Skip to content

Commit

Permalink
Add securityContext with fsGroup to new GeoServer Helm chart
Browse files Browse the repository at this point in the history
  • Loading branch information
Bskr-P committed Jul 19, 2024
1 parent ff18be5 commit 5fce813
Show file tree
Hide file tree
Showing 14 changed files with 733 additions and 1 deletion.
2 changes: 1 addition & 1 deletion charts/geoserver/README.md
16 changes: 16 additions & 0 deletions charts/geoserver/v0.3.4/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: v2
name: geoserver
version: 0.3.4
appVersion: 2.21.0
description: Chart for GeoServer
keywords:
- GeoServer
- GIS
home: http://geoserver.org
sources:
- https://github.com/geoserver/geoserver
maintainers:
- name: lucernae
email: [email protected]
engine: gotpl
icon: https://raw.githubusercontent.com/kartoza/charts/master/assets/logo/GeoServer_500.png
72 changes: 72 additions & 0 deletions charts/geoserver/v0.3.4/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# GeoServer

This is Kartoza's GeoServer Rancher charts

GeoServer is an open source server for sharing geospatial data.


# How to Use

For helm:

```bash
helm install release-name kartoza/geoserver
```

# Intro

This chart bootstrap a GeoServer installation.
Most GeoServer packages are shipped with Jetty or Tomcat Server to be directly used in production instance.
On top of that you can cascade with Nginx or Apache if you need more control over the routing mechanism.

# What it can do

The default install uses kartoza/geoserver image, which can do the following:

- Default TLS enabled
- Generate new datadir at startup if volume empty
- Some plugins are shipped

Full list of options can be seen in: https://github.com/kartoza/docker-geoserver/

# Parameters

| Parameter | Description |
|---|---|
| image.registry | Docker image registry |
| image.repository | Docker image repository |
| image.tag | Docker image tag |
| image.pullPolicy | Docker image pull policy |
| geoserverDataDir | The directory of GeoServer Data Dir inside the pod |
| geowebcacheCacheDir | GeoServer have GeoWebCache support built in. This will be the location of the cache dir |
| geoserverUser | GeoServer super user name |
| geoserverPassword | GeoServer password for super user. If you fill it, it will then stored in k8s secret. |
| existingSecret | [tpl string] The name of the secret to get the geoserver password |
| extraPodEnv | [tpl string] Provide extra environment that will be passed into pods. Useful for non default image. |
| extraSecret | [tpl string] Provide extra secret that will be included in the pods. Useful for non default image. |
| extraConfigMap: | [tpl string] Provide extra config map that will be included in the pods. Useful for non default image. |
| extraVolumeMounts | [tpl string] Provide extra volume mounts declaration that will be included in the pods. Useful if you want to mount extra things. |
| extraVolume | [tpl string] Configuration pair with extraVolumeMounts. Declare which volume to mount in the pods. |
| persistence.geoserverDataDir.enabled | For geoserverDataDir volume. Default to true. If set, it will make a volume claim. |
| persistence.geoserverDataDir.existingClaim | For geoserverDataDir volume. Default to false. If set, it will use an existing claim name provided. |
| persistence.geoserverDataDir.mountPath | For geoserverDataDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geoserverDataDir key |
| persistence.geoserverDataDir.subPath | For geoserverDataDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services. |
| persistence.geoserverDataDir.size | For geoserverDataDir volume. Size of the volume |
| persistence.geoserverDataDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. |
| persistence.geowebcacheCacheDir.enabled | For geowebcacheCacheDir volume. Default to true. If set, it will make a volume claim. |
| persistence.geowebcacheCacheDir.existingClaim | For geowebcacheCacheDir volume. Default to false. If set, it will use an existing claim name provided. |
| persistence.geowebcacheCacheDir.mountPath | For geowebcacheCacheDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geowebcacheCacheDir key |
| persistence.geowebcacheCacheDir.subPath | For geowebcacheCacheDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services. |
| persistence.geowebcacheCacheDir.size | For geowebcacheCacheDir volume. Size of the volume |
| persistence.geowebcacheCacheDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. |
| service.type | The type of kubernetes service to be created. Leave it be for Headless service |
| service.loadBalancerIP | Only used if you use LoadBalancer service.type |
| service.externalIPs | External IPs to use for the service |
| service.port | External port to use/expose |
| affinity | Constrain pods to nodes |
| tolerations | Pod scheduling tolerations |
| ingress.enabled | Switch to true to enable ingress resource |
| ingress.host | The host name/site name the ingress will serve |
| ingress.tls.enabled | Set it to true to enable HTTPS |
| ingress.tls.secretName | Providing this will activate HTTPS ingress based on the provided certificate |
| probe | An override options for pod probe/health check |
6 changes: 6 additions & 0 deletions charts/geoserver/v0.3.4/app-readme.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# GeoServer

This is Kartoza's GeoServer Rancher charts

GeoServer is an open source server for sharing geospatial data.

