From 5fce813cf39c47ff99bc8b339cee425d05f0eb65 Mon Sep 17 00:00:00 2001 From: Bhaskar_Pandranki Date: Fri, 19 Jul 2024 14:10:10 +0530 Subject: [PATCH] Add securityContext with fsGroup to new GeoServer Helm chart --- charts/geoserver/README.md | 2 +- charts/geoserver/v0.3.4/Chart.yaml | 16 ++ charts/geoserver/v0.3.4/README.md | 72 ++++++++ charts/geoserver/v0.3.4/app-readme.md | 6 + charts/geoserver/v0.3.4/ci/values.yml | 23 +++ charts/geoserver/v0.3.4/templates/NOTES.txt | 26 +++ .../geoserver/v0.3.4/templates/_helpers.tpl | 129 ++++++++++++++ .../geoserver/v0.3.4/templates/configmap.yaml | 21 +++ .../v0.3.4/templates/deployment.yaml | 162 ++++++++++++++++++ .../geoserver/v0.3.4/templates/ingress.yaml | 38 ++++ charts/geoserver/v0.3.4/templates/pvc.yaml | 47 +++++ .../geoserver/v0.3.4/templates/secrets.yaml | 20 +++ charts/geoserver/v0.3.4/templates/svc.yaml | 30 ++++ charts/geoserver/v0.3.4/values.yaml | 142 +++++++++++++++ 14 files changed, 733 insertions(+), 1 deletion(-) create mode 100644 charts/geoserver/v0.3.4/Chart.yaml create mode 100644 charts/geoserver/v0.3.4/README.md create mode 100644 charts/geoserver/v0.3.4/app-readme.md create mode 100644 charts/geoserver/v0.3.4/ci/values.yml create mode 100644 charts/geoserver/v0.3.4/templates/NOTES.txt create mode 100644 charts/geoserver/v0.3.4/templates/_helpers.tpl create mode 100644 charts/geoserver/v0.3.4/templates/configmap.yaml create mode 100644 charts/geoserver/v0.3.4/templates/deployment.yaml create mode 100644 charts/geoserver/v0.3.4/templates/ingress.yaml create mode 100644 charts/geoserver/v0.3.4/templates/pvc.yaml create mode 100644 charts/geoserver/v0.3.4/templates/secrets.yaml create mode 100644 charts/geoserver/v0.3.4/templates/svc.yaml create mode 100644 charts/geoserver/v0.3.4/values.yaml diff --git a/charts/geoserver/README.md b/charts/geoserver/README.md index b9e4257..d533665 120000 --- a/charts/geoserver/README.md +++ b/charts/geoserver/README.md @@ -1 +1 @@ -v0.3.3/README.md \ No newline at end of file +v0.3.4/README.md \ No newline at end of file diff --git a/charts/geoserver/v0.3.4/Chart.yaml b/charts/geoserver/v0.3.4/Chart.yaml new file mode 100644 index 0000000..79aac39 --- /dev/null +++ b/charts/geoserver/v0.3.4/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: geoserver +version: 0.3.4 +appVersion: 2.21.0 +description: Chart for GeoServer +keywords: + - GeoServer + - GIS +home: http://geoserver.org +sources: + - https://github.com/geoserver/geoserver +maintainers: + - name: lucernae + email: lana.pcfre@gmail.com +engine: gotpl +icon: https://raw.githubusercontent.com/kartoza/charts/master/assets/logo/GeoServer_500.png diff --git a/charts/geoserver/v0.3.4/README.md b/charts/geoserver/v0.3.4/README.md new file mode 100644 index 0000000..6193deb --- /dev/null +++ b/charts/geoserver/v0.3.4/README.md @@ -0,0 +1,72 @@ +# GeoServer + +This is Kartoza's GeoServer Rancher charts + +GeoServer is an open source server for sharing geospatial data. + + +# How to Use + +For helm: + +```bash +helm install release-name kartoza/geoserver +``` + +# Intro + +This chart bootstrap a GeoServer installation. +Most GeoServer packages are shipped with Jetty or Tomcat Server to be directly used in production instance. +On top of that you can cascade with Nginx or Apache if you need more control over the routing mechanism. + +# What it can do + +The default install uses kartoza/geoserver image, which can do the following: + +- Default TLS enabled +- Generate new datadir at startup if volume empty +- Some plugins are shipped + +Full list of options can be seen in: https://github.com/kartoza/docker-geoserver/ + +# Parameters + +| Parameter | Description | +|---|---| +| image.registry | Docker image registry | +| image.repository | Docker image repository | +| image.tag | Docker image tag | +| image.pullPolicy | Docker image pull policy | +| geoserverDataDir | The directory of GeoServer Data Dir inside the pod | +| geowebcacheCacheDir | GeoServer have GeoWebCache support built in. This will be the location of the cache dir | +| geoserverUser | GeoServer super user name | +| geoserverPassword | GeoServer password for super user. If you fill it, it will then stored in k8s secret. | +| existingSecret | [tpl string] The name of the secret to get the geoserver password | +| extraPodEnv | [tpl string] Provide extra environment that will be passed into pods. Useful for non default image. | +| extraSecret | [tpl string] Provide extra secret that will be included in the pods. Useful for non default image. | +| extraConfigMap: | [tpl string] Provide extra config map that will be included in the pods. Useful for non default image. | +| extraVolumeMounts | [tpl string] Provide extra volume mounts declaration that will be included in the pods. Useful if you want to mount extra things. | +| extraVolume | [tpl string] Configuration pair with extraVolumeMounts. Declare which volume to mount in the pods. | +| persistence.geoserverDataDir.enabled | For geoserverDataDir volume. Default to true. If set, it will make a volume claim. | +| persistence.geoserverDataDir.existingClaim | For geoserverDataDir volume. Default to false. If set, it will use an existing claim name provided. | +| persistence.geoserverDataDir.mountPath | For geoserverDataDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geoserverDataDir key | +| persistence.geoserverDataDir.subPath | For geoserverDataDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services. | +| persistence.geoserverDataDir.size | For geoserverDataDir volume. Size of the volume | +| persistence.geoserverDataDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. | +| persistence.geowebcacheCacheDir.enabled | For geowebcacheCacheDir volume. Default to true. If set, it will make a volume claim. | +| persistence.geowebcacheCacheDir.existingClaim | For geowebcacheCacheDir volume. Default to false. If set, it will use an existing claim name provided. | +| persistence.geowebcacheCacheDir.mountPath | For geowebcacheCacheDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geowebcacheCacheDir key | +| persistence.geowebcacheCacheDir.subPath | For geowebcacheCacheDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services. | +| persistence.geowebcacheCacheDir.size | For geowebcacheCacheDir volume. Size of the volume | +| persistence.geowebcacheCacheDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. | +| service.type | The type of kubernetes service to be created. Leave it be for Headless service | +| service.loadBalancerIP | Only used if you use LoadBalancer service.type | +| service.externalIPs | External IPs to use for the service | +| service.port | External port to use/expose | +| affinity | Constrain pods to nodes | +| tolerations | Pod scheduling tolerations | +| ingress.enabled | Switch to true to enable ingress resource | +| ingress.host | The host name/site name the ingress will serve | +| ingress.tls.enabled | Set it to true to enable HTTPS | +| ingress.tls.secretName | Providing this will activate HTTPS ingress based on the provided certificate | +| probe | An override options for pod probe/health check | diff --git a/charts/geoserver/v0.3.4/app-readme.md b/charts/geoserver/v0.3.4/app-readme.md new file mode 100644 index 0000000..2b76fc6 --- /dev/null +++ b/charts/geoserver/v0.3.4/app-readme.md @@ -0,0 +1,6 @@ +# GeoServer + +This is Kartoza's GeoServer Rancher charts + +GeoServer is an open source server for sharing geospatial data. + diff --git a/charts/geoserver/v0.3.4/ci/values.yml b/charts/geoserver/v0.3.4/ci/values.yml new file mode 100644 index 0000000..c655ba2 --- /dev/null +++ b/charts/geoserver/v0.3.4/ci/values.yml @@ -0,0 +1,23 @@ +--- +geoserverDataDir: /opt/mygeoserver/data_dir +geowebcacheCacheDir: /opt/mygeoserver/gwc + +geoserverUser: superadmin +geoserverPassword: superpasswordlol + +persistence: + geoserverDataDir: + storageClass: "default" + mountPath: /opt/mygeoserver/data_dir + geowebcacheCacheDir: + storageClass: "default" + mountPath: /opt/mygeoserver/gwc + +ingress: + enabled: true + host: geoserver.test + annotations: + cert-manager.io/cluster-issuer: selfsigned-issuer + tls: + enabled: true + secretName: geoserver-tls diff --git a/charts/geoserver/v0.3.4/templates/NOTES.txt b/charts/geoserver/v0.3.4/templates/NOTES.txt new file mode 100644 index 0000000..bfbdde7 --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/NOTES.txt @@ -0,0 +1,26 @@ +To access GeoServer: + +1. Get user and password: + + ```bash + export GEOSERVER_ADMIN_USER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-user}' | base64 --decode) + export