diff --git a/charts/geoserver-standalone/README.md b/charts/geoserver-standalone/README.md index 308a3d9..2540a9d 120000 --- a/charts/geoserver-standalone/README.md +++ b/charts/geoserver-standalone/README.md @@ -1 +1 @@ -v0.1.6/README.md \ No newline at end of file +v0.2.0/README.md \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/Chart.yaml b/charts/geoserver-standalone/v0.2.0/Chart.yaml new file mode 100644 index 0000000..53c3123 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: geoserver-standalone + +version: 0.2.0 +appVersion: 2.24.2 + +description: Chart for GeoServer + +keywords: + - GeoServer + - GIS + +home: http://geoserver.org +sources: + - https://github.com/geoserver/geoserver +maintainers: + - name: tharanath-kartoza + email: charts4kubernetes@gmail.com + +dependencies: +- condition: postgis.enabled + name: postgis + repository: https://kartoza.github.io/charts + tags: + - geoserver-database + version: 0.2.4 + +icon: https://raw.githubusercontent.com/kartoza/charts/master/assets/logo/GeoServer_500.png diff --git a/charts/geoserver-standalone/v0.2.0/README.md b/charts/geoserver-standalone/v0.2.0/README.md new file mode 100644 index 0000000..ef7e64a --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/README.md @@ -0,0 +1,91 @@ +# GeoServer + +This is Kartoza's GeoServer Chart + +GeoServer is an open source server for sharing geospatial data. + + +# How to Use + +For helm: + +```bash +helm install release-name oci://registry-1.docker.io/tgplinux/geoserver +``` + +# Intro + +This chart bootstrap a GeoServer installation. +Most GeoServer packages are shipped with Jetty or Tomcat Server to be directly used in production instance. +On top of that you can cascade with Nginx or Apache if you need more control over the routing mechanism. + +# What it can do + +The default install uses kartoza/geoserver image, which can do the following: + +- Default TLS enabled +- Generate new datadir at startup if volume empty +- Some plugins are shipped + +Full list of options can be seen in: https://github.com/kartoza/docker-geoserver/ + +# Parameters + +| Parameter | Description | +|---|---| +| image.registry | Docker image registry | +| image.repository | Docker image repository | +| image.tag | Docker image tag | +| image.digest | Apache image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | +| image.pullPolicy | Docker image pull policy | +| global.imageRegistry | Global Docker image registry | +| global.imagePullSecrets | Global Docker registry secret names as an array | +| nameOverride | String to partially override common.names.fullname | +| fullnameOverride | String to fully override common.names.fullname | +| replicas | Number of replicas of the Geoserver deployment | +| geoserverUser | GeoServer super user name | +| geoserverPassword | GeoServer password for super user. If you fill it, it will then stored in k8s secret. | +| annotations | Pod annotations | +| labels | Extra labels for Apache pods | +| affinity | Affinity for pod assignment | +| nodeSelector | Node labels for pod assignment | +| tolerations | Tolerations for pod assignment | +| existingSecret | [tpl string] The name of the secret to get the geoserver password | +| extraPodEnv | [tpl string] Provide extra environment that will be passed into pods. Useful for non default image. | +| extraSecret | [tpl string] Provide extra secret that will be included in the pods. Useful for non default image. | +| configMaps | [tpl string] Provide extra config map that will be included in the pods. Useful for non default image. | +| extraVolumeMounts | [tpl string] Provide extra volume mounts declaration that will be included in the pods. Useful if you want to mount extra things. | +| extraVolume | [tpl string] Configuration pair with extraVolumeMounts. Declare which volume to mount in the pods. | +| strategy.type | specifies the strategy used to replace old Pods by new ones | +| persistence.enabled | For geoserverDataDir volume. Default to true. If set, it will make a volume claim. | +| persistence.existingClaim | For geoserverDataDir volume. Default to false. If set, it will use an existing claim name provided. | +| persistence.mountPath | For geoserverDataDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geoserverDataDir key | +| persistence.subPath | For geoserverDataDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services. | +| persistence.size | For geoserverDataDir volume. Size of the volume | +| persistence.