From 313c09c12b8adcb0856f85d3af0c214ed4f63308 Mon Sep 17 00:00:00 2001
From: eidottermihi <eidottermihi@gmail.com>
Date: Wed, 27 Sep 2023 17:29:42 +0200
Subject: [PATCH 01/50] Remove rather specific default for podSecurityContext
 for solr

---
 charts/sddi-ckan/charts/solr/README.md   | 2 +-
 charts/sddi-ckan/charts/solr/values.yaml | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/sddi-ckan/charts/solr/README.md b/charts/sddi-ckan/charts/solr/README.md
index afed23d..aaf6b0a 100644
--- a/charts/sddi-ckan/charts/solr/README.md
+++ b/charts/sddi-ckan/charts/solr/README.md
@@ -38,7 +38,7 @@ A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 | persistence.capacity | string | `"4Gi"` | Storage [capacity](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#capacity) |
 | persistence.storageClassName | string | `nil` | StorageClass to use, leave empty to use default StorageClass. |
 | podAnnotations | object | `{}` | Additional pod annotations |
-| podSecurityContext | object | `{"fsGroup":8983,"runAsGroup":8983,"runAsUser":8983}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
+| podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | resources.limits.cpu | string | `"2000m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | resources.limits.memory | string | `"8Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | resources.requests.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
diff --git a/charts/sddi-ckan/charts/solr/values.yaml b/charts/sddi-ckan/charts/solr/values.yaml
index be40900..a9b58e6 100644
--- a/charts/sddi-ckan/charts/solr/values.yaml
+++ b/charts/sddi-ckan/charts/solr/values.yaml
@@ -33,10 +33,10 @@ serviceAccount:
   name: ""
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
-podSecurityContext:
-  runAsUser: 8983
-  runAsGroup: 8983
-  fsGroup: 8983
+podSecurityContext: {}
+  # runAsUser: 8983
+  # runAsGroup: 8983
+  # fsGroup: 8983
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 securityContext: {}

From 93454fd9427f82a5c910ec8b215fc8dfe268531a Mon Sep 17 00:00:00 2001
From: Klaus Mueller <kl.mueller@muenchen.de>
Date: Thu, 28 Sep 2023 15:55:35 +0200
Subject: [PATCH 02/50] repositories configurable

---
 charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml   |  4 ++--
 .../charts/ckan/templates/ckan-statefulset.yml         |  4 ++--
 charts/sddi-ckan/charts/ckan/values.yaml               | 10 ++++++++++
 .../charts/datapusher/templates/datapusher-depl.yml    |  2 +-
 charts/sddi-ckan/charts/datapusher/values.yaml         |  6 ++++++
 5 files changed, 21 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml
 mode change 100644 => 100755 charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
 mode change 100644 => 100755 charts/sddi-ckan/charts/ckan/values.yaml
 mode change 100644 => 100755 charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml
 mode change 100644 => 100755 charts/sddi-ckan/charts/datapusher/values.yaml

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml
old mode 100644
new mode 100755
index f832ff4..4f73b7e
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml
@@ -47,7 +47,7 @@ spec:
 
       initContainers:
       - name: init-data
-        image: busybox
+        image: "{{ .Values.initContainers.initdata.image.repository }}:{{ .Values.initContainers.initdata.image.tag }}"
         command: ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"]
         # securityContext:
         #   runAsUser: 0
@@ -59,7 +59,7 @@ spec:
           readOnly: false
 
       - name: pg-ready
-        image: bwibo/k8s-init-container
+        image: "{{ .Values.initContainers.pgready.image.repository }}:{{ .Values.initContainers.pgready.image.tag }}"
         command:
           - pg_isready
         env:
diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
old mode 100644
new mode 100755
index feb2b36..15c1f74
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
@@ -47,7 +47,7 @@ spec:
 
       initContainers:
       - name: init-data
-        image: busybox
+        image: "{{ .Values.initContainers.initdata.image.repository }}:{{ .Values.initContainers.initdata.image.tag }}"
         command: ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"]
         volumeMounts:
         - name: data
@@ -55,7 +55,7 @@ spec:
           readOnly: false
 
       - name: pg-ready
-        image: bwibo/k8s-init-container
+        image: "{{ .Values.initContainers.pgready.image.repository }}:{{ .Values.initContainers.pgready.image.tag }}"
         command:
           - pg_isready
         env:
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
old mode 100644
new mode 100755
index 7311174..f811b4b
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -21,6 +21,16 @@ image:
 # -- [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
 imagePullSecrets: []
 
+initContainers:
+  initdata:
+    image:
+      repository: busybox
+      tag: latest
+  pgready:
+    image:
+      repository: bwibo/k8s-init-container
+      tag: latest
+
 # -- Additional pod annotations
 podAnnotations: {}
 
diff --git a/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml b/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml
old mode 100644
new mode 100755
index e65d363..68bfb9d
--- a/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml
+++ b/charts/sddi-ckan/charts/datapusher/templates/datapusher-depl.yml
@@ -44,7 +44,7 @@ spec:
       {{- if .Values.global.datapusher.db.enabled | default .Values.db.enabled }}
       initContainers:
       - name: pg-ready
-        image: bwibo/k8s-init-container
+        image: "{{ .Values.initContainers.pgready.image.repository }}:{{ .Values.initContainers.pgready.image.tag }}"
         command:
           - pg_isready
         env:
diff --git a/charts/sddi-ckan/charts/datapusher/values.yaml b/charts/sddi-ckan/charts/datapusher/values.yaml
old mode 100644
new mode 100755
index f0e1127..005f6d8
--- a/charts/sddi-ckan/charts/datapusher/values.yaml
+++ b/charts/sddi-ckan/charts/datapusher/values.yaml
@@ -20,6 +20,12 @@ image:
 # -- [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
 imagePullSecrets: []
 
+initContainers:
+  pgready:
+    image:
+      repository: bwibo/k8s-init-container
+      tag: latest
+
 # -- Additional pod annotations
 podAnnotations: {}
 

From 958b7d55b3b4eb5c7595ed6be789ba90a20d0fc0 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Sun, 8 Oct 2023 13:53:59 +0200
Subject: [PATCH 03/50] Update docs