GEOSERVER_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-password}' | base64 --decode) + ``` + +{{- if not .Values.ingress.enabled }} +2. You didn't enable ingress, so GeoServer is exposed as Headless Service by default. + + You can arrange access by exposing it to NodePort or external address manually using kubernetes. + + Otherwise, you can access it via Kubernetes API-Server proxy: + + http://[cluster master address]/api/v1/namespaces/{{ .Release.Namespace }}/services/{{ template "geoserver.fullname" . }}:80/proxy/geoserver/ + +{{- end }} + +{{- if .Values.ingress.enabled }} +2. You have enabled ingress, service will be available here: + + http://{{ .Values.ingress.host }}/geoserver/ + +{{- end }} diff --git a/charts/geoserver/v0.3.4/templates/_helpers.tpl b/charts/geoserver/v0.3.4/templates/_helpers.tpl new file mode 100644 index 0000000..5cb355e --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/_helpers.tpl @@ -0,0 +1,129 @@ +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "geoserver.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "geoserver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Return the proper geoserver image name +*/}} +{{- define "geoserver.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + + + +{{/* +Get the password secret. +*/}} +{{- define "geoserver.secretName" -}} +{{- if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "geoserver.fullname" .) -}} +{{- end -}} +{{- end -}} + + + +{{/* +Return GeoServer password +*/}} +{{- define "geoserver.password" -}} +{{- if .Values.geoserverPassword -}} + {{- .Values.geoserverPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + + +{{/* +Return GeoServer Data Dir storageClass declaration +*/}} +{{- define "geoserver.geoserverDataDir.storageClass" -}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.geoserverDataDir.storageClass -}} + {{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.geoserverDataDir.storageClass -}} + {{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Return GeoServer Geo Web Cache storageClass declaration +*/}} +{{- define "geoserver.geowebcacheCacheDir.storageClass" -}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.geowebcacheCacheDir.storageClass -}} + {{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.geowebcacheCacheDir.storageClass -}} + {{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/geoserver/v0.3.4/templates/configmap.yaml b/charts/geoserver/v0.3.4/templates/configmap.yaml new file mode 100644 index 0000000..9a65406 --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/configmap.yaml @@ -0,0 +1,21 @@ +{{- if .Values.extraConfigMap -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "geoserver.fullname" . }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +data: + {{- with .Values.extraConfigMap }} + {{- tpl . $ | nindent 2 }} + {{- end }} +{{- end -}} diff --git a/charts/geoserver/v0.3.4/templates/deployment.yaml b/charts/geoserver/v0.3.4/templates/deployment.yaml new file mode 100644 index 0000000..9a8cdbf --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/deployment.yaml @@ -0,0 +1,162 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "geoserver.fullname" . }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "geoserver.fullname" . }} + release: {{ .Release.Name | quote }} + template: + metadata: + name: {{ template "geoserver.fullname" . }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.podLabels }} + {{- tpl . $ | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- (tpl . $) | nindent 8 }} + {{- end }} + spec: + securityContext: + fsGroup: 1000 + containers: + - name: {{ template "geoserver.fullname" . }} + image: {{ template "geoserver.