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. | +| persistentVolumeClaimRetentionPolicy | describes the lifecycle of persistent volume claims created from volumeClaimTemplates | +| service.type | The type of kubernetes service to be created. Leave it be for Headless service | +| service.loadBalancerIP | Only used if you use LoadBalancer service.type | +| service.externalIPs | External IPs to use for the service | +| service.nodePort | Node port for the service | +| service.port | External port to use/expose | +| rbac.enabled | Enable Role and rolebinding for priveledged PSP | +| serviceAccount.create | Wether to create a serviceaccount or use an existing one | +| serviceAccount.annotations | Serviceaccount annotations | +| serviceAccount.name | The name of the sevice account that the deployment will use | +| resources.limits | The resources limits for the container | +| resources.requests | The requested resources for the container | +| autoscaling.enabled | Enable Horizontal POD autoscaling | +| autoscaling.minReplicas | Minimum number of replicas | +| autoscaling.maxReplicas | Maximum number of replicas | +| autoscaling.targetCPUUtilizationPercentage | Target CPU utilization percentage | +| autoscaling.targetMemoryUtilizationPercentage | Target Memory utilization percentage | +| podSecurityContext | Optional security context for the Geoserver Pod | +| containerSecurityContext | Optional security context for the Geoserver Container | +| ingress.enabled | Switch to true to enable ingress resource | +| ingress.host | The host name/site name the ingress will serve | +| ingress.tls.enabled | Set it to true to enable HTTPS | +| ingress.className | IngressClass that will be be used to implement the Ingress | +| ingress.annotations | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations | +| ingress.tls.secretName | Providing this will activate HTTPS ingress based on the provided certificate | +| customProbes | An override options for pod probe/health check | \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/charts/postgis-0.2.4.tgz b/charts/geoserver-standalone/v0.2.0/charts/postgis-0.2.4.tgz new file mode 100644 index 0000000..fafc071 Binary files /dev/null and b/charts/geoserver-standalone/v0.2.0/charts/postgis-0.2.4.tgz differ diff --git a/charts/geoserver-standalone/v0.2.0/templates/NOTES.txt b/charts/geoserver-standalone/v0.2.0/templates/NOTES.txt new file mode 100644 index 0000000..f9eb3cc --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/NOTES.txt @@ -0,0 +1,7 @@ +Check that the Geoserver is up and running: + + kubectl get deployment/{{ include "geoserver.fullname" . }} -n {{ .Release.Namespace }} + +Check that the secret has been created: + + kubectl get secret/{{ include "geoserver.fullname" . }} -n {{ .Release.Namespace }} diff --git a/charts/geoserver-standalone/v0.2.0/templates/_helpers.tpl b/charts/geoserver-standalone/v0.2.0/templates/_helpers.tpl new file mode 100644 index 0000000..9382ab1 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/_helpers.tpl @@ -0,0 +1,203 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "geoserver.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "geoserver.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "geoserver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "geoserver.labels" -}} +helm.sh/chart: {{ include "geoserver.chart" . }} +{{ include "geoserver.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "geoserver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "geoserver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + +{{/* +Get the configMap key. +*/}} +{{- define "geoserver.configName" -}} +{{- if .Values.existingConfig -}} + {{- printf "%s" (tpl .Values.existingConfig $) -}} +{{- else -}} + {{- printf "%s" (include "geoserver.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "geoserver.secretName" -}} +{{- if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "geoserver.fullname" .) -}} +{{- end -}} +{{- end -}} + + +{{/* +Return GeoServer user +*/}} +{{- define "geoserver.user" -}} +{{- if .Values.geoserverUser -}} + {{- .Values.geoserverUser -}} +{{- else -}} + {{- randAlphaNum 7 -}} +{{- end -}} +{{- end -}} + + +{{/* +Return GeoServer password +*/}} +{{- define "geoserver.password" -}} +{{- if .Values.geoserverPassword -}} + {{- .Values.geoserverPassword -}} +{{- else -}} + {{- randAlphaNum 12 -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "geoserver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "geoserver.