23 changes: 23 additions & 0 deletions charts/geoserver/v0.3.4/ci/values.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
geoserverDataDir: /opt/mygeoserver/data_dir
geowebcacheCacheDir: /opt/mygeoserver/gwc

geoserverUser: superadmin
geoserverPassword: superpasswordlol

persistence:
geoserverDataDir:
storageClass: "default"
mountPath: /opt/mygeoserver/data_dir
geowebcacheCacheDir:
storageClass: "default"
mountPath: /opt/mygeoserver/gwc

ingress:
enabled: true
host: geoserver.test
annotations:
cert-manager.io/cluster-issuer: selfsigned-issuer
tls:
enabled: true
secretName: geoserver-tls
26 changes: 26 additions & 0 deletions charts/geoserver/v0.3.4/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
To access GeoServer:

1. Get user and password:

```bash
export GEOSERVER_ADMIN_USER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-user}' | base64 --decode)
export GEOSERVER_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-password}' | base64 --decode)
```

{{- if not .Values.ingress.enabled }}
2. You didn't enable ingress, so GeoServer is exposed as Headless Service by default.

You can arrange access by exposing it to NodePort or external address manually using kubernetes.

Otherwise, you can access it via Kubernetes API-Server proxy:

http://[cluster master address]/api/v1/namespaces/{{ .Release.Namespace }}/services/{{ template "geoserver.fullname" . }}:80/proxy/geoserver/

{{- end }}

{{- if .Values.ingress.enabled }}
2. You have enabled ingress, service will be available here:

http://{{ .Values.ingress.host }}/geoserver/

{{- end }}
129 changes: 129 additions & 0 deletions charts/geoserver/v0.3.4/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "geoserver.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}}
{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "geoserver.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}


{{/*
Return the proper geoserver image name
*/}}
{{- define "geoserver.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}



{{/*
Get the password secret.
*/}}
{{- define "geoserver.secretName" -}}
{{- if .Values.existingSecret -}}
{{- printf "%s" (tpl .Values.existingSecret $) -}}
{{- else -}}
{{- printf "%s" (include "geoserver.fullname" .) -}}
{{- end -}}
{{- end -}}



{{/*
Return GeoServer password
*/}}
{{- define "geoserver.password" -}}
{{- if .Values.geoserverPassword -}}
{{- .Values.geoserverPassword -}}
{{- else -}}
{{- randAlphaNum 10 -}}
{{- end -}}
{{- end -}}


{{/*
Return GeoServer Data Dir storageClass declaration
*/}}
{{- define "geoserver.geoserverDataDir.storageClass" -}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.geoserverDataDir.storageClass -}}
{{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.geoserverDataDir.storageClass -}}
{{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}


{{/*
Return GeoServer Geo Web Cache storageClass declaration
*/}}
{{- define "geoserver.geowebcacheCacheDir.storageClass" -}}
{{- if .Values.global -}}
{{- if .Values.global.storageClass -}}
{{- if (eq "-" .Values.global.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.global.storageClass -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.geowebcacheCacheDir.storageClass -}}
{{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- else -}}
{{- if .Values.persistence.geowebcacheCacheDir.storageClass -}}
{{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
21 changes: 21 additions & 0 deletions charts/geoserver/v0.3.4/templates/configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if .Values.extraConfigMap -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "geoserver.fullname" . }}
labels:
app: {{ template "geoserver.fullname" . }}
chart: {{ template "geoserver.chart" . }}
release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service | quote }}
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
data:
{{- with .Values.extraConfigMap }}
{{- tpl . $ | nindent 2 }}
{{- end }}
{{- end -}}
Loading

0 comments on commit 5fce813

Please sign in to comment.