-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add securityContext with fsGroup to new GeoServer Helm chart
- Loading branch information
Showing
14 changed files
with
733 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
v0.3.3/README.md | ||
v0.3.4/README.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
apiVersion: v2 | ||
name: geoserver | ||
version: 0.3.4 | ||
appVersion: 2.21.0 | ||
description: Chart for GeoServer | ||
keywords: | ||
- GeoServer | ||
- GIS | ||
home: http://geoserver.org | ||
sources: | ||
- https://github.com/geoserver/geoserver | ||
maintainers: | ||
- name: lucernae | ||
email: [email protected] | ||
engine: gotpl | ||
icon: https://raw.githubusercontent.com/kartoza/charts/master/assets/logo/GeoServer_500.png |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# GeoServer | ||
|
||
This is Kartoza's GeoServer Rancher charts | ||
|
||
GeoServer is an open source server for sharing geospatial data. | ||
|
||
|
||
# How to Use | ||
|
||
For helm: | ||
|
||
```bash | ||
helm install release-name kartoza/geoserver | ||
``` | ||
|
||
# Intro | ||
|
||
This chart bootstrap a GeoServer installation. | ||
Most GeoServer packages are shipped with Jetty or Tomcat Server to be directly used in production instance. | ||
On top of that you can cascade with Nginx or Apache if you need more control over the routing mechanism. | ||
|
||
# What it can do | ||
|
||
The default install uses kartoza/geoserver image, which can do the following: | ||
|
||
- Default TLS enabled | ||
- Generate new datadir at startup if volume empty | ||
- Some plugins are shipped | ||
|
||
Full list of options can be seen in: https://github.com/kartoza/docker-geoserver/ | ||
|
||
# Parameters | ||
|
||
| Parameter | Description | | ||
|---|---| | ||
| image.registry | Docker image registry | | ||
| image.repository | Docker image repository | | ||
| image.tag | Docker image tag | | ||
| image.pullPolicy | Docker image pull policy | | ||
| geoserverDataDir | The directory of GeoServer Data Dir inside the pod | | ||
| geowebcacheCacheDir | GeoServer have GeoWebCache support built in. This will be the location of the cache dir | | ||
| geoserverUser | GeoServer super user name | | ||
| geoserverPassword | GeoServer password for super user. If you fill it, it will then stored in k8s secret. | | ||
| existingSecret | [tpl string] The name of the secret to get the geoserver password | | ||
| extraPodEnv | [tpl string] Provide extra environment that will be passed into pods. Useful for non default image. | | ||
| extraSecret | [tpl string] Provide extra secret that will be included in the pods. Useful for non default image. | | ||
| extraConfigMap: | [tpl string] Provide extra config map that will be included in the pods. Useful for non default image. | | ||
| extraVolumeMounts | [tpl string] Provide extra volume mounts declaration that will be included in the pods. Useful if you want to mount extra things. | | ||
| extraVolume | [tpl string] Configuration pair with extraVolumeMounts. Declare which volume to mount in the pods. | | ||
| persistence.geoserverDataDir.enabled | For geoserverDataDir volume. Default to true. If set, it will make a volume claim. | | ||
| persistence.geoserverDataDir.existingClaim | For geoserverDataDir volume. Default to false. If set, it will use an existing claim name provided. | | ||
| persistence.geoserverDataDir.mountPath | For geoserverDataDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geoserverDataDir key | | ||
| persistence.geoserverDataDir.subPath | For geoserverDataDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services. | | ||
| persistence.geoserverDataDir.size | For geoserverDataDir volume. Size of the volume | | ||
| persistence.geoserverDataDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. | | ||
| persistence.geowebcacheCacheDir.enabled | For geowebcacheCacheDir volume. Default to true. If set, it will make a volume claim. | | ||
