Install on Kubernetes

Open Zaak supports deploying on Kubernetes (K8s) as a first-class citizen, embracing the Cloud Native principles.

Note

This section assumes you are familiar with Kubernetes. If this is not the case, we advise you to read up on K8s first and come back to this documentation later.

This documentation is aimed at DevOps engineers.

Quick navigation

Requirements

We recommend deploying on Haven-compliant clusters. The Open Zaak and Haven teams have coordinated the relevant infrastructure specification aspects.

Don’t panic if your cluster is not compliant (yet), as your cluster will likely still be capable of hosting Open Zaak.

Features and their requirements:

  • A PostgreSQL database with the following extensions:

    • pg_trgm

    • postgis

  • Load balancing over multiple replicas is supported using Deployment resources

  • If you use the Documents API backed by the local file-system, you need a ReadWriteMany-capable persistent volume solution, even with a single replica.

Topology

Traffic from the ingress will enter Open Zaak at one or multiple NGINX reverse proxies. NGINX performs one of two possible tasks:

  • pass the request to the Open Zaak application or

  • send the binary data of uploaded files to the client

NGINX exists to serve uploaded files in a secure and performant way. All other requests are passed to the Open Zaak application containers.

The application containers communicate with a PostgreSQL database, which must be provisioned upfront. Additionally, Redis is used for caching purposes.

Deploy using Helm

If you’re familiar with or prefer Helm, there are community-provided Helm charts for Open Zaak and Open Notificaties.

Note

These charts are contributed by the community on a best-effort basis. The Technical Steering Group takes no responsibility for the quality or up-to-date being of these charts.

Example:

helm repo add maykinmedia https://maykinmedia.github.io/charts/
helm repo update

helm install <release-tag> maykinmedia/openzaak \
    --set "settings.allowedHosts=open-zaak.gemeente.nl" \
    --set "ingress.enabled=true" \
    --set "ingress.hosts={open-zaak.gemeente.nl}"