diff --git a/.github/workflows/chart-releaser-beta.yml b/.github/workflows/chart-releaser-beta.yml new file mode 100644 index 0000000..15654d0 --- /dev/null +++ b/.github/workflows/chart-releaser-beta.yml @@ -0,0 +1,43 @@ +name: Release Charts beta + +on: + workflow_dispatch: + push: + branches: + - 'release/**-alpha*' + - 'release/**-beta*' + - 'releases/**-alpha*' + - 'releases/**-beta*' + paths: + - charts/sddi-ckan/** + +jobs: + release-beta: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.14.1 + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + with: + mark_as_latest: false + skip_existing: true + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/chart-releaser.yml b/.github/workflows/chart-releaser.yml index 8b1222c..fd1cbba 100644 --- a/.github/workflows/chart-releaser.yml +++ b/.github/workflows/chart-releaser.yml @@ -6,6 +6,11 @@ on: branches: - main - release/** + - '!release/**-alpha*' + - '!release/**-beta*' + - releases/** + - '!releases/**-alpha*' + - '!releases/**-beta*' paths: - charts/sddi-ckan/** @@ -18,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -30,9 +35,12 @@ jobs: - name: Install Helm uses: azure/setup-helm@v3 with: - version: v3.12.3 + version: v3.14.1 - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@v1.6.0 + with: + mark_as_latest: true + skip_existing: true env: - CR_TOKEN: "${{ secrets.GH_TOKEN }}" + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.gitignore b/.gitignore index 3bef280..de33daf 100644 --- a/.gitignore +++ b/.gitignore @@ -129,6 +129,3 @@ scheduler.json # */charts requirements.lock Chart.lock - -# VS-Code -.vscode/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4e8a935..626d64e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/norwoodj/helm-docs - rev: v1.11.0 + rev: v1.13.1 hooks: - id: helm-docs args: diff --git a/CHANGELOG.md b/CHANGELOG.md index 36b578d..2997940 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,57 @@ Versions are prefixed with `sddi-ckan-` due to usage of [chart-releaser-action](https://github.com/helm/chart-releaser-action). For releases `< 1.0.0` minor version step indicate breaking changes. -## [Unreleased] +## [sddi-ckan-3.0.0] - 2024-03-22 + +## Added + +- Allow setting CKAN `initContainers`, `extraInitContainers`, `volumes`, `extraVolumes`. tum-gis/sddi-ckan-k8s#32 +- Allow setting Solr `initContainers`, `extraInitContainers`. tum-gis/sddi-ckan-k8s#33 +- Basic example for OpenShift usage, see [here](examples/open-shift). + +### Changed + +- Revert 313c09c: Relax Solr security context for OpenShift compatibility. Fixing file permissions is now done using + an `initContainer`, that can be disabled for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24, tum-gis/sddi-ckan-k8s#33 +- Upgrade Solr `8.11.2` -> `9.2.1`: **Warning**: The upgrade from 8.x to Solr 9.x introduces several major changes that you should be + aware of before upgrading. Make sure to thoroughly go though the + [docs for upgrading Solr](https://solr.apache.org/guide/solr/latest/upgrade-notes/solr-upgrade-notes.html#upgrading-to-9-x-from-8-x-releases) + for possible breaking changes or necessary manual migration steps. + - [Major changes in Solr9](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html) + - If upgrading from `v2.x.x` no action should be required. + - You should [Recrate the search index after upgrade](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#reindexing-after-upgrade) + - See [`ckan search-index rebuild`](https://docs.ckan.org/en/latest/maintaining/cli.html#search-index-search-index-commands) +- Upgrade Redis `7.0.8` -> `7.2.4` +- Upgrade Postgresql/PostGIS `14-3.3` -> `14-3.4` + +### Fixed + +- CKAN ingress `pathType` warning + +## [sddi-ckan-2.0.0] - 2023-11-02 + +This release updates the sddi-ckan Docker image to `v2.0.0` bringing several security improvements +and some breaking changes too. Make sure to check the +[CHANGELOG](https://github.com/tum-gis/ckan-docker/blob/2.0.0/CHANGELOG.md) for all details. + +[@klml](https://github.com/klml), [@eidottermihi](https://github.com/eidottermihi) made their first contributions! + +## Breaking + +- Removed default resource requirements/limits for all services. tum-gis/sddi-ckan-k8s#28, tum-gis/sddi-ckan-k8s#29 + +## Added + +- Allow configuration of images used for init containers. tum-gis/sddi-ckan-k8s#24 + - `ckan.initContainers.initdata.image` + - `ckan.initContainers.pgready.image` + - `datapusher.initContainers.pgready.image` + +### Changed + +- Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24 +- Bump SDDI CKAN Image `1.2.0` --> `2.0.0`, see + [CHANGELOG](https://github.com/tum-gis/ckan-docker/blob/2.0.0/CHANGELOG.md) for more. ### Fixed @@ -323,8 +373,10 @@ is displayed when navigating to the _Datasets_ view of CKAN. ### Known issues -[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...HEAD +[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-3.0.0...HEAD +[sddi-ckan-3.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...sddi-ckan-3.0.0 +[sddi-ckan-2.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...sddi-ckan-2.0.0 [sddi-ckan-1.2.2]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.1...sddi-ckan-1.2.2 [sddi-ckan-1.2.1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.0...sddi-ckan-1.2.1 [sddi-ckan-1.2.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.1.7...sddi-ckan-1.2.0 diff --git a/NOTES.md b/NOTES.md deleted file mode 100644 index ebf04b8..0000000 --- a/NOTES.md +++ /dev/null @@ -1,28 +0,0 @@ -# SDDI CKAN setup notes - -## Upcoming changes - -### CKAN v2.10 - -- CKAN Datapusher requires token starting from 2.10: - https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-datapusher-api-token - -## ToDos - -## Code snippets - -### Create sysadmin - -#### Existing user - -```shell -kubectl exec -t -i CKAN-POD_NAME -- \ - ckan -c /srv/app/production.ini sysadmin add USERNAME -``` - -#### New user - -```shell -kubectl exec -t -i CKAN-POD_NAME -- \ - ckan -c /srv/app/production.ini sysadmin add USERNAME email=user@example.de name=Fristname Lastname -``` diff --git a/README.md b/README.md index 2a81389..1024788 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,8 @@ The default username and password are: `admin: changeMe`. Instructions for *local* testing with e.g. `minikube` or `Docker Desktop` are available in the [examples](examples) section. -> **Note:** To try out -> `alpha`/`beta` [releases](https://github.com/tum-gis/sddi-ckan-k8s/releases), +> [!TIP] +> To try out `alpha`/`beta` [releases](https://github.com/tum-gis/sddi-ckan-k8s/releases), > add the [`--devel`](https://helm.sh/docs/helm/helm_install/#options) > option to the `helm install` command. @@ -190,7 +190,7 @@ the repo root. ```shell docker run --rm -u $(id -u) --name helm-docs \ - --volume "$PWD/sddi-ckan/charts:/helm-docs" \ + --volume "$PWD/charts/sddi-ckan:/helm-docs" \ jnorwood/helm-docs:latest ``` diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml index a6dc9d2..213e34a 100644 --- a/charts/sddi-ckan/Chart.yaml +++ b/charts/sddi-ckan/Chart.yaml @@ -10,8 +10,8 @@ sources: - https://www.asg.ed.tum.de/en/gis/projects/smart-district-data-infrastructure - https://github.com/tum-gis/ckan-docker -version: 1.2.2 -appVersion: "1.2.0" +version: 3.0.0 +appVersion: "2.0.0" kubeVersion: ">= 1.23.0-0" maintainers: @@ -41,14 +41,19 @@ dependencies: - name: ingress-nginx alias: ingress-nginx condition: ingress-nginx.enabled - version: "~4.4.0" + version: "^4" repository: https://kubernetes.github.io/ingress-nginx - name: cert-manager alias: cert-manager condition: cert-manager.enabled - version: "~1.11.0" + version: "^1" repository: https://charts.jetstack.io - name: clamav condition: clamav.enabled version: "~2.8.0" repository: https://wiremind.github.io/wiremind-helm-charts + - name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md index 9a93a2d..b06ba8a 100644 --- a/charts/sddi-ckan/README.md +++ b/charts/sddi-ckan/README.md @@ -1,6 +1,6 @@ # sddi-ckan -![Version: 1.2.2](https://img.shields.io/badge/Version-1.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) Helm Chart for a SDDI enabled CKAN catalog. See [CHANGELOG](https://github.com/tum-gis/sddi-ckan-k8s/blob/main/CHANGELOG.md) for changes. @@ -33,6 +33,7 @@ Kubernetes: `>= 1.23.0-0` | https://charts.jetstack.io | cert-manager(cert-manager) | ~1.11.0 | | https://kubernetes.github.io/ingress-nginx | ingress-nginx(ingress-nginx) | ~4.4.0 | | https://wiremind.github.io/wiremind-helm-charts | clamav | ~2.8.0 | +| oci://registry-1.docker.io/bitnamicharts | common | 2.x.x | ## Values @@ -83,5 +84,3 @@ Kubernetes: `>= 1.23.0-0` | redis.enabled | bool | `true` | Enable/disable Redis instance. Disable, if an external Redis instance is used. | | solr.enabled | bool | `true` | Enable/disable Apache Solr instance. Disable, if an external Solr instance is used. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/sddi-ckan/charts/certIssuer/README.md b/charts/sddi-ckan/charts/certIssuer/README.md index 84f0b63..9a866b1 100644 --- a/charts/sddi-ckan/charts/certIssuer/README.md +++ b/charts/sddi-ckan/charts/certIssuer/README.md @@ -12,5 +12,3 @@ Namespace Issuers for CertManager. | enabled | bool | `true` | Enable/disable namespace [Issuers](https://cert-manager.io/docs/concepts/issuer/) for CertManager. | | issuerEmail | string | `"example@email.com"` | eMail address for registration with Let's Encrypt account. Note: This is overwritten by `global.ingress.certManager.issuerEmail`, if set. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/sddi-ckan/charts/ckan/Chart.yaml b/charts/sddi-ckan/charts/ckan/Chart.yaml index 8b1ed9b..2e3b466 100644 --- a/charts/sddi-ckan/charts/ckan/Chart.yaml +++ b/charts/sddi-ckan/charts/ckan/Chart.yaml @@ -9,8 +9,8 @@ sources: - https://github.com/tum-gis/ckan-docker - https://github.com/keitaroinc/docker-ckan -version: 1.2.2 -appVersion: "1.2.0" +version: 3.0.1 +appVersion: "2.0.0" maintainers: - email: b.willenborg@tum.de diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md index 9cda0f6..f779915 100644 --- a/charts/sddi-ckan/charts/ckan/README.md +++ b/charts/sddi-ckan/charts/ckan/README.md @@ -1,6 +1,6 @@ # ckan -![Version: 1.2.2](https://img.shields.io/badge/Version-1.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) A Helm chart for SDDI enabled CKAN. @@ -71,9 +71,12 @@ A Helm chart for SDDI enabled CKAN. | db.dbname | string | `"ckan_default"` | CKAN database database name, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) | | db.host | string | `"postgis"` | CKAN database host, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) | | db.port | int | `5432` | CKAN database port, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) | -| defaultViews | string | `"image_view recline_view text_view geo_view geojson_view wmts_view shp_view"` | [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): **Note**: Make sure the required view plugins are loaded! | +| defaultViews | string | See [`values.yml`](values.yml) for the default values. | [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): **Note**: Make sure the required view plugins are loaded! | | enabled | bool | `true` | Enable/disable CKAN | | extraEnv | object | `{}` | Extra environment variables. Values need to be quoted. This can be used to overwrite or extend [CKAN settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-configuration-file). See [ckanext-envvars](https://github.com/okfn/ckanext-envvars) for variable naming conventions. | +| extraInitContainers | list | `[]` | Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). The initContainers specified here, are appended to the ones specified in `initContainers`. | +| extraVolumeMounts | list | `[]` | Sets additional [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). The volumeMounts specified here, are appended to the ones specified in `volumeMounts`. | +| extraVolumes | list | `[]` | Sets additional [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). The volumes specified here, are appended to the ones specified in `volumes`. | | favicon | string | `"/base/images/ckan.ico"` | Path to CKAN favicon. Custom logos will be located in e.g. `/webassets/`. See `webassets.path` setting. [CKAN config site_id](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-site-logo) | | featured.groups | string | `"dataset online-application online-service project software method device geoobject"` | [CKAN featured groups settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-featured-groups) | | featured.orgs | string | `"bayerische-vermessungsverwaltung lehrstuhl-fur-geoinformatik bayern-innovativ"` | [CKAN featured orgs settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-featured-orgs) | @@ -84,7 +87,7 @@ A Helm chart for SDDI enabled CKAN. | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. | | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | | ingress.annotations | string | `nil` | Additional Ingress annotations | -| ingress.certManager | object | `{"issuerEmail":"me@example.com","issuerName":"letsencrypt-staging","issuerType":"namespace"}` | Additional Ingress annotation for e.g. CORS, timeouts, SSL settings. See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md) for more. | +| ingress.certManager | object | See [`values.yml`](values.yml) for the default values. | Additional Ingress annotation for e.g. CORS, timeouts, SSL settings. See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md) for more. | | ingress.certManager.issuerEmail | string | `"me@example.com"` | eMail address for ACME registration with Let's Encrypt. Only used for issuerType = namespace. | | ingress.certManager.issuerName | string | `"letsencrypt-staging"` | Name of the Issuer to use. For