---
 CHANGELOG.md                                   | 11 +++++++++++
 charts/sddi-ckan/charts/ckan/README.md         |  2 ++
 charts/sddi-ckan/charts/ckan/values.yaml       |  2 ++
 charts/sddi-ckan/charts/datapusher/README.md   |  1 +
 charts/sddi-ckan/charts/datapusher/values.yaml |  1 +
 5 files changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 36b578d..a530518 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,17 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 ## [Unreleased]
 
+## Added
+
+- Allow configuration of images used for init containers
+  - `ckan.initContainers.initdata.image`
+  - `ckan.initContainers.pgready.image`
+  - `datapusher.initContainers.pgready.image`
+
+### Changed
+
+- Relax Solr security context fo OpenShift compatibility
+
 ### Fixed
 
 - Multiple session variables had no effect due to false ENV var names. Affected options:
diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 3eafc07..9c979c9 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -95,6 +95,8 @@ A Helm chart for SDDI enabled CKAN.
 | ingress.stickySessions.sessionCookie.path | string | `"/"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.stickySessions.sessionCookie.secure | string | `"false"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. |
+| initContainers.initdata.image | object | `{"repository":"busybox","tag":"latest"}` | Image used to initialize `persistence.storagePath`. |
+| initContainers.pgready.image | object | `{"repository":"bwibo/k8s-init-container","tag":"latest"}` | Image used for testing PostgresSQL database readiness. |
 | licensesGroupUrl | string | `"https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"` | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. |
 | liveness.failureThreshold | int | `6` | Failure threshold for the liveness probe |
 | liveness.initialDelaySeconds | int | `20` | Initial delay for the liveness probe |
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 4f1c478..93ac809 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -23,10 +23,12 @@ imagePullSecrets: []
 
 initContainers:
   initdata:
+    # -- Image used to initialize `persistence.storagePath`.
     image:
       repository: busybox
       tag: latest
   pgready:
+    # -- Image used for testing PostgresSQL database readiness.
     image:
       repository: bwibo/k8s-init-container
       tag: latest
diff --git a/charts/sddi-ckan/charts/datapusher/README.md b/charts/sddi-ckan/charts/datapusher/README.md
index eb10c8c..b08a626 100644
--- a/charts/sddi-ckan/charts/datapusher/README.md
+++ b/charts/sddi-ckan/charts/datapusher/README.md
@@ -48,6 +48,7 @@ A Helm chart for CKAN Datapusher.
 | image.repository | string | `"tumgis/ckan-datapusher"` | [Image repository](https://kubernetes.io/docs/concepts/containers/images/) |
 | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. |
 | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) |
+| initContainers.pgready.image | object | `{"repository":"bwibo/k8s-init-container","tag":"latest"}` | Image used for testing PostgresSQL database readiness. |
 | insertRows | string | `"250"` | Number of rows to take from the data and upload them as chunks to datastore |
 | maxContentLength | string | `"10485760"` | Maximum size of content to be uploaded in bytes. |
 | nameOverride | string | `""` | Override name |
diff --git a/charts/sddi-ckan/charts/datapusher/values.yaml b/charts/sddi-ckan/charts/datapusher/values.yaml
index 005f6d8..284fb85 100755
--- a/charts/sddi-ckan/charts/datapusher/values.yaml
+++ b/charts/sddi-ckan/charts/datapusher/values.yaml
@@ -22,6 +22,7 @@ imagePullSecrets: []
 
 initContainers:
   pgready:
+    # -- Image used for testing PostgresSQL database readiness.
     image:
       repository: bwibo/k8s-init-container
       tag: latest

From 67b0a8bc3c3ee3b86d18d1adef142d7a656c1e39 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Sun, 8 Oct 2023 14:02:39 +0200
Subject: [PATCH 04/50] Ref PR and contributors

---
 CHANGELOG.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a530518..bec2a22 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,16 +10,18 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 ## [Unreleased]
 
+@klml, @eidottermihi made their first contributions!
+
 ## Added
 
-- Allow configuration of images used for init containers
+- Allow configuration of images used for init containers. tum-gis/sddi-ckan-k8s#24
   - `ckan.initContainers.initdata.image`
   - `ckan.initContainers.pgready.image`
   - `datapusher.initContainers.pgready.image`
 
 ### Changed
 
-- Relax Solr security context fo OpenShift compatibility
+- Relax Solr security context fo OpenShift compatibility. tum-gis/sddi-ckan-k8s#24
 
 ### Fixed
 

From 53f5151bf24c0af718d19f154cf08764be17890f Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Sun, 8 Oct 2023 14:32:10 +0200
Subject: [PATCH 05/50] minor fixes

---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bec2a22..b4fcbba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,7 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 ## [Unreleased]
 
-@klml, @eidottermihi made their first contributions!
+[@klml](https://github.com/klml), [@eidottermihi](https://github.com/eidottermihi) made their first contributions!
 
 ## Added
 
@@ -21,7 +21,7 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 ### Changed
 
-- Relax Solr security context fo OpenShift compatibility. tum-gis/sddi-ckan-k8s#24
+- Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24
 
 ### Fixed
 

From a20d59da98b820f2d83e004d72173cdbdc271952 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Sun, 8 Oct 2023 14:35:34 +0200
Subject: [PATCH 06/50] 1.3.0-beta1

---
 CHANGELOG.md                                  | 2 +-
 charts/sddi-ckan/Chart.yaml                   | 2 +-
 charts/sddi-ckan/README.md                    | 2 +-
 charts/sddi-ckan/charts/ckan/Chart.yaml       | 2 +-
 charts/sddi-ckan/charts/ckan/README.md        | 2 +-
 charts/sddi-ckan/charts/datapusher/Chart.yaml | 2 +-
 charts/sddi-ckan/charts/datapusher/README.md  | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b4fcbba..68e53ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@ Versions are prefixed with `sddi-ckan-` due to usage of
 [chart-releaser-action](https://github.com/helm/chart-releaser-action).
 For releases `< 1.0.0` minor version step indicate breaking changes.
 