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return GeoServer Data Dir storageClass declaration +*/}} +{{- define "geoserver.geoserverDataDir.storageClass" -}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.persistence.geoserverDataDir.storageClass -}} + {{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.persistence.geoserverDataDir.storageClass -}} + {{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Postgis Hostname +*/}} +{{- define "geoserver.databaseHost" -}} +{{- if .Values.postgis.enabled }} + {{- printf "%s" (include "geoserver.fullname" .) -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.host -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Postgis Port +*/}} +{{- define "geoserver.databasePort" -}} +{{- if .Values.postgis.enabled }} + {{- printf "5432" -}} +{{- else -}} + {{- printf "%d" (.Values.externalDatabase.port | int ) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Postgis Database Name +*/}} +{{- define "geoserver.databaseName" -}} +{{- if .Values.postgis.enabled }} + {{- printf "%s" .Values.postgis.auth.database -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.database -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Postgis User +*/}} +{{- define "geoserver.databaseUser" -}} +{{- if .Values.postgis.enabled }} + {{- printf "%s" .Values.postgis.auth.username -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.user -}} +{{- end -}} +{{- end -}} + + +{{/* +Return the Postgis Secret Name +*/}} +{{- define "geoserver.databaseSecretName" -}} +{{- if and (.Values.postgis.enabled) (not .Values.postgis.existingSecret) -}} + {{- printf "%s" (include "geoserver.fullname" .) -}} +{{- else if and (.Values.postgis.enabled) (.Values.postgis.existingSecret) -}} + {{- printf "%s" .Values.postgis.auth.existingSecret -}} +{{- else }} + {{- if .Values.externalDatabase.existingSecret -}} + {{- printf "%s" .Values.externalDatabase.existingSecret -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name "externaldb" -}} + {{- end -}} +{{- end -}} +{{- end -}} + diff --git a/charts/geoserver-standalone/v0.2.0/templates/configmap.yaml b/charts/geoserver-standalone/v0.2.0/templates/configmap.yaml new file mode 100644 index 0000000..a57c5cf --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{- if or (not .Values.existingConfig) .Values.extraConfig }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "geoserver.configName" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +data: + {{- if not .Values.existingConfig }} + httpHost: {{ .Values.httpHost | quote }} + httpProxyName: {{ .Values.httpProxyName | quote }} + communityExtensions: {{ .Values.communityExtensions | quote }} + stableExtensions: {{ .Values.stableExtensions | quote }} + initialMemory: {{ .Values.initialMemory | quote }} + maximumMemory: {{ .Values.maximumMemory | quote }} + csrfWhitelist: {{ .Values.csrfWhitelist | quote }} + {{- end }} + {{- with .Values.extraConfig }} + {{- tpl . $ | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/templates/deployment.yaml b/charts/geoserver-standalone/v0.2.0/templates/deployment.yaml new file mode 100644 index 0000000..bf15cde --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/deployment.yaml @@ -0,0 +1,232 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "geoserver.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicas }} + {{- end }} + updateStrategy: + {{- toYaml .Values.strategy | nindent 4 }} + selector: + matchLabels: + app: {{ template "geoserver.fullname" . }} + release: {{ .Release.Name | quote }} + template: + metadata: + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + spec: + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "geoserver.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- if .Values.image.digest }} + image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" + {{- else }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: HTTP_HOST + valueFrom: + configMapKeyRef: + name: {{ include "geoserver.configName" . }} + key: httpHost + - name: HTTP_PORT + value: {{ .Values.httpPort | quote }} + - name: HTTP_PROXY_NAME + valueFrom: + configMapKeyRef: + name: {{ include "geoserver.configName" . }} + key: httpProxyName + - name: HTTP_SCHEME + value: {{ .Values.httpScheme | quote }} + - name: COMMUNITY_EXTENSIONS + valueFrom: + configMapKeyRef: + name: {{ include "geoserver.configName" . }} + key: communityExtensions + - name: STABLE_EXTENSIONS + valueFrom: + configMapKeyRef: + name: {{ include "geoserver.configName" . }} + key: stableExtensions + - name: INITIAL_MEMORY + valueFrom: + configMapKeyRef: + name: {{ include "geoserver.configName" . }} + key: initialMemory + - name: MAXIMUM_MEMORY + valueFrom: + configMapKeyRef: + name: {{ include "geoserver.configName" . }} + key: maximumMemory + - name: CSRF_WHITELIST + valueFrom: + configMapKeyRef: + name: {{ include "geoserver.configName" . }} + key: csrfWhitelist + - name: GEOSERVER_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "geoserver.secretName" . }} + key: geoserver-user + - name: GEOSERVER_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "geoserver.secretName" . }} + key: geoserver-password + {{- if .Values.postgis.enabled }} + - name: POSTGRES_PASS + valueFrom: + secretKeyRef: + name: {{ include "geoserver.databaseSecretName" . }} + key: database-password + {{- end }} + {{- if .Values.postgis.enabled }} + - name: POSTGRES_USER + value: {{ .Values.postgis.auth.username | quote }} + {{- end }} + {{- if not .Values.postgis.enabled }} + - name: DATABASE_USER + valueFrom: + secretKeyRef: + name: {{ include "geoserver.databaseSecretName" . }} + key: database-user + - name: DATABASE_HOST + valueFrom: + secretKeyRef: + name: {{ include "geoserver.databaseSecretName" . }} + key: database-host + - name: DATABASE_DB + valueFrom: + secretKeyRef: + name: {{ include "geoserver.databaseSecretName" . }} + key: database-db + - name: DATABASE_PASS + valueFrom: + secretKeyRef: + name: {{ include "geoserver.databaseSecretName" . }} + key: database-password + - name: DATABASE_PORT + valueFrom: + secretKeyRef: + name: {{ include "geoserver.databaseSecretName" . }} + key: database-port + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: {{ include "geoserver.databaseSecretName" . }} + key: database-url + {{- end }} + {{- with .Values.extraPodEnv }} + {{- tpl . $ | nindent 12 }} + {{- end }} + ports: + - name: http-geoserver + containerPort: 8080 + protocol: TCP + {{- if .Values.customProbes }} + {{- with .Values.customProbes }} + {{- tpl . $ | nindent 10 }} + {{- end }} + {{- else }} + {{- with .Values.livenessProbe }} + {{- if .enabled }} + livenessProbe: + tcpSocket: + port: http-geoserver + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} + {{- with .Values.readinessProbe }} + {{- if .enabled }} + readinessProbe: + tcpSocket: + port: http-geoserver + initialDelaySeconds: {{ .initialDelaySeconds }} + periodSeconds: {{ .periodSeconds }} + successThreshold: {{ .successThreshold }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} + {{- with .Values.startupProbe }} + {{- if .enabled }} + startupProbe: + tcpSocket: + port: http-geoserver + periodSeconds: {{ .periodSeconds }} + failureThreshold: {{ .failureThreshold }} + {{- end }} + {{- end }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + {{- if .Values.persistence.geoserverDataDir.enabled }} + - name: geoserver-data + mountPath: {{ .Values.persistence.geoserverDataDir.mountPath }} + {{- if .Values.persistence.geoserverDataDir.subPath }} + subPath: {{ .Values.persistence.geoserverDataDir.subPath }} + {{- end }} + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 8 }} + {{- end }} + restartPolicy: Always + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + - name: geoserver-data + {{- if .Values.persistence.geoserverDataDir.enabled }} + {{- if .Values.persistence.geoserverDataDir.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.geoserverDataDir.existingClaim}} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "geoserver.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/templates/externaldb-secrets.yaml b/charts/geoserver-standalone/v0.2.0/templates/externaldb-secrets.yaml new file mode 100644 index 0000000..5c863e1 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/externaldb-secrets.yaml @@ -0,0 +1,20 @@ +{{- if (not (or .Values.postgis.enabled .Values.externalDatabase.existingSecret)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-%s" .Release.Name "externaldb" }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + database-user: {{ default "" .Values.externalDatabase.user | b64enc | quote }} + database-db: {{ default "" .Values.externalDatabase.database | b64enc | quote }} + database-port: {{ default "" .Values.externalDatabase.port | toString | b64enc | quote }} + database-host: {{ default "" .Values.externalDatabase.host | b64enc | quote }} + database-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} + database-url: {{ default "" .Values.externalDatabase.url | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/templates/hpa.yaml b/charts/geoserver-standalone/v0.2.0/templates/hpa.yaml new file mode 100644 index 0000000..2634faa --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "geoserver.