Add securityContext with fsGroup to new GeoServer Helm chart

kartoza · Jul 19, 2024 · 5fce813 · 5fce813
1 parent ff18be5
commit 5fce813
Show file tree

Hide file tree

Showing 14 changed files with 733 additions and 1 deletion.
diff --git a/charts/geoserver/README.md b/charts/geoserver/README.md
@@ -1 +1 @@
-v0.3.3/README.md
+v0.3.4/README.md
diff --git a/charts/geoserver/v0.3.4/Chart.yaml b/charts/geoserver/v0.3.4/Chart.yaml
@@ -0,0 +1,16 @@
+apiVersion: v2
+name: geoserver
+version: 0.3.4
+appVersion: 2.21.0
+description: Chart for GeoServer
+keywords:
+  - GeoServer
+  - GIS
+home: http://geoserver.org
+sources:
+  - https://github.com/geoserver/geoserver
+maintainers:
+  - name: lucernae
+    email: lana.pcfre@gmail.com
+engine: gotpl
+icon: https://raw.githubusercontent.com/kartoza/charts/master/assets/logo/GeoServer_500.png
diff --git a/charts/geoserver/v0.3.4/README.md b/charts/geoserver/v0.3.4/README.md
@@ -0,0 +1,72 @@
+# GeoServer
+
+This is Kartoza's GeoServer Rancher charts
+
+GeoServer is an open source server for sharing geospatial data.
+
+
+# How to Use
+
+For helm:
+
+```bash
+helm install release-name kartoza/geoserver
+```
+
+# Intro
+
+This chart bootstrap a GeoServer installation.
+Most GeoServer packages are shipped with Jetty or Tomcat Server to be directly used in production instance.
+On top of that you can cascade with Nginx or Apache if you need more control over the routing mechanism.
+
+# What it can do
+
+The default install uses kartoza/geoserver image, which can do the following:
+
+- Default TLS enabled
+- Generate new datadir at startup if volume empty
+- Some plugins are shipped
+
+Full list of options can be seen in: https://github.com/kartoza/docker-geoserver/
+
+# Parameters
+
+| Parameter | Description |
+|---|---|
+| image.registry | Docker image registry |
+| image.repository | Docker image repository |
+| image.tag | Docker image tag |
+| image.pullPolicy | Docker image pull policy |
+| geoserverDataDir | The directory of GeoServer Data Dir inside the pod |
+| geowebcacheCacheDir | GeoServer have GeoWebCache support built in. This will be the location of the cache dir |
+| geoserverUser | GeoServer super user name |
+| geoserverPassword | GeoServer password for super user. If you fill it, it will then stored in k8s secret. |
+| existingSecret | [tpl string] The name of the secret to get the geoserver password |
+| extraPodEnv | [tpl string] Provide extra environment that will be passed into pods. Useful for non default image. |
+| extraSecret | [tpl string] Provide extra secret that will be included in the pods. Useful for non default image. |
+| extraConfigMap: | [tpl string] Provide extra config map that will be included in the pods. Useful for non default image. |
+| extraVolumeMounts | [tpl string] Provide extra volume mounts declaration that will be included in the pods. Useful if you want to mount extra things. |
+| extraVolume | [tpl string] Configuration pair with extraVolumeMounts. Declare which volume to mount in the pods. |
+| persistence.geoserverDataDir.enabled | For geoserverDataDir volume. Default to true. If set, it will make a volume claim. |
+| persistence.geoserverDataDir.existingClaim | For geoserverDataDir volume. Default to false. If set, it will use an existing claim name provided. |
+| persistence.geoserverDataDir.mountPath | For geoserverDataDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geoserverDataDir key |
+| persistence.geoserverDataDir.subPath | For geoserverDataDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services.  |
+| persistence.geoserverDataDir.size | For geoserverDataDir volume. Size of the volume |
+| persistence.geoserverDataDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. |
+| persistence.geowebcacheCacheDir.enabled | For geowebcacheCacheDir volume. Default to true. If set, it will make a volume claim. |
+| persistence.geowebcacheCacheDir.existingClaim | For geowebcacheCacheDir volume. Default to false. If set, it will use an existing claim name provided. |
+| persistence.geowebcacheCacheDir.mountPath | For geowebcacheCacheDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geowebcacheCacheDir key |
+| persistence.geowebcacheCacheDir.subPath | For geowebcacheCacheDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services.  |
+| persistence.geowebcacheCacheDir.size | For geowebcacheCacheDir volume. Size of the volume |
+| persistence.geowebcacheCacheDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. |
+| service.type | The type of kubernetes service to be created. Leave it be for Headless service |
+| service.loadBalancerIP | Only used if you use LoadBalancer service.type |
+| service.externalIPs | External IPs to use for the service |
+| service.port | External port to use/expose |
+| affinity | Constrain pods to nodes |
+| tolerations | Pod scheduling tolerations |
+| ingress.enabled | Switch to true to enable ingress resource |
+| ingress.host | The host name/site name the ingress will serve |
+| ingress.tls.enabled | Set it to true to enable HTTPS |
+| ingress.tls.secretName | Providing this will activate HTTPS ingress based on the provided certificate |
+| probe | An override options for pod probe/health check |
diff --git a/charts/geoserver/v0.3.4/app-readme.md b/charts/geoserver/v0.3.4/app-readme.md
@@ -0,0 +1,6 @@
+# GeoServer
+
+This is Kartoza's GeoServer Rancher charts
+
+GeoServer is an open source server for sharing geospatial data.
+
diff --git a/charts/geoserver/v0.3.4/ci/values.yml b/charts/geoserver/v0.3.4/ci/values.yml
@@ -0,0 +1,23 @@
+---
+geoserverDataDir: /opt/mygeoserver/data_dir
+geowebcacheCacheDir: /opt/mygeoserver/gwc
+
+geoserverUser: superadmin
+geoserverPassword: superpasswordlol
+
+persistence:
+  geoserverDataDir:
+    storageClass: "default"
+    mountPath: /opt/mygeoserver/data_dir