-## [Unreleased]
+## [sddi-ckan-1.3.0-beta1] - 2023-10-08
 
 [@klml](https://github.com/klml), [@eidottermihi](https://github.com/eidottermihi) made their first contributions!
 
diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml
index 9644e37..7f1d19f 100644
--- a/charts/sddi-ckan/Chart.yaml
+++ b/charts/sddi-ckan/Chart.yaml
@@ -10,7 +10,7 @@ sources:
   - https://www.asg.ed.tum.de/en/gis/projects/smart-district-data-infrastructure
   - https://github.com/tum-gis/ckan-docker
 
-version: 1.2.2
+version: 1.3.0-beta1
 appVersion: "1.2.0"
 kubeVersion: ">= 1.23.0-0"
 
diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md
index e06a4f8..4d6a485 100644
--- a/charts/sddi-ckan/README.md
+++ b/charts/sddi-ckan/README.md
@@ -1,6 +1,6 @@
 # sddi-ckan
 
-![Version: 1.2.2](https://img.shields.io/badge/Version-1.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
+![Version: 1.3.0-beta1](https://img.shields.io/badge/Version-1.3.0--beta1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
 
 Helm Chart for a SDDI enabled CKAN catalog. See [CHANGELOG](https://github.com/tum-gis/sddi-ckan-k8s/blob/main/CHANGELOG.md) for changes.
 
diff --git a/charts/sddi-ckan/charts/ckan/Chart.yaml b/charts/sddi-ckan/charts/ckan/Chart.yaml
index 8b1ed9b..ee41e6f 100644
--- a/charts/sddi-ckan/charts/ckan/Chart.yaml
+++ b/charts/sddi-ckan/charts/ckan/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://github.com/tum-gis/ckan-docker
   - https://github.com/keitaroinc/docker-ckan
 
-version: 1.2.2
+version: 1.3.0
 appVersion: "1.2.0"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 9c979c9..e920566 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -1,6 +1,6 @@
 # ckan
 
-![Version: 1.2.2](https://img.shields.io/badge/Version-1.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
+![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
 
 A Helm chart for SDDI enabled CKAN.
 
diff --git a/charts/sddi-ckan/charts/datapusher/Chart.yaml b/charts/sddi-ckan/charts/datapusher/Chart.yaml
index e2604f0..19e8716 100644
--- a/charts/sddi-ckan/charts/datapusher/Chart.yaml
+++ b/charts/sddi-ckan/charts/datapusher/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://github.com/tum-gis/sddi-ckan-k8s/tree/main/sddi-ckan/charts/charts/datapusher
   - https://github.com/keitaroinc/docker-ckan
 
-version: 0.4.0
+version: 0.5.0
 appVersion: "0.0.19"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/datapusher/README.md b/charts/sddi-ckan/charts/datapusher/README.md
index b08a626..962bc84 100644
--- a/charts/sddi-ckan/charts/datapusher/README.md
+++ b/charts/sddi-ckan/charts/datapusher/README.md
@@ -1,6 +1,6 @@
 # datapusher
 
-![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.19](https://img.shields.io/badge/AppVersion-0.0.19-informational?style=flat-square)
+![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.19](https://img.shields.io/badge/AppVersion-0.0.19-informational?style=flat-square)
 
 A Helm chart for CKAN Datapusher.
 

From 85450181679fdf085c2d90a9d0028f0fdb12d439 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Thu, 2 Nov 2023 16:27:51 +0100
Subject: [PATCH 07/50] drop default resource requirements/limits

---
 charts/sddi-ckan/charts/ckan/Chart.yaml        |  2 +-
 charts/sddi-ckan/charts/ckan/README.md         |  7 ++-----
 charts/sddi-ckan/charts/ckan/values.yaml       | 14 ++------------
 charts/sddi-ckan/charts/datapusher/Chart.yaml  |  2 +-
 charts/sddi-ckan/charts/datapusher/README.md   |  7 ++-----
 charts/sddi-ckan/charts/datapusher/values.yaml | 16 ++--------------
 charts/sddi-ckan/charts/postgis/Chart.yaml     |  2 +-
 charts/sddi-ckan/charts/postgis/README.md      |  7 ++-----
 charts/sddi-ckan/charts/postgis/values.yaml    | 14 ++------------
 charts/sddi-ckan/charts/redis/Chart.yaml       |  2 +-
 charts/sddi-ckan/charts/redis/README.md        |  7 ++-----
 charts/sddi-ckan/charts/redis/values.yaml      | 14 ++------------
 charts/sddi-ckan/charts/solr/Chart.yaml        |  2 +-
 charts/sddi-ckan/charts/solr/README.md         |  7 ++-----
 charts/sddi-ckan/charts/solr/values.yaml       | 14 ++------------
 15 files changed, 25 insertions(+), 92 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/Chart.yaml b/charts/sddi-ckan/charts/ckan/Chart.yaml
index ee41e6f..d01f5cb 100644
--- a/charts/sddi-ckan/charts/ckan/Chart.yaml
+++ b/charts/sddi-ckan/charts/ckan/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://github.com/tum-gis/ckan-docker
   - https://github.com/keitaroinc/docker-ckan
 
-version: 1.3.0
+version: 1.3.1
 appVersion: "1.2.0"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index e920566..20faffe 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -1,6 +1,6 @@
 # ckan
 
-![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
+![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
 
 A Helm chart for SDDI enabled CKAN.
 
@@ -129,10 +129,7 @@ A Helm chart for SDDI enabled CKAN.
 | readiness.timeoutSeconds | int | `10` | Timeout interval for the liveness probe |
 | redis.url | string | `"redis://redis-hl:6379/0"` | Redis endpoint for CKAN. This should be set to cluster internal Redis service domain. [CKAN configuration Redis](https://docs.ckan.org/en/latest/maintaining/configuration.html#redis-settings) |
 | replicaCount | int | `1` | Number of replicas. Only used if `autoscaling.enabled = false`. **Note:** Running multiple replicas requires to enable persistent data storage (`persistence.enabled = true`) and, if Pods run on different nodes, a storage that supports RWX. |
-| resources.limits.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.limits.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.cpu | string | `"250m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.memory | string | `"256Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | sddiInitDataJson | string | `"init_data.json"` | Local path or URL to File path or URL to [CKAN SDDI `init_data.json`](https://github.com/tum-gis/ckanext-grouphierarchy-sddi/blob/main/ckanext/grouphierarchy/init_data.json). This file allows to specify pre-defined set of SDDI CKAN main categories, topics, and organizations. |
 | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | service.port | int | `5000` | Service port for http |
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 93ac809..ef8179b 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -433,18 +433,8 @@ activityStreams:
   # -- [CKAN config activity stream](https://docs.ckan.org/en/latest/maintaining/configuration.html#activity-streams-settings)
   emailNotifications: True
 