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: StatefulSet + name: {{ include "geoserver.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/geoserver-standalone/v0.2.0/templates/ingress.yaml b/charts/geoserver-standalone/v0.2.0/templates/ingress.yaml new file mode 100644 index 0000000..f74bd8c --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "geoserver.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - backend: + service: + name: {{ template "geoserver.fullname" . }} + port: + number: 8080 + path: /geoserver + pathType: ImplementationSpecific + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} +{{- end }} diff --git a/charts/geoserver-standalone/v0.2.0/templates/rbac.yaml b/charts/geoserver-standalone/v0.2.0/templates/rbac.yaml new file mode 100644 index 0000000..351db44 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/rbac.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "geoserver.fullname" . }}-privileged + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - extensions + resourceNames: + - privileged + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "geoserver.fullname" . }}-privileged + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "geoserver.fullname" . }}-privileged +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/templates/secrets.yaml b/charts/geoserver-standalone/v0.2.0/templates/secrets.yaml new file mode 100644 index 0000000..df76613 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/secrets.yaml @@ -0,0 +1,21 @@ +{{- if or (not .Values.existingSecret) .Values.extraSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "geoserver.secretName" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +type: Opaque +data: + {{- if not .Values.existingSecret }} + geoserver-user: {{ include "geoserver.user" . | b64enc | quote }} + geoserver-password: {{ include "geoserver.password" . | b64enc | quote }} + {{- end }} + {{- with .Values.extraSecret }} + {{- tpl . $ | nindent 2 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/templates/service.yaml b/charts/geoserver-standalone/v0.2.0/templates/service.yaml new file mode 100644 index 0000000..92e3953 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "geoserver.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "geoserver.fullname" . }} + chart: {{ template "geoserver.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + {{- with .Values.service.labels }} + {{- tpl . $ | nindent 4 }} + {{- end }} + annotations: + {{- with .Values.service.annotations }} + {{- tpl . $ | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: http-geoserver + protocol: TCP + name: http-geoserver + {{- if eq .Values.service.type "NodePort" }} + nodePort: {{ default "" .Values.service.nodePort}} + {{- end }} + {{- if .Values.service.externalIPs }} + externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} + {{- end }} + selector: + app: {{ template "geoserver.fullname" . }} + release: {{ .Release.Name | quote }} diff --git a/charts/geoserver-standalone/v0.2.0/templates/serviceaccount.yaml b/charts/geoserver-standalone/v0.2.0/templates/serviceaccount.yaml new file mode 100644 index 0000000..d791747 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "geoserver.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "geoserver.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/geoserver-standalone/v0.2.0/templates/volume.yaml b/charts/geoserver-standalone/v0.2.0/templates/volume.yaml new file mode 100644 index 0000000..7baa5cd --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/templates/volume.yaml @@ -0,0 +1,21 @@ + +{{- if and .Values.persistence.geoserverDataDir.enabled (not .Values.persistence.geoserverDataDir.existingClaim) }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "geoserver.fullname" . }}-data + {{- with .Values.