| persistence.geowebcacheCacheDir.existingClaim | For geowebcacheCacheDir volume. Default to false. If set, it will use an existing claim name provided. | | ||
| persistence.geowebcacheCacheDir.mountPath | For geowebcacheCacheDir volume. The path where the volume will be in the pods. Make sure that it corresponds to your geowebcacheCacheDir key | | ||
| persistence.geowebcacheCacheDir.subPath | For geowebcacheCacheDir volume. The path inside the the volume to mount to. Useful if you want to reuse the same volume but mount the subpath for different services. | | ||
| persistence.geowebcacheCacheDir.size | For geowebcacheCacheDir volume. Size of the volume | | ||
| persistence.geowebcacheCacheDir.accessModes | For geoserverDataDir volume. K8s Access mode of the volume. | | ||
| service.type | The type of kubernetes service to be created. Leave it be for Headless service | | ||
| service.loadBalancerIP | Only used if you use LoadBalancer service.type | | ||
| service.externalIPs | External IPs to use for the service | | ||
| service.port | External port to use/expose | | ||
| affinity | Constrain pods to nodes | | ||
| tolerations | Pod scheduling tolerations | | ||
| ingress.enabled | Switch to true to enable ingress resource | | ||
| ingress.host | The host name/site name the ingress will serve | | ||
| ingress.tls.enabled | Set it to true to enable HTTPS | | ||
| ingress.tls.secretName | Providing this will activate HTTPS ingress based on the provided certificate | | ||
| probe | An override options for pod probe/health check | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# GeoServer | ||
|
||
This is Kartoza's GeoServer Rancher charts | ||
|
||
GeoServer is an open source server for sharing geospatial data. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
geoserverDataDir: /opt/mygeoserver/data_dir | ||
geowebcacheCacheDir: /opt/mygeoserver/gwc | ||
|
||
geoserverUser: superadmin | ||
geoserverPassword: superpasswordlol | ||
|
||
persistence: | ||
geoserverDataDir: | ||
storageClass: "default" | ||
mountPath: /opt/mygeoserver/data_dir | ||
geowebcacheCacheDir: | ||
storageClass: "default" | ||
mountPath: /opt/mygeoserver/gwc | ||
|
||
ingress: | ||
enabled: true | ||
host: geoserver.test | ||
annotations: | ||
cert-manager.io/cluster-issuer: selfsigned-issuer | ||
tls: | ||
enabled: true | ||
secretName: geoserver-tls |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
To access GeoServer: | ||
|
||
1. Get user and password: | ||
|
||
```bash | ||
export GEOSERVER_ADMIN_USER=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-user}' | base64 --decode) | ||
export GEOSERVER_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "geoserver.secretName" . }} -o jsonpath='{.data.geoserver-password}' | base64 --decode) | ||
``` | ||
|
||
{{- if not .Values.ingress.enabled }} | ||
2. You didn't enable ingress, so GeoServer is exposed as Headless Service by default. | ||
|
||
You can arrange access by exposing it to NodePort or external address manually using kubernetes. | ||
|
||
Otherwise, you can access it via Kubernetes API-Server proxy: | ||
|
||
http://[cluster master address]/api/v1/namespaces/{{ .Release.Namespace }}/services/{{ template "geoserver.fullname" . }}:80/proxy/geoserver/ | ||
|
||
{{- end }} | ||
|
||
{{- if .Values.ingress.enabled }} | ||
2. You have enabled ingress, service will be available here: | ||
|
||
http://{{ .Values.ingress.host }}/geoserver/ | ||
|
||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
*/}} | ||
{{- define "geoserver.fullname" -}} | ||
{{- $name := default .Chart.Name .Values.nameOverride -}} | ||
{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} | ||
{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "geoserver.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
|
||
{{/* | ||
Return the proper geoserver image name | ||
*/}} | ||
{{- define "geoserver.image" -}} | ||
{{- $registryName := .Values.image.registry -}} | ||