-resources:
-  limits:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 500m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 1Gi
-  requests:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 250m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 256Mi
-
+# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+resources: {}
 # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)
 nodeSelector: {}
 # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
diff --git a/charts/sddi-ckan/charts/datapusher/Chart.yaml b/charts/sddi-ckan/charts/datapusher/Chart.yaml
index 19e8716..cf21090 100644
--- a/charts/sddi-ckan/charts/datapusher/Chart.yaml
+++ b/charts/sddi-ckan/charts/datapusher/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://github.com/tum-gis/sddi-ckan-k8s/tree/main/sddi-ckan/charts/charts/datapusher
   - https://github.com/keitaroinc/docker-ckan
 
-version: 0.5.0
+version: 0.5.1
 appVersion: "0.0.19"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/datapusher/README.md b/charts/sddi-ckan/charts/datapusher/README.md
index 962bc84..800209f 100644
--- a/charts/sddi-ckan/charts/datapusher/README.md
+++ b/charts/sddi-ckan/charts/datapusher/README.md
@@ -1,6 +1,6 @@
 # datapusher
 
-![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.19](https://img.shields.io/badge/AppVersion-0.0.19-informational?style=flat-square)
+![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.19](https://img.shields.io/badge/AppVersion-0.0.19-informational?style=flat-square)
 
 A Helm chart for CKAN Datapusher.
 
@@ -56,10 +56,7 @@ A Helm chart for CKAN Datapusher.
 | podAnnotations | object | `{}` | Additional pod annotations |
 | podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | replicaCount | int | `1` | Number of replicas. Only used if `autoscaling.enabled = false`. |
-| resources.limits.cpu | string | `"1000m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.limits.memory | string | `"500Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.cpu | string | `"250m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.memory | string | `"256Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | service.port | int | `8000` | Service port |
 | service.type | string | `"ClusterIP"` | Type of service |
diff --git a/charts/sddi-ckan/charts/datapusher/values.yaml b/charts/sddi-ckan/charts/datapusher/values.yaml
index 284fb85..572f2c3 100755
--- a/charts/sddi-ckan/charts/datapusher/values.yaml
+++ b/charts/sddi-ckan/charts/datapusher/values.yaml
@@ -129,20 +129,8 @@ db:
     # Note: This values is overwritten by `global.datapusher.db.auth.password`, if set.
     password: changeMe
 
-
-
-resources:
-  limits:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 1000m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 500Mi
-  requests:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 250m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 256Mi
-
+# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+resources: {}
 # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)
 nodeSelector: {}
 # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
diff --git a/charts/sddi-ckan/charts/postgis/Chart.yaml b/charts/sddi-ckan/charts/postgis/Chart.yaml
index 89e11e7..46cfa7d 100644
--- a/charts/sddi-ckan/charts/postgis/Chart.yaml
+++ b/charts/sddi-ckan/charts/postgis/Chart.yaml
@@ -8,7 +8,7 @@ sources:
   - https://github.com/tum-gis/sddi-ckan-k8s/tree/main/sddi-ckan/charts/charts/postgis
   - https://registry.hub.docker.com/r/postgis/postgis/
 
-version: 0.6.0
+version: 0.6.1
 appVersion: "14-3.3"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/postgis/README.md b/charts/sddi-ckan/charts/postgis/README.md
index 8aa872c..e3ecfcb 100644
--- a/charts/sddi-ckan/charts/postgis/README.md
+++ b/charts/sddi-ckan/charts/postgis/README.md
@@ -1,6 +1,6 @@
 # postgis
 
-![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 14-3.3](https://img.shields.io/badge/AppVersion-14--3.3-informational?style=flat-square)
+![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 14-3.3](https://img.shields.io/badge/AppVersion-14--3.3-informational?style=flat-square)
 
 A Helm chart for sa simple PostGIS database pre-configured for CKAN.
 
@@ -59,10 +59,7 @@ A Helm chart for sa simple PostGIS database pre-configured for CKAN.
 | persistence.storageClassName | string | `nil` | StorageClass to use, leave empty to use default StorageClass. |
 | podAnnotations | object | `{}` | Additional pod annotations |
 | podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
-| resources.limits.cpu | string | `"2000m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.limits.memory | string | `"4Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | securityContext | string | `nil` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `false` | Specifies whether a service account should be created |
diff --git a/charts/sddi-ckan/charts/postgis/values.yaml b/charts/sddi-ckan/charts/postgis/values.yaml
index 723ec14..b33bffb 100644
--- a/charts/sddi-ckan/charts/postgis/values.yaml
+++ b/charts/sddi-ckan/charts/postgis/values.yaml
@@ -129,18 +129,8 @@ debug:
   # -- Enable/disable query logging
   queryLogging: false
 
-resources:
-  limits:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 2000m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 4Gi
-  requests:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 500m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 1Gi
-
+# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+resources: {}
 # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)
 nodeSelector: {}
 # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
diff --git a/charts/sddi-ckan/charts/redis/Chart.yaml b/charts/sddi-ckan/charts/redis/Chart.yaml
index 26a81f9..5026475 100644
--- a/charts/sddi-ckan/charts/redis/Chart.yaml
+++ b/charts/sddi-ckan/charts/redis/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://hub.docker.com/_/redis
 
 
-version: 0.2.0
+version: 0.2.1
 appVersion: "7.0.8-alpine"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/redis/README.md b/charts/sddi-ckan/charts/redis/README.md
index 4627ca4..9002e4c 100644
--- a/charts/sddi-ckan/charts/redis/README.md
+++ b/charts/sddi-ckan/charts/redis/README.md
@@ -1,6 +1,6 @@
 # redis
 
-![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.0.8-alpine](https://img.shields.io/badge/AppVersion-7.0.8--alpine-informational?style=flat-square)
+![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.0.8-alpine](https://img.shields.io/badge/AppVersion-7.0.8--alpine-informational?style=flat-square)
 
 A Helm chart for basic Redis for use with CKAN.
 