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + env: + {{- if .Values.enableJSONP }} + - name: ENABLE_JSONP + value: {{ .Values.enableJSONP | quote }} + {{- end }} + {{- if .Values.geoserverDataDir }} + - name: GEOSERVER_DATA_DIR + value: {{ .Values.geoserverDataDir | quote }} + {{- end }} + {{- if .Values.geowebcacheCacheDir }} + - name: GEOWEBCACHE_CACHE_DIR + value: {{ .Values.geowebcacheCacheDir | quote }} + {{- end }} + - name: GEOSERVER_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "geoserver.secretName" . }} + key: geoserver-user + - name: GEOSERVER_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "geoserver.secretName" . }} + key: geoserver-password + {{- with .Values.extraPodEnv }} + {{- tpl . $ | nindent 12 }} + {{- end }} + ports: + - name: http-geoserver + containerPort: 8080 + {{- if .Values.probe }} + {{- with .Values.probe }} + {{- tpl . $ | nindent 10 }} + {{- end }} + {{- else }} + startupProbe: + httpGet: + path: /geoserver + port: http-geoserver + failureThreshold: 60 + periodSeconds: 5 + livenessProbe: + httpGet: + path: /geoserver + port: http-geoserver + scheme: HTTP + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /geoserver + port: http-geoserver + scheme: HTTP + failureThreshold: 3 + successThreshold: 1 + periodSeconds: 10 + {{- end }} + volumeMounts: + {{- if .Values.persistence.geoserverDataDir.enabled }} + - name: geoserver-data-dir + mountPath: {{ .Values.persistence.geoserverDataDir.mountPath }} + subPath: {{ .Values.persistence.geoserverDataDir.subPath }} + {{- end }} + {{- if .Values.persistence.geowebcacheCacheDir.enabled }} + - name: geowebcache-cache-dir + mountPath: {{ .Values.persistence.geowebcacheCacheDir.mountPath }} + subPath: {{ .Values.persistence.geowebcacheCacheDir.subPath }} + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- (tpl . $) | nindent 12 }} + {{- end }} + {{- with .Values.extraPodSpec }} + {{- tpl . $ | nindent 6 }} + {{- end }} + volumes: + {{- with .Values.extraVolume }} + {{- (tpl . $) | nindent 8 }} + {{- end }} +{{- if and .Values.persistence.geoserverDataDir.enabled .Values.persistence.geoserverDataDir.existingClaim }} + - name: geoserver-data-dir + persistentVolumeClaim: +{{- with .Values.persistence.geoserverDataDir.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if .Values.persistence.geoserverDataDir.enabled }} + - name: geoserver-data-dir + persistentVolumeClaim: + claimName: {{ template "geoserver.fullname" . }}-geoserver-data-dir +{{- else if not .Values.persistence.geoserverDataDir.enabled }} + - name: geoserver-data-dir + emptyDir: {} +{{- end }} +{{- if and .Values.persistence.geowebcacheCacheDir.enabled .Values.persistence.geowebcacheCacheDir.existingClaim }} + - name: geowebcache-cache-dir + persistentVolumeClaim: +{{- with .Values.persistence.geowebcacheCacheDir.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if .Values.persistence.geowebcacheCacheDir.enabled }} + - name: geowebcache-cache-dir + persistentVolumeClaim: + claimName: {{ template "geoserver.fullname" . }}-geowebcache-cache-dir +{{- else if not .Values.persistence.geowebcacheCacheDir.enabled }} + - name: geowebcache-cache-dir + emptyDir: {} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/geoserver/v0.3.4/templates/ingress.yaml b/charts/geoserver/v0.3.4/templates/ingress.yaml new file mode 100644 index 0000000..ab3abe5 --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + generation: 1 + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "geoserver.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: /geoserver + pathType: Prefix + backend: + service: + name: {{ template "geoserver.fullname" . }} + port: + number: 80 + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} +{{- end }} diff --git a/charts/geoserver/v0.3.4/templates/pvc.yaml b/charts/geoserver/v0.3.4/templates/pvc.yaml new file mode 100644 index 0000000..dafa241 --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/pvc.yaml @@ -0,0 +1,47 @@ + +{{- if and .Values.persistence.geoserverDataDir.enabled (not .Values.persistence.geoserverDataDir.existingClaim) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "geoserver.fullname" . }}-geoserver-data-dir +{{- with .Values.persistence.geoserverDataDir.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} +spec: + accessModes: + {{- range .Values.persistence.geoserverDataDir.accessModes }} + - {{ . | quote }} + {{- end }} + {{ include "geoserver.geoserverDataDir.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.geoserverDataDir.size | quote }} +... +{{- end }} +{{- if and .Values.persistence.geowebcacheCacheDir.enabled (not .Values.persistence.geowebcacheCacheDir.existingClaim) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "geoserver.fullname" . }}-geowebcache-cache-dir +{{- with .Values.persistence.geowebcacheCacheDir.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} +spec: + accessModes: + {{- range .Values.persistence.geowebcacheCacheDir.accessModes }} + - {{ . | quote }} + {{- end }} + {{ include "geoserver.geowebcacheCacheDir.