{{- $repositoryName := .Values.image.repository -}} | ||
{{- $tag := .Values.image.tag | toString -}} | ||
{{/* | ||
Helm 2.11 supports the assignment of a value to a variable defined in a different scope, | ||
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. | ||
Also, we can't use a single if because lazy evaluation is not an option | ||
*/}} | ||
{{- if .Values.global }} | ||
{{- if .Values.global.imageRegistry }} | ||
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} | ||
{{- else -}} | ||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} | ||
{{- end -}} | ||
{{- else -}} | ||
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
|
||
|
||
{{/* | ||
Get the password secret. | ||
*/}} | ||
{{- define "geoserver.secretName" -}} | ||
{{- if .Values.existingSecret -}} | ||
{{- printf "%s" (tpl .Values.existingSecret $) -}} | ||
{{- else -}} | ||
{{- printf "%s" (include "geoserver.fullname" .) -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
|
||
|
||
{{/* | ||
Return GeoServer password | ||
*/}} | ||
{{- define "geoserver.password" -}} | ||
{{- if .Values.geoserverPassword -}} | ||
{{- .Values.geoserverPassword -}} | ||
{{- else -}} | ||
{{- randAlphaNum 10 -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
|
||
{{/* | ||
Return GeoServer Data Dir storageClass declaration | ||
*/}} | ||
{{- define "geoserver.geoserverDataDir.storageClass" -}} | ||
{{- if .Values.global -}} | ||
{{- if .Values.global.storageClass -}} | ||
{{- if (eq "-" .Values.global.storageClass) -}} | ||
{{- printf "storageClassName: \"\"" -}} | ||
{{- else }} | ||
{{- printf "storageClassName: %s" .Values.global.storageClass -}} | ||
{{- end -}} | ||
{{- else -}} | ||
{{- if .Values.persistence.geoserverDataDir.storageClass -}} | ||
{{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}} | ||
{{- printf "storageClassName: \"\"" -}} | ||
{{- else }} | ||
{{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- else -}} | ||
{{- if .Values.persistence.geoserverDataDir.storageClass -}} | ||
{{- if (eq "-" .Values.persistence.geoserverDataDir.storageClass) -}} | ||
{{- printf "storageClassName: \"\"" -}} | ||
{{- else }} | ||
{{- printf "storageClassName: %s" .Values.persistence.geoserverDataDir.storageClass -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
|
||
{{/* | ||
Return GeoServer Geo Web Cache storageClass declaration | ||
*/}} | ||
{{- define "geoserver.geowebcacheCacheDir.storageClass" -}} | ||
{{- if .Values.global -}} | ||
{{- if .Values.global.storageClass -}} | ||
{{- if (eq "-" .Values.global.storageClass) -}} | ||
{{- printf "storageClassName: \"\"" -}} | ||
{{- else }} | ||
{{- printf "storageClassName: %s" .Values.global.storageClass -}} | ||
{{- end -}} | ||
{{- else -}} | ||
{{- if .Values.persistence.geowebcacheCacheDir.storageClass -}} | ||
{{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}} | ||
{{- printf "storageClassName: \"\"" -}} | ||
{{- else }} | ||
{{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- else -}} | ||
{{- if .Values.persistence.geowebcacheCacheDir.storageClass -}} | ||
{{- if (eq "-" .Values.persistence.geowebcacheCacheDir.storageClass) -}} | ||
{{- printf "storageClassName: \"\"" -}} | ||
{{- else }} | ||
{{- printf "storageClassName: %s" .Values.persistence.geowebcacheCacheDir.storageClass -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{{- if .Values.extraConfigMap -}} | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ template "geoserver.fullname" . }} | ||
labels: | ||
app: {{ template "geoserver.fullname" . }} | ||
chart: {{ template "geoserver.chart" . }} | ||
release: {{ .Release.Name | quote }} | ||
heritage: {{ .Release.Service | quote }} | ||
{{- with .Values.labels }} | ||
{{- toYaml . | nindent 4 }} | ||
{{- end }} | ||
{{- with .Values.annotations }} | ||
annotations: {{ toYaml . | nindent 4 }} | ||
{{- end }} | ||
data: | ||
{{- with .Values.extraConfigMap }} | ||
{{- tpl . $ | nindent 2 }} | ||
{{- end }} | ||
{{- end -}} |
Oops, something went wrong.