@@ -46,10 +46,7 @@ A Helm chart for basic Redis for use with CKAN.
 | podAnnotations | object | `{}` | Additional pod annotations |
 | podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | replicaCount | int | `1` | Number of replicas. Only used if `autoscaling.enabled = false`. |
-| resources.limits.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.limits.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.cpu | string | `"250m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.memory | string | `"256Mi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | service.port | int | `6379` | Service port for http |
 | service.type | string | `"ClusterIP"` | Type of service for http |
diff --git a/charts/sddi-ckan/charts/redis/values.yaml b/charts/sddi-ckan/charts/redis/values.yaml
index 4ef8806..8abcdb1 100644
--- a/charts/sddi-ckan/charts/redis/values.yaml
+++ b/charts/sddi-ckan/charts/redis/values.yaml
@@ -88,18 +88,8 @@ service:
   # -- Service port for http
   port: 6379
 
-resources:
-  limits:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 500m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 1Gi
-  requests:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 250m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 256Mi
-
+# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+resources: {}
 # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)
 nodeSelector: {}
 # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
diff --git a/charts/sddi-ckan/charts/solr/Chart.yaml b/charts/sddi-ckan/charts/solr/Chart.yaml
index a734019..07eae2d 100644
--- a/charts/sddi-ckan/charts/solr/Chart.yaml
+++ b/charts/sddi-ckan/charts/solr/Chart.yaml
@@ -8,7 +8,7 @@ sources:
   - https://github.com/ckan/ckan-solr
   - https://github.com/ckan/ckanext-spatial
 
-version: 0.3.1
+version: 0.3.2
 appVersion: "2.9-solr8-spatial"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/solr/README.md b/charts/sddi-ckan/charts/solr/README.md
index aaf6b0a..88cf639 100644
--- a/charts/sddi-ckan/charts/solr/README.md
+++ b/charts/sddi-ckan/charts/solr/README.md
@@ -1,6 +1,6 @@
 # solr
 
-![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square)
+![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square)
 
 A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 
@@ -39,10 +39,7 @@ A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 | persistence.storageClassName | string | `nil` | StorageClass to use, leave empty to use default StorageClass. |
 | podAnnotations | object | `{}` | Additional pod annotations |
 | podSecurityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
-| resources.limits.cpu | string | `"2000m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.limits.memory | string | `"8Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.cpu | string | `"500m"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| resources.requests.memory | string | `"1Gi"` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| resources | object | `{}` | [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | securityContext | object | `{}` | [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) |
 | service.port | int | `8983` | Service port for http |
 | service.type | string | `"ClusterIP"` | Type of service for http |
diff --git a/charts/sddi-ckan/charts/solr/values.yaml b/charts/sddi-ckan/charts/solr/values.yaml
index a9b58e6..ecf2a46 100644
--- a/charts/sddi-ckan/charts/solr/values.yaml
+++ b/charts/sddi-ckan/charts/solr/values.yaml
@@ -70,18 +70,8 @@ persistence:
   annotations:
   # helm.sh/resource-policy: keep
 
-resources:
-  limits:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 2000m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 8Gi
-  requests:
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    cpu: 500m
-    # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
-    memory: 1Gi
-
+# -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
+resources: {}
 # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)
 nodeSelector: {}
 # -- [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)

From 8cfe43ff99345e08ecbecfe88eb410af5cd0a172 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Thu, 2 Nov 2023 16:37:04 +0100
Subject: [PATCH 08/50] Update changelog

---
 CHANGELOG.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68e53ad..770fbf8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,10 +8,14 @@ Versions are prefixed with `sddi-ckan-` due to usage of
 [chart-releaser-action](https://github.com/helm/chart-releaser-action).
 For releases `< 1.0.0` minor version step indicate breaking changes.
 
-## [sddi-ckan-1.3.0-beta1] - 2023-10-08
+## [sddi-ckan-2.0.0] - 2023-11-02
 
 [@klml](https://github.com/klml), [@eidottermihi](https://github.com/eidottermihi) made their first contributions!
 
+## Breaking
+
+- Removed default resource requirements/limits for all services, tum-gis/sddi-ckan-k8s#28, tum-gis/sddi-ckan-k8s#29
+
 ## Added
 
 - Allow configuration of images used for init containers. tum-gis/sddi-ckan-k8s#24

From 785e0e8e829321697416e2896038d0a7863e1ddb Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Thu, 2 Nov 2023 16:53:35 +0100
Subject: [PATCH 09/50] v2.0.0

---
 CHANGELOG.md                            | 11 +++++++++--
 charts/sddi-ckan/Chart.yaml             |  4 ++--
 charts/sddi-ckan/README.md              |  2 +-
 charts/sddi-ckan/charts/ckan/Chart.yaml |  4 ++--
 charts/sddi-ckan/charts/ckan/README.md  |  2 +-
 5 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 770fbf8..f2f4998 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,11 +10,15 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 ## [sddi-ckan-2.0.0] - 2023-11-02
 
+This release updates the sddi-ckan Docker image to `v2.0.0` bringing several security improvements
+and some breaking changes too. Make sure to check the
+[CHANGELOG](https://github.com/tum-gis/ckan-docker/blob/2.0.0/CHANGELOG.md) for all details.
+
 [@klml](https://github.com/klml), [@eidottermihi](https://github.com/eidottermihi) made their first contributions!
 
 ## Breaking
 
-- Removed default resource requirements/limits for all services, tum-gis/sddi-ckan-k8s#28, tum-gis/sddi-ckan-k8s#29
+- Removed default resource requirements/limits for all services. tum-gis/sddi-ckan-k8s#28, tum-gis/sddi-ckan-k8s#29
 
 ## Added
 
@@ -26,6 +30,8 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 ### Changed
 
 - Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24
+- Bump SDDI CKAN Image `1.2.0` --> `2.0.0`, see
+  [CHANGELOG](https://github.com/tum-gis/ckan-docker/blob/2.0.0/CHANGELOG.md) for more.
 
 ### Fixed
 
@@ -340,8 +346,9 @@ is displayed when navigating to the _Datasets_ view of CKAN.
 