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.geowebcacheCacheDir.size | quote }} +... +{{- end }} diff --git a/charts/geoserver/v0.3.4/templates/secrets.yaml b/charts/geoserver/v0.3.4/templates/secrets.yaml new file mode 100644 index 0000000..fb0d9b5 --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/secrets.yaml @@ -0,0 +1,20 @@ +{{- if or (not .Values.existingSecret) .Values.extraSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "geoserver.secretName" . }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if not .Values.existingSecret }} + geoserver-user: {{ .Values.geoserverUser | b64enc | quote }} + geoserver-password: {{ include "geoserver.password" . | b64enc | quote }} + {{- end }} + {{- with .Values.extraSecret }} + {{- tpl . $ | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/geoserver/v0.3.4/templates/svc.yaml b/charts/geoserver/v0.3.4/templates/svc.yaml new file mode 100644 index 0000000..18363eb --- /dev/null +++ b/charts/geoserver/v0.3.4/templates/svc.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "geoserver.fullname" . }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + kubernetes.io/cluster-service: "true" + {{- with .Values.service.labels }} + {{- tpl . $ | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.service.annotations }} + {{- tpl . $ | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + {{- if .Values.service.externalIPs }} + externalIPs: {{ .Values.service.externalIPs }} + {{- end }} + ports: + - name: http-geoserver + port: 80 + protocol: TCP + targetPort: http-geoserver + selector: + app: {{ template "geoserver.fullname" . }} + release: {{ .Release.Name | quote }} diff --git a/charts/geoserver/v0.3.4/values.yaml b/charts/geoserver/v0.3.4/values.yaml new file mode 100644 index 0000000..7c419f7 --- /dev/null +++ b/charts/geoserver/v0.3.4/values.yaml @@ -0,0 +1,142 @@ +image: + registry: docker.io + repository: kartoza/geoserver + tag: "2.24.1" + pullPolicy: IfNotPresent + +geoserverDataDir: /opt/geoserver/data_dir +geowebcacheCacheDir: /opt/geoserver/data_dir/gwc + +geoserverUser: admin + +# For prefilled password +# It will be stored in secret later +geoserverPassword: + +# Use this if you have predefined secrets +existingSecret: | + +# Define this for extra GeoServer environment variables +# Format: +# extraPodEnv: | +# - name: KEY_1 +# value: "VALUE_1" +# - name: KEY_2 +# value: "VALUE_2" +extraPodEnv: | + - name: INITIAL_MEMORY + value: "2G" + - name: MAXIMUM_MEMORY + value: "4G" + +# This will be evaluated as pod spec +extraPodSpec: | +# nodeSelector: +# a.label: value + +# Define this for extra secrets to be included +extraSecret: | +# key_1: value_1 + +# Define this for extra config map +extraConfigMap: | +# file_1: conf content + +# Define this for extra volume mounts in the pod +extraVolumeMounts: | +# You may potentially mount a config map/secret +# - name: custom-config +# mountPath: /docker-entrypoint.sh +# subPath: docker-entrypoint.sh +# readOnly: true + +# Define this for extra volume (in pair with extraVolumeMounts) +extraVolume: | +# You may potentially mount a config map/secret +# - name: custom-config +# configMap: +# name: geoserver-config + +service: + ## GeoServer service type + type: ClusterIP + # clusterIP: "" + # externalIPs: "" + port: 80 + + # nodePort: + + labels: | + annotations: | + + # loadBalancerIP: + + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +affinity: {} + +tolerations: {} + +ingress: + enabled: false + annotations: {} + labels: {} + host: geoserver.hostname + tls: + enabled: false + ## Provide secret name if tls is enabled + secretName: geoserver-tls + +# probe can be overridden +probe: | + +## You can also set global storage class +# global.storageClass: "-" + +persistence: + geoserverDataDir: + enabled: true + existingClaim: false + mountPath: /opt/geoserver/data_dir + subPath: "data_dir" + size: 8Gi + # storageClass: "-" + accessModes: + - ReadWriteOnce + annotations: {} + geowebcacheCacheDir: + enabled: true + existingClaim: false + mountPath: /opt/geoserver/data_dir/gwc + subPath: "gwc" + size: 8Gi + # storageClass: "-" + accessModes: + - ReadWriteOnce + annotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + explicitNamespacesSelector: {}