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.geoserverDataDir.accessModes }} + - {{ . | quote }} + {{- end }} + {{- include "geoserver.geoserverDataDir.storageClass" . | nindent 2 }} + resources: + requests: + storage: {{ .Values.persistence.geoserverDataDir.size | quote }} +... +{{- end }} \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/values.schema.json b/charts/geoserver-standalone/v0.2.0/values.schema.json new file mode 100644 index 0000000..bab4495 --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/values.schema.json @@ -0,0 +1,312 @@ +{ + "title": "Geoserver Chart Values", + "type": "object", + "properties": { + "replicas": { + "type": "number", + "description": "Number of Geoserver replicas to deploy", + "default": 1 + }, + "global": { + "type": "object", + "properties": { + "imageRegistry": { + "type": "string", + "description": "Global Docker image registry", + "default": "" + }, + "imagePullSecrets": { + "type": "array", + "description": "Global Docker registry secret names as an array", + "default": [], + "items": {} + } + } + }, + "image": { + "type": "object", + "properties": { + "registry": { + "type": "string", + "description": "Geoserver image registry", + "default": "docker.io" + }, + "repository": { + "type": "string", + "description": "Geoserver image repository", + "default": "kartoza/geoserver" + }, + "tag": { + "type": "string", + "description": "Geoserver image tag (immutable tags are recommended)", + "default": "2.24.0" + }, + "digest": { + "type": "string", + "description": "Geoserver image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)", + "default": "" + }, + "pullPolicy": { + "type": "string", + "description": "Geoserver image pull policy", + "pattern": "^(Always|Never|IfNotPresent)$" + } + } + }, + "nameOverride": { + "type": "string", + "description": "String to partially override name", + "default": "" + }, + "fullnameOverride": { + "type": "string", + "description": "String to fully override fullname", + "default": "" + }, + "annotations": { + "type": "object", + "description": "Annotations to add to all deployed objects", + "default": {} + }, + "labels": { + "type": "object", + "description": "Labels to add to all deployed objects", + "default": {} + }, + "geoserverUser": { + "type": "string", + "title": "Geoserver admin user", + "description": "Name of the admin user to be created during the 1st initialization of Geoserver", + "form": true + }, + "geoserverPassword": { + "type": "string", + "title": "Password for the Geoserver admin user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true + }, + "extraVolumeMounts": { + "type": "array", + "description": "Optionally specify extra list of additional volumeMounts for the Geoserver container(s)", + "default": [], + "items": {} + }, + "extraVolumes": { + "type": "array", + "description": "Optionally specify extra list of additional volumes for the Geoserver pod(s)", + "default": [], + "items": {} + }, + "serviceAccount": { + "type": "object", + "properties": { + "create": { + "type": "boolean", + "description": "Specifies whether a ServiceAccount should be created", + "default": true + }, + "annotations": { + "type": "object", + "description": "Additional Service Account annotations (evaluated as a template)", + "default": {} + }, + "name": { + "type": "string", + "description": "The name of the ServiceAccount to use.", + "default": "" + } + } + }, + "strategy": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Geoserver deployment strategy type.", + "default": "Recreate" + } + } + }, + "ingress": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable ingress record generation for Geoserver", + "default": false + }, + "className": { + "type": "string", + "description": "IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)", + "default": "" + }, + "annotations": { + "type": "object", + "description": "Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.", + "default": {} + }, + "host": { + "type": "string", + "description": "Default host for the ingress record", + "default": "geoserver.hostname" + }, + "tls": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable TLS configuration for the host defined at `ingress.host` parameter", + "default": false + } + } + } + }, + "tolerations": { + "type": "array", + "description": "Tolerations for Geoserver pods assignment", + "default": [], + "items": {} + }, + "affinity": { + "type": "object", + "description": "Affinity for Geoserver pods assignment", + "default": {} + }, + "nodeSelector": { + "type": "object", + "description": "Node labels for Geoserver pods assignment", + "default": {} + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable livenessProbe on Geoserver containers", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for livenessProbe", + "default": 180 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for livenessProbe", + "default": 15 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for livenessProbe", + "default": 1 