certManager.type = namespace `letsencrypt-staging`, `letsencrypt-prod` and `self-signed` are available. | | ingress.certManager.issuerType | string | `"namespace"` | Type of [cert-manager](https://cert-manager.io/docs/) Issuer: Use either "namespace" or "cluster". | @@ -100,7 +103,8 @@ A Helm chart for SDDI enabled CKAN. | ingress.stickySessions.sessionCookie.path | string | `"/"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) | | ingress.stickySessions.sessionCookie.secure | string | `"false"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) | | ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. | -| licensesGroupUrl | string | `"https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"` | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. | +| initContainers | list | See `values.yml` for the list of default initContainers. | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. | +| licensesGroupUrl | string | See [`values.yml`](values.yml) for the default values. | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. | | liveness.failureThreshold | int | `6` | Failure threshold for the liveness probe | | liveness.initialDelaySeconds | int | `20` | Initial delay for the liveness probe | | liveness.periodSeconds | int | `10` | Check interval for the liveness probe | @@ -108,7 +112,7 @@ A Helm chart for SDDI enabled CKAN. | locale.default | string | `"de"` | CKAN default locale, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) | | locale.filtered_out | string | `"en_GB"` | CKAN locales filtered out, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) | | locale.offered | string | `"de en"` | CKAN locales offered, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) | -| locale.order | string | `"de en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv"` | CKAN locale order, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) | +| locale.order | string | See [`values.yml`](values.yml) for the default values. | CKAN locale order, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) | | maxUploadSizeMB | int | `250` | Max file upload size in MB. Note: This setting is mapped to the `nginx.ingress.kubernetes.io/proxy-body-size: "600m"` and `nginx.org/client-max-body-size: "600m"` CKAN Ingress annotations too. | | nameOverride | string | `""` | Override name | | nodeSelector | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | @@ -132,10 +136,7 @@ A Helm chart for SDDI enabled CKAN. | readiness.timeoutSeconds | int | `10` | Timeout interval for the liveness probe | | redis.url | string | `"redis://redis-hl:6379/0"` | Redis endpoint for CKAN. This should be set to cluster internal Redis service domain. [CKAN configuration Redis](https://docs.ckan.org/en/latest/maintaining/configuration.html#redis-settings) | | replicaCount | int | `1` | Number of replicas. Only used if `autoscaling.enabled = false`. **Note:** Running multiple replicas requires to enable persistent data storage (`persistence.enabled = true`) and, if Pods run on different nodes, a storage that supports RWX. | -| resources.limits.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.limits.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.cpu | string | `"250m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.memory | string | `"256Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | sddiInitDataJson | string | `"init_data.json"` | Local path or URL to File path or URL to [CKAN SDDI `init_data.json`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi/blob/main/ckanext/grouphierarchy/init_data.json). This file allows to specify pre-defined set of SDDI CKAN main categories, topics, and organizations. | | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | service.port | int | `5000` | Service port for http | @@ -179,7 +180,7 @@ A Helm chart for SDDI enabled CKAN. | sysadmin.password | string | `"changeMe"` | CKAN admin password: Note: Min. password length = 8 chars! | | sysadmin.user | string | `"admin"` | CKAN admin username | | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | +| volumeMounts | list | See [`values.yml`](values.yml) for the list of default volumeMounts. | Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumeMounts. Set to any list of volumeMount definitions to overwrite the default volumeMounts. Use `extraVolumeMounts` to extend the default volumeMounts. | +| volumes | list | See [`values.yml`](values.yml) for the list of default volumes. | Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumes. Set to any list of volume definitions to overwrite the default volumes. Use `extraVolumes` to extend the default volumes. | | webassets.path | string | `nil` | Webassets storage path, see [CKAN webassets settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#webassets-settings) This should point to the location of webassets in the CKAN image. The path may vary depending on the CKAN Docker image used. | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml old mode 100644 new mode 100755 index f832ff4..c403619 --- a/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml +++ b/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml @@ -42,37 +42,22 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: - - name: data - emptyDir: {} + {{- if .Values.volumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.volumes "context" $ ) | nindent 8 }} + {{- end }} - initContainers: - - name: init-data - image: busybox - command: ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"] - # securityContext: - # runAsUser: 0 - # runAsGroup: 0 + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.storagePath }} - readOnly: false + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $ ) | nindent 8 }} + {{- end }} - - name: pg-ready - image: bwibo/k8s-init-container - command: - - pg_isready - env: - - name: PGHOST - value: {{ .Values.global.db.host | default .Values.db.host | quote }} - - name: PGPORT - value: {{ .Values.global.db.port | default .Values.db.port | quote }} - - name: PGDATABASE - value: {{ .Values.global.db.dbname | default .Values.db.dbname | quote }} - - name: PGUSER - value: {{ .Values.global.db.auth.username | default .Values.db.auth.username | quote }} - - name: PGPASSWORD - value: {{ .Values.global.db.auth.password | default .Values.db.auth.password | quote }} + {{- if .Values.extraInitContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} @@ -86,9 +71,13 @@ spec: protocol: TCP volumeMounts: - - name: data - mountPath: {{ .Values.persistence.storagePath }} - readOnly: false + {{- if .Values.volumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.volumeMounts "context" $ ) | nindent 10 }} + {{- end }} + + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 10 }} + {{- end }} envFrom: - configMapRef: diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml index f4a335c..4b25556 100644 --- a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml +++ b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml @@ -36,6 +36,7 @@ metadata: nginx.org/proxy-connect-timeout: "360" nginx.org/proxy-read-timeout: "360" nginx.org/proxy-send-timeout: "360" + nginx.ingress.kubernetes.io/configuration-snippet: {{- .Values.ingress.configurationSnippet | toYaml | indent 4 }} {{- if .Values.ingress.stickySessions.enabled }} # https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/ nginx.ingress.kubernetes.io/affinity: "cookie" @@ -63,7 +64,7 @@ spec: http: paths: - path: /(.