+  geowebcacheCacheDir:
+    storageClass: "default"
+    mountPath: /opt/mygeoserver/gwc
+
+ingress:
+  enabled: true
+  host: geoserver.test
+  annotations:
+    cert-manager.io/cluster-issuer: selfsigned-issuer
+  tls:
+    enabled: true
+    secretName: geoserver-tls
diff --git a/charts/geoserver/v0.3.4/templates/NOTES.txt b/charts/geoserver/v0.3.4/templates/NOTES.txt
@@ -0,0 +1,26 @@
+To access GeoServer:
+
+1. Get user and password:
+
+   ```bash
+   export GEOSERVER_ADMIN_USER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-user}' | base64 --decode)
+   export GEOSERVER_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-password}'  | base64 --decode)
+   ```
+
+{{- if not .Values.ingress.enabled }}
+2. You didn't enable ingress, so GeoServer is exposed as Headless Service by default.
+
+   You can arrange access by exposing it to NodePort or external address manually using kubernetes.
+
+   Otherwise, you can access it via Kubernetes API-Server proxy:
+
+   http://[cluster master address]/api/v1/namespaces/{{ .Release.Namespace }}/services/{{ template "geoserver.fullname" . }}:80/proxy/geoserver/
+
+{{- end }}
+
+{{- if .Values.ingress.enabled }}
+2. You have enabled ingress, service will be available here:
+
+   http://{{ .Values.ingress.host }}/geoserver/
+
+{{- end }}
diff --git a/charts/geoserver/v0.3.4/templates/_helpers.tpl b/charts/geoserver/v0.3.4/templates/_helpers.tpl
@@ -0,0 +1,129 @@
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "geoserver.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}}
+{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "geoserver.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Return the proper geoserver image name
+*/}}
+{{- define "geoserver.image" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | toString -}}
+{{/*
+Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
+but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
+Also, we can't use a single if because lazy evaluation is not an option
+*/}}
+{{- if .Values.global }}
+    {{- if .Values.global.imageRegistry }}
+        {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
+    {{- else -}}
+        {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+    {{- end -}}
+{{- else -}}
+    {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
+{{- end -}}
+
+
+
+{{/*
+Get the password secret.
+*/}}
+{{- define "geoserver.secretName" -}}
+{{- if .Values.existingSecret -}}
+    {{- printf "%s" (tpl .Values.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s" (include "geoserver.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+
+
+{{/*
+Return GeoServer password
+*/}}
+{{- define "geoserver.password" -}}
+{{- if .Values.geoserverPassword -}}
+    {{- .Values.geoserverPassword -}}
+{{- else -}}
+    {{- randAlphaNum 10 -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Return GeoServer Data Dir storageClass declaration
+*/}}
+{{- define "geoserver.geoserverDataDir.storageClass" -}}
+{{- if .Values.global -}}
+	{{- if .Values.global.storageClass -}}
+        {{- if (eq "-" .Values.global.storageClass) -}}
+            {{- printf "storageClassName: \"\"" -}}
+        {{- else }}
+            {{- printf "storageClassName: %s" .Values.global.storageClass -}}
+        {{- end -}}
+    {{- else -}}
+        {{- if .Values.persistence.geoserverDataDir.storageClass -}}
+              {{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}}
+                  {{- printf "storageClassName: \"\"" -}}
+              {{- else }}
+                  {{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}}
+              {{- end -}}
+        {{- end -}}
+    {{- end -}}
+{{- else -}}
+    {{- if .Values.persistence.geoserverDataDir.storageClass -}}
+        {{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}}
+            {{- printf "storageClassName: \"\"" -}}
+        {{- else }}
+            {{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}}
+        {{- end -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Return GeoServer Geo Web Cache storageClass declaration
+*/}}
+{{- define "geoserver.geowebcacheCacheDir.storageClass" -}}
+{{- if .Values.global -}}
+	{{- if .Values.global.storageClass -}}
+        {{- if (eq "-" .Values.global.storageClass) -}}
+            {{- printf "storageClassName: \"\"" -}}
+        {{- else }}
+            {{- printf "storageClassName: %s" .Values.global.storageClass -}}
+        {{- end -}}
+    {{- else -}}
+        {{- if .Values.persistence.geowebcacheCacheDir.storageClass -}}
+              {{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}}
+                  {{- printf "storageClassName: \"\"" -}}
+              {{- else }}
+                  {{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}}
+              {{- end -}}
+        {{- end -}}
+    {{- end -}}
+{{- else -}}
+    {{- if .Values.persistence.geowebcacheCacheDir.storageClass -}}
+        {{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}}
+            {{- printf "storageClassName: \"\"" -}}
+        {{- else }}
+            {{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}}
+        {{- end -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/geoserver/v0.3.4/templates/configmap.yaml b/charts/geoserver/v0.3.4/templates/configmap.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.extraConfigMap -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "geoserver.fullname" . }}
+  labels:
+    app: {{ template "geoserver.fullname" . }}
+    chart: {{ template "geoserver.chart" . }}
+    release: {{ .Release.Name | quote }}
+    heritage: {{ .Release.Service | quote }}
+  {{- with .Values.labels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+data:
+  {{- with .Values.extraConfigMap }}
+  {{- tpl . $ | nindent 2 }}
+  {{- end }}
+{{- end -}}