 ### Known issues
 
-[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...HEAD
+[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...HEAD
 
+[sddi-ckan-2.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...sddi-ckan-2.0.0
 [sddi-ckan-1.2.2]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.1...sddi-ckan-1.2.2
 [sddi-ckan-1.2.1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.0...sddi-ckan-1.2.1
 [sddi-ckan-1.2.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.1.7...sddi-ckan-1.2.0
diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml
index 7f1d19f..caf5494 100644
--- a/charts/sddi-ckan/Chart.yaml
+++ b/charts/sddi-ckan/Chart.yaml
@@ -10,8 +10,8 @@ sources:
   - https://www.asg.ed.tum.de/en/gis/projects/smart-district-data-infrastructure
   - https://github.com/tum-gis/ckan-docker
 
-version: 1.3.0-beta1
-appVersion: "1.2.0"
+version: 2.0.0
+appVersion: "2.0.0"
 kubeVersion: ">= 1.23.0-0"
 
 maintainers:
diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md
index 4d6a485..874cd08 100644
--- a/charts/sddi-ckan/README.md
+++ b/charts/sddi-ckan/README.md
@@ -1,6 +1,6 @@
 # sddi-ckan
 
-![Version: 1.3.0-beta1](https://img.shields.io/badge/Version-1.3.0--beta1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
+![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 Helm Chart for a SDDI enabled CKAN catalog. See [CHANGELOG](https://github.com/tum-gis/sddi-ckan-k8s/blob/main/CHANGELOG.md) for changes.
 
diff --git a/charts/sddi-ckan/charts/ckan/Chart.yaml b/charts/sddi-ckan/charts/ckan/Chart.yaml
index d01f5cb..e32dcb2 100644
--- a/charts/sddi-ckan/charts/ckan/Chart.yaml
+++ b/charts/sddi-ckan/charts/ckan/Chart.yaml
@@ -9,8 +9,8 @@ sources:
   - https://github.com/tum-gis/ckan-docker
   - https://github.com/keitaroinc/docker-ckan
 
-version: 1.3.1
-appVersion: "1.2.0"
+version: 2.0.0
+appVersion: "2.0.0"
 
 maintainers:
   - email: b.willenborg@tum.de
diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 20faffe..b99be89 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -1,6 +1,6 @@
 # ckan
 
-![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square)
+![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 A Helm chart for SDDI enabled CKAN.
 

From cd62642dacf4c5891eddf41e2bcceb210fb97105 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <b.willenborg@tum.de>
Date: Thu, 2 Nov 2023 16:58:35 +0100
Subject: [PATCH 10/50] Relax dependency version pinning

---
 charts/sddi-ckan/Chart.yaml | 4 ++--
 charts/sddi-ckan/README.md  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml
index caf5494..57ab16f 100644
--- a/charts/sddi-ckan/Chart.yaml
+++ b/charts/sddi-ckan/Chart.yaml
@@ -41,10 +41,10 @@ dependencies:
   - name: ingress-nginx
     alias: ingress-nginx
     condition: ingress-nginx.enabled
-    version: "~4.4.0"
+    version: "^4"
     repository: https://kubernetes.github.io/ingress-nginx
   - name: cert-manager
     alias: cert-manager
     condition: cert-manager.enabled
-    version: "~1.11.0"
+    version: "^1"
     repository: https://charts.jetstack.io
diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md
index 874cd08..8afae06 100644
--- a/charts/sddi-ckan/README.md
+++ b/charts/sddi-ckan/README.md
@@ -30,8 +30,8 @@ Kubernetes: `>= 1.23.0-0`
 |  | postgis | * |
 |  | redis | * |
 |  | solr | * |
-| https://charts.jetstack.io | cert-manager(cert-manager) | ~1.11.0 |
-| https://kubernetes.github.io/ingress-nginx | ingress-nginx(ingress-nginx) | ~4.4.0 |
+| https://charts.jetstack.io | cert-manager(cert-manager) | ^1 |
+| https://kubernetes.github.io/ingress-nginx | ingress-nginx(ingress-nginx) | ^4 |
 
 ## Values
 

From 0cbb324c666c5980c96372bf4def710b9fd1f1a2 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 20 Jan 2024 12:51:32 +0100
Subject: [PATCH 11/50] Add bitnami/common library chart

---
 charts/sddi-ckan/Chart.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml
index 57ab16f..2cea2b1 100644
--- a/charts/sddi-ckan/Chart.yaml
+++ b/charts/sddi-ckan/Chart.yaml
@@ -48,3 +48,13 @@ dependencies:
     condition: cert-manager.enabled
     version: "^1"
     repository: https://charts.jetstack.io
+  - name: cert-manager
+    alias: cert-manager
+    condition: cert-manager.enabled
+    version: "^1"
+    repository: https://charts.jetstack.io
+  - name: common
+    repository: oci://registry-1.docker.io/bitnamicharts
+    tags:
+    - bitnami-common
+    version: 2.x.x

From 9f7874fefd9c277d94533bcdb38f4c0d606ce8c8 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 20 Jan 2024 12:52:11 +0100
Subject: [PATCH 12/50] drop duplicate cert-manager dependency

---
 charts/sddi-ckan/Chart.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml
index 2cea2b1..07492ef 100644
--- a/charts/sddi-ckan/Chart.yaml
+++ b/charts/sddi-ckan/Chart.yaml
@@ -48,11 +48,6 @@ dependencies:
     condition: cert-manager.enabled
     version: "^1"
     repository: https://charts.jetstack.io
-  - name: cert-manager
-    alias: cert-manager
-    condition: cert-manager.enabled
-    version: "^1"
-    repository: https://charts.jetstack.io
   - name: common
     repository: oci://registry-1.docker.io/bitnamicharts
     tags:

From 32d49061241a4680556fe7167ecccc38d181e07d Mon Sep 17 00:00:00 2001
From: Benedikt Schwab <benedikt.schwab@tum.de>
Date: Fri, 9 Feb 2024 17:49:02 +0100
Subject: [PATCH 13/50] fixed minor typos

---
 provisioning/ms-azure/README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/provisioning/ms-azure/README.md b/provisioning/ms-azure/README.md
index ebfbf0d..9b25342 100644
--- a/provisioning/ms-azure/README.md
+++ b/provisioning/ms-azure/README.md
@@ -2,7 +2,7 @@
 
 This folder contains a basic example for provisioning a "Managed Kubernetes Cluster"
 from Microsoft Azure using [Terraform](https://www.terraform.io/).
-The Terrafom scripts deploy an instance of
+The Terraform scripts deploy an instance of
 [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/products/kubernetes-service/) with two [node pools](https://learn.microsoft.com/en-us/azure/aks/intro-kubernetes#clusters-and-nodes)
 of customizable
 [Azure VM types](https://docs.microsoft.com/de-de/azure/virtual-machines/sizes-general)
@@ -33,7 +33,7 @@ options visit the [`azurerm_kubernetes_cluster`](https://registry.terraform.io/p
     ```
 
 3. Decide for [Azure VM types](https://docs.microsoft.com/de-de/azure/virtual-machines/sizes-general) and count
-   for both node pools, a name of the `ressource group`, and provide one or more eMail addresses for budget warning notifications. Pass these options to
+   for both node pools, a name of the `resource group`, and provide one or more email addresses for budget warning notifications. Pass these options to
    `terraform plan` to create an execution plan.
 