*) - pathType: Prefix + pathType: ImplementationSpecific backend: service: name: {{ $fullName }} diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml old mode 100644 new mode 100755 index feb2b36..e898f70 --- a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml +++ b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml @@ -41,35 +41,22 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: - - name: data - persistentVolumeClaim: - claimName: {{ include "ckan.fullname" . }} + {{- if .Values.volumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.volumes "context" $ ) | nindent 8 }} + {{- end }} - initContainers: - - name: init-data - image: busybox - command: ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"] - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.storagePath }} - readOnly: false + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} - - name: pg-ready - image: bwibo/k8s-init-container - command: - - pg_isready - env: - - name: PGHOST - value: {{ .Values.global.db.host | default .Values.db.host | quote }} - - name: PGPORT - value: {{ .Values.global.db.port | default .Values.db.port | quote }} - - name: PGDATABASE - value: {{ .Values.global.db.dbname | default .Values.db.dbname | quote }} - - name: PGUSER - value: {{ .Values.global.db.auth.username | default .Values.db.auth.username | quote }} - - name: PGPASSWORD - value: {{ .Values.global.db.auth.password | default .Values.db.auth.password | quote }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.extraInitContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} @@ -101,8 +88,13 @@ spec: {{ end }} volumeMounts: - - name: data - mountPath: {{ .Values.persistence.storagePath }} + {{- if .Values.volumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.volumeMounts "context" $ ) | nindent 10 }} + {{- end }} + + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 10 }} + {{- end }} startupProbe: httpGet: diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml old mode 100644 new mode 100755 index f9b7fcb..74dcf92 --- a/charts/sddi-ckan/charts/ckan/values.yaml +++ b/charts/sddi-ckan/charts/ckan/values.yaml @@ -1,4 +1,3 @@ - # -- Enable/disable CKAN enabled: true @@ -21,6 +20,40 @@ image: # -- [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) imagePullSecrets: [] +# initContainers -------------------------------------------------------------- +# -- Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). +# Set to `[]` to disable the default initContainers. +# Set to any list of initContainer definitions to overwrite the default initContainers. +# Use `extraInitContainers` to extend the default initContainers. +# @default -- See `values.yml` for the list of default initContainers. +initContainers: + - name: pg-ready + image: bwibo/k8s-init-container:latest + command: + - pg_isready + env: + - name: PGHOST + value: "{{ .Values.global.db.host | default .Values.db.host }}" + - name: PGPORT + value: "{{ .Values.global.db.port | default .Values.db.port }}" + - name: PGDATABASE + value: "{{ .Values.global.db.dbname | default .Values.db.dbname }}" + - name: PGUSER + value: "{{ .Values.global.db.auth.username | default .Values.db.auth.usernme }}" + - name: PGPASSWORD + value: "{{ .Values.global.db.auth.password | default .Values.db.auth.password }}" + - name: init-data + image: busybox:latest + command: + ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"] + volumeMounts: + - name: data + mountPath: "{{ .Values.persistence.storagePath }}" + +# -- Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). +# The initContainers specified here, are appended to the ones specified in `initContainers`. +extraInitContainers: [] + # -- Additional pod annotations podAnnotations: {} @@ -34,11 +67,13 @@ serviceAccount: name: "" # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) -podSecurityContext: {} +podSecurityContext: + {} # fsGroup: 2000 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL @@ -53,8 +88,8 @@ service: port: 5000 # -- Number of replicas. Only used if `autoscaling.enabled = false`. - # **Note:** Running multiple replicas requires to enable persistent data storage (`persistence.enabled = true`) and, - # if Pods run on different nodes, a storage that supports RWX. +# **Note:** Running multiple replicas requires to enable persistent data storage (`persistence.enabled = true`) and, +# if Pods run on different nodes, a storage that supports RWX. replicaCount: 1 autoscaling: # -- Enable/disable pod autoscaling, if disabled `replicaCount` is used to set number of pods. @@ -87,6 +122,7 @@ ingress: # -- Additional Ingress annotation for e.g. CORS, timeouts, SSL settings. # See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md) # for more. + # @default -- See [`values.yml`](values.yml) for the default values. certManager: # -- eMail address for ACME registration with Let's Encrypt. Only used for issuerType = namespace. issuerEmail: me@example.com @@ -120,6 +156,11 @@ ingress: tls: # -- Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. secretName: + configurationSnippet: | + more_set_headers "X-Frame-Options: DENY"; + more_set_headers "X-Xss-Protection: 0"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "Content-Security-Policy: object-src 'none'; child-src 'self'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecurerequests; blockall-mixed-content; require-trustedtypes-for 'script'"; # General settings # -- CKAN site url. This should match a domain name of CKAN specified in `ingress.domains`/`global.ingress.domains` @@ -158,9 +199,11 @@ favicon: /base/images/ckan.ico maxUploadSizeMB: 250 # -- [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): # A URL pointing to a JSON file containing a list of license objects. +# @default -- See [`values.yml`](values.yml) for the default values. licensesGroupUrl: "https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json" # -- [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): # **Note**: Make sure the required view plugins are loaded! +# @default -- See [`values.yml`](values.yml) for the default values. defaultViews: "image_view recline_view text_view geo_view geojson_view wmts_view shp_view" preview: # -- [CKAN config TextView](https://docs.ckan.org/en/latest/maintaining/configuration.html#text-view-settings): @@ -211,7 +254,7 @@ auth: create_user_via_web: true public_activity_stream_detail: true public_user_details: false - roles_that_cascade_to_sub_groups: admin editor member + roles_that_cascade_to_sub_groups: admin editor member user_create_groups: false user_create_organizations: false user_delete_groups: false @@ -277,6 +320,7 @@ locale: default: de # -- CKAN locale order, see # [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) + # @default -- See [`values.yml`](values.yml) for the default values. order: de en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv # -- CKAN locales offered, see # [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) @@ -295,7 +339,8 @@ webassets: # -- Extra environment variables. Values need to be quoted. This can be used to overwrite or # extend [CKAN settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-configuration-file). # See [ckanext-envvars](https://github.com/okfn/ckanext-envvars) for variable naming conventions. -extraEnv: {} +extraEnv: + {} # CKAN___SOME_VARIABLE: "someValues" # Persistence ----------------------------------------------------------------- @@ -309,7 +354,7 @@ persistence: # for CKAN__STORAGE_PATH env var too! storagePath: /var/lib/ckan accessModes: - # -- [k8s: Persistent volume access modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) + # -- [k8s: Persistent volume access modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) - ReadWriteOnce # -- Storage [capacity](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#capacity) capacity: 4Gi @@ -318,6 +363,36 @@ persistence: annotations: # helm.sh/resource-policy: keep +# Volumes --------------------------------------------------------------------- +# -- Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). +# Set to `[]` to disable the default volumes. +# Set to any list of volume definitions to overwrite the default volumes. +# Use `extraVolumes` to extend the default volumes. +# @default -- See [`values.yml`](values.yml) for the list of default volumes. +volumes: + - name: data + persistentVolumeClaim: + claimName: '{{ include "ckan.fullname" . }}' + +# -- Sets additional [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). +# The volumes specified here, are appended to the ones specified in `volumes`. +extraVolumes: [] + +# VolumeMounts ---------------------------------------------------------------- +# -- Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). +# Set to `[]` to disable the default volumeMounts. +# Set to any list of volumeMount definitions to overwrite the default volumeMounts. +# Use `extraVolumeMounts` to extend the default volumeMounts. +# @default -- See [`values.yml`](values.yml) for the list of default volumeMounts. +volumeMounts: + - name: data + mountPath: "{{ .Values.persistence.storagePath }}" + readOnly: false + +# -- Sets additional [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). +# The volumeMounts specified here, are appended to the ones specified in `volumeMounts`. +extraVolumeMounts: [] + # CKAN database --------------------------------------------------------------- db: # -- CKAN database host, used to build `sqlalchemy.url` see @@ -330,21 +405,23 @@ db: # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) dbname: ckan_default auth: - # -- CKAN database username, used to build `sqlalchemy.url` see - # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) + # -- CKAN database username, used to build `sqlalchemy.url` see + # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) username: ckan - # -- CKAN database password, used to build `sqlalchemy.url` see - # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) + # -- CKAN database password, used to build `sqlalchemy.url` see + # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) password: changeMe # Datastore ------------------------------------------------------------------- datastore: # -- CKAN datastore host, used to build `ckan.datastore.read/write_url` see # [CKAN datastore settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#datastore-settings) - host: postgis + host: + postgis # -- CKAN datastore port, used to build `ckan.datastore.read/write_url` see # [CKAN datastore settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#datastore-settings) - port: 5432 + port: + 5432 # -- CKAN datastore database name, used to build `ckan.datastore.read/write_url` see # [CKAN datastore settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#datastore-settings) dbname: datastore @@ -440,6 +517,8 @@ resources: # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) memory: 256Mi +# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) +resources: {} # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) nodeSelector: {} # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) diff --git a/charts/sddi-ckan/charts/datapusher/Chart.yaml b/charts/sddi-ckan/charts/datapusher/Chart.yaml index e2604f0..cf21090 100644 --- a/charts/sddi-ckan/charts/datapusher/Chart.yaml +++ b/charts/sddi-ckan/charts/datapusher/Chart.yaml @@ -9,7 +9,7 @@ sources: - https://github.com/tum-gis/sddi-ckan-k8s/tree/main/sddi-ckan/charts/charts/datapusher - https://github.com/keitaroinc/docker-ckan -version: 0.4.0 +version: 0.5.1 appVersion: "0.0.19" maintainers: diff --git a/charts/sddi-ckan/charts/datapusher/README.md b/charts/sddi-ckan/charts/datapusher/README.md index eb10c8c..dacaa0d 100644 --- a/charts/sddi-ckan/charts/datapusher/README.md +++ b/charts/sddi-ckan/charts/datapusher/README.md @@ -1,6 +1,6 @@ # datapusher -![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.19](https://img.shields.io/badge/AppVersion-0.0.19-informational?style=flat-square) +![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.19](https://img.shields.io/badge/AppVersion-0.0.19-informational?style=flat-square) A Helm chart for CKAN Datapusher. @@ -48,6 +48,7 @@ A Helm chart for CKAN Datapusher. | image.repository | string | `"tumgis/ckan-datapusher"` | [Image repository](https://kubernetes.io/docs/concepts/containers/images/) | | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. | | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | +| initContainers.pgready.image | object | `{"repository":"bwibo/k8s-init-container","tag":"latest"}` | Image used for testing PostgresSQL database readiness. | | insertRows | string | `"250"` | Number of rows to take from the data and upload them as chunks to datastore | | maxContentLength | string | `"10485760"` | Maximum size of content to be uploaded in bytes. | | nameOverride | string | `""` | Override name | @@ -55,10 +56,7 @@ A Helm chart for CKAN Datapusher. | podAnnotations | object | `{}` | Additional pod annotations | | podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | replicaCount | int | `1` | Number of replicas. Only used if `autoscaling.enabled = false`. | -| resources.limits.cpu | string | `"1000m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.limits.memory | string | `"500Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.cpu | string | `"250m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.memory | string | `"256Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | service.port | int | `8000` | Service port | | service.type | string | `"ClusterIP"` | Type of service | @@ -67,5 +65,3 @@ A Helm chart for CKAN Datapusher. | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml b/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml old mode 100644 new mode 100755 index e65d363..68bfb9d --- a/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml +++ b/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml @@ -44,7 +44,7 @@ spec: {{- if .Values.global.datapusher.db.enabled | default .Values.db.enabled }} initContainers: - name: pg-ready - image: bwibo/k8s-init-container + image: "{{ .Values.initContainers.pgready.image.repository }}:{{ .Values.initContainers.pgready.image.tag }}" command: - pg_isready env: diff --git a/charts/sddi-ckan/charts/datapusher/values.yaml b/charts/sddi-ckan/charts/datapusher/values.yaml old mode 100644 new mode 100755 index f0e1127..572f2c3 --- a/charts/sddi-ckan/charts/datapusher/values.yaml +++ b/charts/sddi-ckan/charts/datapusher/values.yaml @@ -20,6 +20,13 @@ image: # -- [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) imagePullSecrets: [] +initContainers: + pgready: + # -- Image used for testing PostgresSQL database readiness. + image: + repository: bwibo/k8s-init-container + tag: latest + # -- Additional pod annotations podAnnotations: {} @@ -122,20 +129,8 @@ db: # Note: This values is overwritten by `global.datapusher.db.auth.password`, if set. password: changeMe - - -resources: - limits: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 1000m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 500Mi - requests: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 250m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 256Mi - +# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) +resources: {} # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) nodeSelector: {} # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) diff --git a/charts/sddi-ckan/charts/postgis/Chart.yaml b/charts/sddi-ckan/charts/postgis/Chart.yaml index 89e11e7..514b71f 100644 --- a/charts/sddi-ckan/charts/postgis/Chart.yaml +++ b/charts/sddi-ckan/charts/postgis/Chart.yaml @@ -8,8 +8,8 @@ sources: - https://github.com/tum-gis/sddi-ckan-k8s/tree/main/sddi-ckan/charts/charts/postgis - https://registry.hub.docker.com/r/postgis/postgis/ -version: 0.6.0 -appVersion: "14-3.3" +version: 0.7.0 +appVersion: "14-3.4" maintainers: - email: b.willenborg@tum.de diff --git a/charts/sddi-ckan/charts/postgis/README.md b/charts/sddi-ckan/charts/postgis/README.md index 8aa872c..a0e070f 100644 --- a/charts/sddi-ckan/charts/postgis/README.md +++ b/charts/sddi-ckan/charts/postgis/README.md @@ -1,6 +1,6 @@ # postgis -![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 14-3.3](https://img.shields.io/badge/AppVersion-14--3.3-informational?style=flat-square) +![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 14-3.4](https://img.shields.io/badge/AppVersion-14--3.4-informational?style=flat-square) A Helm chart for sa simple PostGIS database pre-configured for CKAN. @@ -59,15 +59,10 @@ A Helm chart for sa simple PostGIS database pre-configured for CKAN. | persistence.storageClassName | string | `nil` | StorageClass to use, leave empty to use default StorageClass. | | podAnnotations | object | `{}` | Additional pod annotations | | podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | -| resources.limits.cpu | string | `"2000m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.limits.memory | string | `"4Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | securityContext | string | `nil` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `false` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/sddi-ckan/charts/postgis/values.yaml b/charts/sddi-ckan/charts/postgis/values.yaml index 723ec14..b33bffb 100644 --- a/charts/sddi-ckan/charts/postgis/values.yaml +++ b/charts/sddi-ckan/charts/postgis/values.yaml @@ -129,18 +129,8 @@ debug: # -- Enable/disable query logging queryLogging: false -resources: - limits: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 2000m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 4Gi - requests: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 500m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 1Gi - +# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) +resources: {} # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) nodeSelector: {} # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) diff --git a/charts/sddi-ckan/charts/redis/Chart.yaml b/charts/sddi-ckan/charts/redis/Chart.yaml index 26a81f9..157dcb8 100644 --- a/charts/sddi-ckan/charts/redis/Chart.yaml +++ b/charts/sddi-ckan/charts/redis/Chart.yaml @@ -9,8 +9,8 @@ sources: - https://hub.docker.com/_/redis -version: 0.2.0 -appVersion: "7.0.8-alpine" +version: 0.3.0 +appVersion: "7.2.4-alpine" maintainers: - email: b.willenborg@tum.de diff --git a/charts/sddi-ckan/charts/redis/README.md b/charts/sddi-ckan/charts/redis/README.md index 4627ca4..5f38c49 100644 --- a/charts/sddi-ckan/charts/redis/README.md +++ b/charts/sddi-ckan/charts/redis/README.md @@ -1,6 +1,6 @@ # redis -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.0.8-alpine](https://img.shields.io/badge/AppVersion-7.0.8--alpine-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.2.4-alpine](https://img.shields.io/badge/AppVersion-7.2.4--alpine-informational?style=flat-square) A Helm chart for basic Redis for use with CKAN. @@ -46,10 +46,7 @@ A Helm chart for basic Redis for use with CKAN. | podAnnotations | object | `{}` | Additional pod annotations | | podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | replicaCount | int | `1` | Number of replicas. Only used if `autoscaling.enabled = false`. | -| resources.limits.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.limits.