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for livenessProbe", + "default": 5 + } + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable readinessProbe on Geoserver containers", + "default": true + }, + "initialDelaySeconds": { + "type": "number", + "description": "Initial delay seconds for readinessProbe", + "default": 60 + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for readinessProbe", + "default": 15 + }, + "successThreshold": { + "type": "number", + "description": "Success threshold for readinessProbe", + "default": 1 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for readinessProbe", + "default": 5 + } + } + }, + "startupProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable startupProbe on Geoserver containers", + "default": true + }, + "failureThreshold": { + "type": "number", + "description": "Failure threshold for startupProbe", + "default": 60 + }, + "periodSeconds": { + "type": "number", + "description": "Period seconds for startupProbe", + "default": 5 + } + } + }, + "customProbes": { + "type": "object", + "description": "Custom Probes that overrides the default one", + "default": {} + }, + "persistence": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Geoserver data persistence using VolumeClaimTemplates", + "default": true + }, + "storageClass": { + "type": "string", + "description": "PVC Storage Class for data volume", + "default": "" + }, + "mountPath": { + "type": "string", + "description": "Path to mount the volume at.", + "default": "/opt/geoserver/data_dir" + }, + "subPath": { + "type": "string", + "description": "The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services", + "default": "" + }, + "size": { + "type": "string", + "description": "PVC Storage Request for Geoserver volume", + "default": "8Gi" + }, + "accessModes": { + "type": "array", + "description": "PVC Access Mode for Geoserver volume", + "default": [ + "ReadWriteOnce" + ], + "items": { + "type": "string" + } + }, + "annotations": { + "type": "object", + "description": "Annotations for the PVC", + "default": {} + } + } + } + } + } +} \ No newline at end of file diff --git a/charts/geoserver-standalone/v0.2.0/values.yaml b/charts/geoserver-standalone/v0.2.0/values.yaml new file mode 100644 index 0000000..0b42c2c --- /dev/null +++ b/charts/geoserver-standalone/v0.2.0/values.yaml @@ -0,0 +1,318 @@ +# Default values for geoserver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Number of replicas to be created +replicas: 1 + +global: + ## global.imageRegistry Global Docker image registry + ## + imageRegistry: "" + ## global.imagePullSecrets Global Docker registry secret names as an array + ## e.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + # Storage class name used to provision PV + storageClass: "" + +image: + # Image registry + registry: docker.io + # Image repository + repository: kartoza/geoserver + # Image tag + tag: "2.24.2" + # Image digest + digest: "" + # (k8s/containers/image/imagePullPolicy) Image pullPolicy + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +# Annotations to add to the Geoserver deployment's. Optional. +annotations: {} + + +# Labels to add to the Geoserver deployment's. Optional. +labels: {} + + +geoserverUser: admin + +# For prefilled password +# It will be stored in secret later +geoserverPassword: "" + +httpScheme: https + +httpHost: 0.0.0.0 + +httpPort: 8080 + +httpProxyName: geoserver.hostname + +csrfWhitelist: ['geoserver.hostname'] + +initialMemory: 2Gi + +maximumMemory: 4Gi + +communityExtensions: + +stableExtensions: + +printBaseUrl: geoserver.hostname + +# Use this if you have predefined secrets +existingSecret: | + +# Use this if you have predefined configs +existingConfig: | + +# Define this for extra GeoServer environment variables +# Format: +# extraPodEnv: | +# - name: KEY_1 +# value: "VALUE_1" +# - name: KEY_2 +# value: "VALUE_2" +extraPodEnv: | + +# This will be evaluated as pod spec +extraPodSpec: | +# nodeSelector: +# a.label: value + +# Define this for extra secrets to be included +extraSecret: | +# key_1: value_1 + +# Define this for extra configs to be included +extraConfig: | +# key_1: value_1 + +configMaps: {} + +# Define this for extra volume mounts in the pod +extraVolumeMounts: [] +# You may potentially mount a config map/secret +# - name: custom-config +# mountPath: /docker-entrypoint.sh +# subPath: docker-entrypoint.sh +# readOnly: true + +# Define this for extra volume (in pair with extraVolumeMounts) +extraVolumes: [] +# You may