     ```bash
@@ -54,4 +54,4 @@ options visit the [`azurerm_kubernetes_cluster`](https://registry.terraform.io/p
 
 5. The access credentials of the AKS instance are output in `.kubeconfig`.
    Store the credentials in a safe place and add them to your
-   `~/.kube/config` file to use them with e.g. `kubectl`. After that it is recommended to delete the file.
+   `~/.kube/config` file to use them with e.g. `kubectl`. After that, it is recommended to delete the file.

From 44ab97c70cb579530200b614657b1a097c676c77 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 20 Feb 2024 12:32:50 +0100
Subject: [PATCH 14/50] Update release action

---
 .github/workflows/chart-releaser.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/chart-releaser.yml b/.github/workflows/chart-releaser.yml
index 8b1222c..3207655 100644
--- a/.github/workflows/chart-releaser.yml
+++ b/.github/workflows/chart-releaser.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -30,9 +30,12 @@ jobs:
       - name: Install Helm
         uses: azure/setup-helm@v3
         with:
-          version: v3.12.3
+          version: v3.14.1
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.5.0
+        uses: helm/chart-releaser-action@v1.6.0
+        with:
+          mark_as_latest: true
+          skip_existing: true
         env:
-          CR_TOKEN: "${{ secrets.GH_TOKEN }}"
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

From 2eb43c62296e8172405820f4b295b4d10f6a0ef9 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Wed, 21 Feb 2024 00:29:25 +0100
Subject: [PATCH 15/50] Set initContainer and extraInitContainers in values.yml

---
 .../ckan/templates/ckan-statefulset.yml       | 32 +++-----
 charts/sddi-ckan/charts/ckan/values.yaml      | 78 +++++++++++++------
 2 files changed, 64 insertions(+), 46 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
index 15c1f74..aa086bd 100755
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
@@ -45,32 +45,20 @@ spec:
           persistentVolumeClaim:
             claimName: {{ include "ckan.fullname" . }}
 
+      # GREP
       initContainers:
-      - name: init-data
-        image: "{{ .Values.initContainers.initdata.image.repository }}:{{ .Values.initContainers.initdata.image.tag }}"
-        command: ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"]
-        volumeMounts:
+      {{- if .Values.initContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
+
+      {{- if .Values.extraInitContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
+
+      volumeMounts:
         - name: data
           mountPath: {{ .Values.persistence.storagePath }}
           readOnly: false
-
-      - name: pg-ready
-        image: "{{ .Values.initContainers.pgready.image.repository }}:{{ .Values.initContainers.pgready.image.tag }}"
-        command:
-          - pg_isready
-        env:
-          - name: PGHOST
-            value: {{ .Values.global.db.host | default .Values.db.host | quote }}
-          - name: PGPORT
-            value: {{ .Values.global.db.port | default .Values.db.port | quote }}
-          - name: PGDATABASE
-            value: {{ .Values.global.db.dbname | default .Values.db.dbname | quote }}
-          - name: PGUSER
-            value: {{ .Values.global.db.auth.username | default .Values.db.auth.username | quote }}
-          - name: PGPASSWORD
-            value: {{ .Values.global.db.auth.password | default .Values.db.auth.password | quote }}
-
-
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index ef8179b..1fe7b8c 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -1,4 +1,3 @@
-
 # -- Enable/disable CKAN
 enabled: true
 
@@ -21,17 +20,43 @@ image:
 # -- [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
 imagePullSecrets: []
 
+# -- Sets `initContainers`. Note: Set to `[]` to disable the default init containers or any list
+# of init container definition to overwrite the default init containers. Use `extraInitContainers` to
+# extend the default init containers.
 initContainers:
-  initdata:
-    # -- Image used to initialize `persistence.storagePath`.
-    image:
-      repository: busybox
-      tag: latest
-  pgready:
-    # -- Image used for testing PostgresSQL database readiness.
-    image:
-      repository: bwibo/k8s-init-container
-      tag: latest
+  - name: pg-ready
+    image: bwibo/k8s-init-container:latest
+    command:
+      - pg_isready
+    env:
+      - name: PGHOST
+        value: "{{ .Values.global.db.host | default .Values.db.host | quote }}"
+      - name: PGPORT
+        value: "{{ .Values.global.db.port | default .Values.db.port | quote }}"
+      - name: PGDATABASE
+        value: "{{ .Values.global.db.dbname | default .Values.db.dbname | quote }}"
+      - name: PGUSER
+        value: "{{ .Values.global.db.auth.username | default .Values.db.auth.username | quote }}"
+      - name: PGPASSWORD
+        value: "{{ .Values.global.db.auth.password | default .Values.db.auth.password | quote }}"
+  - name: init-data
+    image: busybox:latest
+    command:
+      ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"]
+
+extraInitContainers: []
+
+# initContainersImages:
+#   initdata:
+#     # -- Image used to initialize `persistence.storagePath`.
+#     image:
+#       repository: busybox
+#       tag: latest
+#   pgready:
+#     # -- Image used for testing PostgresSQL database readiness.
+#     image:
+#       repository: bwibo/k8s-init-container
+#       tag: latest
 
 # -- Additional pod annotations
 podAnnotations: {}
@@ -46,11 +71,13 @@ serviceAccount:
   name: ""
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
-podSecurityContext: {}
+podSecurityContext:
+  {}
   # fsGroup: 2000
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -65,8 +92,8 @@ service:
   port: 5000
 