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.cpu | string | `"250m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.memory | string | `"256Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | service.port | int | `6379` | Service port for http | | service.type | string | `"ClusterIP"` | Type of service for http | @@ -58,5 +55,3 @@ A Helm chart for basic Redis for use with CKAN. | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/sddi-ckan/charts/redis/values.yaml b/charts/sddi-ckan/charts/redis/values.yaml index 4ef8806..8abcdb1 100644 --- a/charts/sddi-ckan/charts/redis/values.yaml +++ b/charts/sddi-ckan/charts/redis/values.yaml @@ -88,18 +88,8 @@ service: # -- Service port for http port: 6379 -resources: - limits: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 500m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 1Gi - requests: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 250m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 256Mi - +# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) +resources: {} # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) nodeSelector: {} # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) diff --git a/charts/sddi-ckan/charts/solr/Chart.yaml b/charts/sddi-ckan/charts/solr/Chart.yaml index a734019..864d6d8 100644 --- a/charts/sddi-ckan/charts/solr/Chart.yaml +++ b/charts/sddi-ckan/charts/solr/Chart.yaml @@ -8,8 +8,8 @@ sources: - https://github.com/ckan/ckan-solr - https://github.com/ckan/ckanext-spatial -version: 0.3.1 -appVersion: "2.9-solr8-spatial" +version: 0.5.0 +appVersion: "2.9-solr9-spatial" maintainers: - email: b.willenborg@tum.de diff --git a/charts/sddi-ckan/charts/solr/README.md b/charts/sddi-ckan/charts/solr/README.md index afed23d..db0dbc3 100644 --- a/charts/sddi-ckan/charts/solr/README.md +++ b/charts/sddi-ckan/charts/solr/README.md @@ -1,6 +1,6 @@ # solr -![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: 2.9-solr9-spatial](https://img.shields.io/badge/AppVersion-2.9--solr9--spatial-informational?style=flat-square) A Helm chart for Solr pre-configured for CKAN and ckanext-spatial. @@ -25,11 +25,13 @@ A Helm chart for Solr pre-configured for CKAN and ckanext-spatial. | affinity | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | | component | string | `"index"` | Role of Solr in this chart | | enabled | bool | `true` | Enable/disable Solr | +| extraInitContainers | list | `[]` | Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). The initContainers specified here, are appended to the ones specified in `initContainers`. | | fullnameOverride | string | `"solr"` | Override fullname | | image.pullPolicy | string | `"IfNotPresent"` | [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | | image.repository | string | `"ckan/ckan-solr"` | [Image repository](https://kubernetes.io/docs/concepts/containers/images/) | | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. | | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | +| initContainers | list | See `values.yml` for the list of default initContainers. | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. | | loadBalancer.enabled | bool | `false` | Enable/disable a LoadBalancer service for external Database access | | nameOverride | string | `""` | Override name | | nodeSelector | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) | @@ -38,11 +40,8 @@ A Helm chart for Solr pre-configured for CKAN and ckanext-spatial. | persistence.capacity | string | `"4Gi"` | Storage [capacity](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#capacity) | | persistence.storageClassName | string | `nil` | StorageClass to use, leave empty to use default StorageClass. | | podAnnotations | object | `{}` | Additional pod annotations | -| podSecurityContext | object | `{"fsGroup":8983,"runAsGroup":8983,"runAsUser":8983}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | -| resources.limits.cpu | string | `"2000m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.limits.memory | string | `"8Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | -| resources.requests.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | +| podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | +| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | | service.port | int | `8983` | Service port for http | | service.type | string | `"ClusterIP"` | Type of service for http | @@ -51,5 +50,3 @@ A Helm chart for Solr pre-configured for CKAN and ckanext-spatial. | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml b/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml index bd95050..7269d5e 100644 --- a/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml +++ b/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml @@ -37,6 +37,15 @@ spec: persistentVolumeClaim: claimName: {{ include "solr.fullname" . }} + initContainers: + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $ ) | nindent 8 }} + {{- end }} + + {{- if .Values.extraInitContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + containers: - name: {{ .Chart.Name }} securityContext: @@ -52,19 +61,6 @@ spec: - name: data mountPath: /var/solr/data - # livenessProbe: - # periodSeconds: 10 - # timeoutSeconds: 2 - # exec: - # command: [ sh, -c, "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB" ] - - # readinessProbe: - # initialDelaySeconds: 15 - # periodSeconds: 10 - # timeoutSeconds: 2 - # exec: - # command: [ sh, -c, "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB" ] - resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/charts/sddi-ckan/charts/solr/values.yaml b/charts/sddi-ckan/charts/solr/values.yaml index be40900..6661e4a 100644 --- a/charts/sddi-ckan/charts/solr/values.yaml +++ b/charts/sddi-ckan/charts/solr/values.yaml @@ -33,10 +33,7 @@ serviceAccount: name: "" # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) -podSecurityContext: - runAsUser: 8983 - runAsGroup: 8983 - fsGroup: 8983 +podSecurityContext: {} # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) securityContext: {} @@ -70,18 +67,27 @@ persistence: annotations: # helm.sh/resource-policy: keep -resources: - limits: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 2000m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 8Gi - requests: - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - cpu: 500m - # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - memory: 1Gi +# initContainers -------------------------------------------------------------- +# -- Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). +# Set to `[]` to disable the default initContainers. +# Set to any list of initContainer definitions to overwrite the default initContainers. +# Use `extraInitContainers` to extend the default initContainers. +# @default -- See `values.yml` for the list of default initContainers. +initContainers: + - name: init-data + image: busybox:latest + command: + ["sh", "-c", "chown -Rv 8983:8983 /var/solr/data"] + volumeMounts: + - name: data + mountPath: "/var/solr/data" +# -- Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). +# The initContainers specified here, are appended to the ones specified in `initContainers`. +extraInitContainers: [] + +# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) +resources: {} # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) nodeSelector: {} # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) diff --git a/examples/open-shift/README.md b/examples/open-shift/README.md new file mode 100644 index 0000000..89e2d67 --- /dev/null +++ b/examples/open-shift/README.md @@ -0,0 +1,47 @@ +# Running this chart on OpenShift + +[Red Hat OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift), is a popular hybrid cloud application platform powered by Kubernetes. due to security reasons, in OpenShift pods run as an random user ID and all files in the container image that need to be writable, have to be in a +volume. This example provides a basic setup to run this stack on OpenShift. + +## Additional notes on this example + +- Instead of Ingress OpenShift [Route](https://docs.openshift.com/container-platform/4.11/rest_api/network_apis/route-route-openshift-io-v1.html) can be used. A local [Route](route.yml) template is included, which can be deployed using a separate chart and the values `ckan.host`. +- DataPusher is disabled, as it causes problems with OpenShift in it's current version. + +## :eye_speech_bubble: Requirements + +- An OpenShift cluster +- [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl) installed and configured for you local cluster +- [`helm`](https://helm.sh/docs/intro/install/) installed + +## :rocket: Usage + +1. Add the Helm repos for all dependencies + + ```bash + helm repo add sddi-ckan https://tum-gis.github.io/sddi-ckan-k8s + + # Optional, comment out if nginx-ingress controller is already installed in your cluster + # helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx + + # Optional: Uncomment, if you want to test cert-manager as certificate issuer + # helm repo add jetstack https://charts.jetstack.io + + # Update all repos + helm repo update + ``` + +2. Adapt `ckan.siteUrl`, `global.ingress.domains[]`, `global.ingress.certManager.issuerEmail` in a local copy of [values.yml](values.yml) according to your domain name and eMail address. + +3. Deploy the chart with the default configuration specified in + [values.yml](values.yml): + + ```bash + helm install ckan sddi-ckan/sddi-ckan \ + -n ckan --create-namespace \ + --atomic --wait --timeout 10m \ + --values values.yml + ``` + + > [!TIP] + > If you want to try out a development (`beta`, `alpha`) version of the helm chart, use the `--devel` option of helm. diff --git a/examples/open-shift/route.yml b/examples/open-shift/route.yml new file mode 100644 index 0000000..d3662ae --- /dev/null +++ b/examples/open-shift/route.yml @@ -0,0 +1,16 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: ckan +spec: + host: {{ .Values.ckan.host }} + port: + targetPort: http + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: ckan + weight: 100 + wildcardPolicy: None diff --git a/examples/open-shift/values.yml b/examples/open-shift/values.yml new file mode 100644 index 0000000..4397543 --- /dev/null +++ b/examples/open-shift/values.yml @@ -0,0 +1,83 @@ +global: + ingress: + className: nginx + certManager: + issuerEmail: me@example.com + domains: + - https://test.de + +# Nginx ingress configuration ------------------------------------------------- +# This needs to be enabled, if you don't have nginx-ingress installed already +# in your cluster. +ingress-nginx: + enabled: true + +# cert-manager configuration -------------------------------------------------- +# Disable cert-manager and certIssuer for local testing, they are not required. +# Nginx ingress will create a self-signed certificate for testing automatically. + +# If you want to try out cert-manager, make sure install CRDs BEFORE you install the chart. +# Make sure to enable certIssuer and configure ingress settings accordingly, see above. +# For local testing issuerType = namespace and issuerName = self-signed is recommended. +# (see here: https://cert-manager.io/docs/installation/helm/#3-install-customresourcedefinitions ) +cert-manager: + enabled: false + +certIssuer: + enabled: false + +# ckan configuration ---------------------------------------------------------- +ckan: + # Host for Route, if used instead of Ingress. + # Same as `ckan.siteUrl`, but without protocol: `https://` or `http://`. + host: test.de + # Replace default initContainers + + siteUrl: https://test.de + + initContainers: + - name: pg-ready + image: bwibo/k8s-init-container:latest + command: + - pg_isready + env: + - name: PGHOST + value: "{{ .Values.global.db.host | default .Values.db.host }}" + - name: PGPORT + value: "{{ .Values.global.db.port | default .Values.db.port }}" + - name: PGDATABASE + value: "{{ .Values.global.db.dbname | default .Values.db.dbname }}" + - name: PGUSER + value: "{{ .Values.global.db.auth.username | default .Values.db.auth.usernme }}" + - name: PGPASSWORD + value: "{{ .Values.global.db.auth.password | default .Values.db.auth.password }}" + + # Extra Volumes + extraVolumes: + # Volumes for paths that need to be writable + - name: srv-app-i18n + emptyDir: + sizeLimit: 500Mi + - name: srv-app-data + emptyDir: + sizeLimit: 500Mi + + # Extra Volume Mounts + extraVolumeMounts: + # Mount emptyDir volumes for paths that need to be writable + - name: srv-app-data + mountPath: /srv/app/data/ + - name: srv-app-i18n + mountPath: /srv/app/src/ckan/ckan/public/base/i18n/ + +# Remove Solr initContainer +solr: + initContainers: [] + +# Disable datapusher. +datapusher: + enabled: false + +# Disable cerIssuer +certIssuer: + enabled: false diff --git a/provisioning/ms-azure/README.md b/provisioning/ms-azure/README.md index ebfbf0d..9b25342 100644 --- a/provisioning/ms-azure/README.md +++ b/provisioning/ms-azure/README.md @@ -2,7 +2,7 @@ This folder contains a basic example for provisioning a "Managed Kubernetes Cluster" from Microsoft Azure using [Terraform](https://www.terraform.io/). -The Terrafom scripts deploy an instance of +The Terraform scripts deploy an instance of [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/products/kubernetes-service/) with two [node pools](https://learn.microsoft.com/en-us/azure/aks/intro-kubernetes#clusters-and-nodes) of customizable [Azure VM types](https://docs.microsoft.com/de-de/azure/virtual-machines/sizes-general) @@ -33,7 +33,7 @@ options visit the [`azurerm_kubernetes_cluster`](https://registry.terraform.io/p ``` 3. Decide for [Azure VM types](https://docs.microsoft.com/de-de/azure/virtual-machines/sizes-general) and count - for both node pools, a name of the `ressource group`, and provide one or more eMail addresses for budget warning notifications. Pass these options to + for both node pools, a name of the `resource group`, and provide one or more email addresses for budget warning notifications. Pass these options to `terraform plan` to create an execution plan. ```bash @@ -54,4 +54,4 @@ options visit the [`azurerm_kubernetes_cluster`](https://registry.terraform.io/p 5. The access credentials of the AKS instance are output in `.kubeconfig`. Store the credentials in a safe place and add them to your - `~/.kube/config` file to use them with e.g. `kubectl`. After that it is recommended to delete the file. + `~/.kube/config` file to use them with e.g. `kubectl`. After that, it is recommended to delete the file.