potentially mount a config map/secret +# - name: custom-config +# configMap: +# name: geoserver-config + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + +service: + # Service Type to be used for the service + type: ClusterIP + # Service Type to be used for the service + port: 8080 + # LoadBalancer IP to add to the service, if the service type is LoadBalancer. + loadBalancerIP: "" + # If there are external IPs that route to one or more cluster nodes, Kubernetes Services can be exposed on those externalIPs + externalIPs: [] + # NodePort to use for the service. Optional. + nodePort: nil + # You can specify extra Labels to add to the service. Optional. + labels: {} + # You can specify extra Annotations to add to the Sevice. Optional. + annotations: {} + +## Strategy used to replace old pods +## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +strategy: + type: Recreate + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 1 + # maxUnavailable: 0 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + host: geoserver.hostname + tls: + enabled: false + ## Provide secret name if tls is enabled + secretName: geoserver-tls + + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: "" + +# whether to enable Role Based Access Control +rbac: + enabled: false + + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +podSecurityContext: {} + # fsGroup: 1001 + +## Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +containerSecurityContext: {} + # runAsUser: 1001 + # runAsNonRoot: true + # privileged: false + # readOnlyRootFilesystem: false + # allowPrivilegeEscalation: false + # capabilities: + # drop: ["ALL"] + # seccompProfile: + # type: "RuntimeDefault" + +# Tolerations to use for the Geoserver deployment. Optional. +tolerations: [] + +# Affinity to use for the Geoserver deployment. Optional. +affinity: {} + +# Node selector to use for the Geoserver deployment. Optional. +nodeSelector: {} + +## Liveness and readiness probe values + +## Liveness and readiness probe values +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: true + failureThreshold: 15 + successThreshold: 1 + periodSeconds: 5 + initialDelaySeconds: 120 + +readinessProbe: + enabled: true + failureThreshold: 15 + successThreshold: 1 + periodSeconds: 5 + initialDelaySeconds: 120 + +startupProbe: + enabled: false + failureThreshold: 60 + periodSeconds: 5 + + +# (k8s/containers/probe) Probe can be overridden +# If set empty, it will use default probe +# @notationType -- tpl +customProbes: | + + +persistence: + geoserverDataDir: + # Enable persistence. If set to false, the data directory + # will use ephemeral volume + enabled: true + + ## If existingClaim is specified, no PVC will be created and this claim will + ## be used + existingClaim: "" + + # The path the volume will be mounted at, useful when using different + # Geoserver images. + mountPath: /opt/geoserver/data_dir + + # The subdirectory of the volume to mount to, useful in + # dev environments and one PV for multiple services. Default provisioner + # usually have .lost+found directory, so you might want to use this so + # the container can have empty volume + subPath: "data_dir" + + # Size of the PV + size: 8Gi + + # Default Access Modes + accessModes: + - ReadWriteMany + # You can specify extra annotations here + annotations: {} + + # specify storageclass + storageClass: "" + +## Database Parameters +## +postgis: + ## postgis.enabled Deploy a PostgreSQL server to satisfy the applications database requirements + ## To use an external database set this to false and configure the `externalDatabase.*` parameters + ## + enabled: false + auth: + database: app + username: app + password: "" + existingSecret: "" + +## External Database Configuration +## All of these values are only used if `postgis.enabled=false` +## +externalDatabase: + ## externalDatabase.host External Database server host + ## + host: localhost + ## externalDatabase.port External Database server port + ## + port: 5432 + ## externalDatabase.user External Database username + ## + user: app + ## externalDatabase.password External Database user password + ## + password: "" + ## externalDatabase.database External Database database name + ## + database: app + ## externalDatabase.url External Database database url + ## + url: postgres://app:pass@localhost:5432/app + ## externalDatabase.existingSecret The name of an existing secret with database credentials + ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored + ## + existingSecret: ""