `""` |  |
+| settings.uwsgi.processes | string | `""` |  |
+| settings.uwsgi.threads | string | `""` |  |
+| startupProbe.failureThreshold | int | `30` |  |
+| startupProbe.initialDelaySeconds | int | `15` | Total time: 15s initial delay + (30 failures × 10s period) = 315s (5 minutes 15 seconds)     |
+| startupProbe.periodSeconds | int | `10` |  |
+| startupProbe.successThreshold | int | `1` |  |
+| startupProbe.timeoutSeconds | int | `5` |  |
+| tags.redis | bool | `true` |  |
+| tolerations | list | `[]` |  |

charts/openvtb/README.md.gotmpl

@@ -0,0 +1,78 @@
+# Open VTB Chart
+
+{{ template "chart.description" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+## Introduction 
+
+This chart can be used to deploy Open VTB on a Kubernetes cluster using the Helm package manager.
+
+* [Source code](https://github.com/maykinmedia/open-vtb/)
+* [Docker image](https://hub.docker.com/r/maykinmedia/open-vtb)
+
+## Quickstart
+
+```bash
+helm repo add maykinmedia https://maykinmedia.github.io/charts/
+helm install {{ template "chart.name" . }} maykinmedia/{{ template "chart.name" . }}
+```
+
+{{ template "chart.requirementsSection" . }}
+
+## Configuration and installation details
+
+### Django specific configuration
+
+**Secret key**
+
+Django makes use of a secret key to provide cryptographic signing. 
+This key should be set to a unique, unpredictable value. 
+Without the `SECRET_KEY` environment variable, the application will not start.
+
+The key can be configured with the value `settings.secretKey`. You can use a [web tool](https://djecrety.ir/) to generate it. 
+
+**Warning**: Running with a known secret key defeats many of Django’s security protections and can lead to privilege escalation and remote code execution vulnerabilities. 
+
+### Automatic configuration
+
+The application can be automatically configured with `django-setup-configuration`. 
+To enable the automatic configuration, the following values should be set:
+
+```yaml
+global:
+  configuration:
+    enabled: true
+
+configuration:
+  enabled: true
+  job:
+    enabled: true
+```
+
+The yaml data needed to configure the application should be provided in the value `configuration.data`.
+In the `values.yaml` file you can find an example of what the configuration should look like.
+The configuration can include sensitive data. To avoid having sensitive values in the `values.yaml` file, it is possible to reference
+environment variables. This can be done with the following syntax:
+
+```yaml
+configuration:
+  data:
+    someSensitiveVariable:
+      from_value:
+        env: SOME_SENSITIVE_VARIABLE
+```
+These environment variables should be provided in a secret, whose name must then be referenced
+with the value `existingConfigurationSecret` so that it is added to the environment of the Job pod.
+
+### Open Telemetry
+
+Open VTB supports the Open Telemetry Protocol.
+
+We recommend deploying one or more Open Telemetry Collector instances in your cluster to receive
+telemetry. Alternatively, you can use any vendor that speaks the OTLP protocol.
+
+The environment variables that the Open Telemetry SDK supports can be found [here](https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#general-sdk-configuration).
+
+
+{{ template "chart.valuesSection" . }}