 # -- Number of replicas. Only used if `autoscaling.enabled = false`.
-  # **Note:** Running multiple replicas requires to enable persistent data storage (`persistence.enabled = true`) and,
-  # if Pods run on different nodes, a storage that supports RWX.
+# **Note:** Running multiple replicas requires to enable persistent data storage (`persistence.enabled = true`) and,
+# if Pods run on different nodes, a storage that supports RWX.
 replicaCount: 1
 autoscaling:
   # -- Enable/disable pod autoscaling, if disabled `replicaCount` is used to set number of pods.
@@ -223,7 +250,7 @@ auth:
   create_user_via_web: true
   public_activity_stream_detail: true
   public_user_details: false
-  roles_that_cascade_to_sub_groups:  admin editor member
+  roles_that_cascade_to_sub_groups: admin editor member
   user_create_groups: false
   user_create_organizations: false
   user_delete_groups: false
@@ -307,7 +334,8 @@ webassets:
 # -- Extra environment variables. Values need to be quoted. This can be used to overwrite or
 # extend [CKAN settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-configuration-file).
 # See [ckanext-envvars](https://github.com/okfn/ckanext-envvars) for variable naming conventions.
-extraEnv: {}
+extraEnv:
+  {}
   # CKAN___SOME_VARIABLE: "someValues"
 
 # Persistence -----------------------------------------------------------------
@@ -321,7 +349,7 @@ persistence:
   # for CKAN__STORAGE_PATH env var too!
   storagePath: /var/lib/ckan
   accessModes:
-  # -- [k8s: Persistent volume access modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
+    # -- [k8s: Persistent volume access modes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes)
     - ReadWriteOnce
   # -- Storage [capacity](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#capacity)
   capacity: 4Gi
@@ -342,21 +370,23 @@ db:
   # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings)
   dbname: ckan_default
   auth:
-  # -- CKAN database username, used to build `sqlalchemy.url` see
-  # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings)
+    # -- CKAN database username, used to build `sqlalchemy.url` see
+    # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings)
     username: ckan
-  # -- CKAN database password, used to build `sqlalchemy.url` see
-  # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings)
+    # -- CKAN database password, used to build `sqlalchemy.url` see
+    # [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings)
     password: changeMe
 
 # Datastore -------------------------------------------------------------------
 datastore:
   # -- CKAN datastore host, used to build `ckan.datastore.read/write_url` see
   # [CKAN datastore settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#datastore-settings)
-  host: postgis
+  host:
+    postgis
     # -- CKAN datastore port, used to build `ckan.datastore.read/write_url` see
   # [CKAN datastore settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#datastore-settings)
-  port: 5432
+  port:
+    5432
     # -- CKAN datastore database name, used to build `ckan.datastore.read/write_url` see
   # [CKAN datastore settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#datastore-settings)
   dbname: datastore

From 89d42c4827568715e6bcff02a01b76de25c46cb7 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Fri, 23 Feb 2024 18:17:54 +0100
Subject: [PATCH 16/50] Add implementation for volumes

---
 .../ckan/templates/ckan-statefulset.yml       | 13 ++++++---
 charts/sddi-ckan/charts/ckan/values.yaml      | 28 +++++++++++--------
 2 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
index aa086bd..01a35b8 100755
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
@@ -40,12 +40,16 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
 
+      # GREP
       volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: {{ include "ckan.fullname" . }}
+      {{- if .Values.volumes }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.volumes  "context" $ ) | nindent 8 }}
+      {{- end }}
+
+      {{- if .Values.extraVolumes }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes  "context" $ ) | nindent 8 }}
+      {{- end }}
 
-      # GREP
       initContainers:
       {{- if .Values.initContainers }}
       {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers  "context" $ ) | nindent 8 }}
@@ -59,6 +63,7 @@ spec:
         - name: data
           mountPath: {{ .Values.persistence.storagePath }}
           readOnly: false
+
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 1fe7b8c..821b604 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -44,20 +44,10 @@ initContainers:
     command:
       ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"]
 
+# -- Sets additional `initContainers`. The init containers specified here, are appended after the ones specified in
+# `initContainers.`
 extraInitContainers: []
 
-# initContainersImages:
-#   initdata:
-#     # -- Image used to initialize `persistence.storagePath`.
-#     image:
-#       repository: busybox
-#       tag: latest
-#   pgready:
-#     # -- Image used for testing PostgresSQL database readiness.
-#     image:
-#       repository: bwibo/k8s-init-container
-#       tag: latest
-
 # -- Additional pod annotations
 podAnnotations: {}
 
@@ -358,6 +348,20 @@ persistence:
   annotations:
   # helm.sh/resource-policy: keep
 
+# Volumes ---------------------------------------------------------------------
+# -- Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes).
+# Note: Set to `[]` to disable the default volumes.
+# Set to any list of volume definition to overwrite the default volumes.
+# Use `extraVolumes` to extend the default volumes.
+volumes:
+  - name: data
+    persistentVolumeClaim:
+      claimName: '{{ include "ckan.fullname" . }}'
+
+# -- Sets additional [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes).
+# The volumes specified here, are appended to the ones specified in `volumes.`
+extraVolumes: []
+
 # CKAN database ---------------------------------------------------------------
 db:
   # -- CKAN database host, used to build `sqlalchemy.url` see

From 173855783d88dd300db67e1c544483c688c4b433 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Fri, 23 Feb 2024 18:28:45 +0100
Subject: [PATCH 17/50] Add implementation for volumeMounts

---
 .../charts/ckan/templates/ckan-statefulset.yml     | 10 +++++++---
 charts/sddi-ckan/charts/ckan/values.yaml           | 14 ++++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
index 01a35b8..91ce2d2 100755
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
@@ -60,9 +60,13 @@ spec:
       {{- end }}
 
       volumeMounts:
-        - name: data
-          mountPath: {{ .Values.persistence.storagePath }}
-          readOnly: false
+      {{- if .Values.volumeMounts }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.volumeMounts  "context" $ ) | nindent 8 }}
+      {{- end }}
+
+      {{- if .Values.extraVolumeMounts }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts  "context" $ ) | nindent 8 }}
+      {{- end }}
 
       containers:
         - name: {{ .Chart.Name }}
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 821b604..895d987 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -362,6 +362,20 @@ volumes:
 # The volumes specified here, are appended to the ones specified in `volumes.`
 extraVolumes: []
 
+# VolumeMounts ----------------------------------------------------------------
+# -- Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes).
+# Note: Set to `[]` to disable the default volumeMounts.
+# Set to any list of volumeMount definitions to overwrite the default volumeMounts.
+# Use `extraVolumeMounts` to extend the default volumeMounts.
+volumeMounts:
+  - name: data
+    mountPath: "{{ .Values.persistence.storagePath }}"
+    readOnly: false
+
+# -- Sets additional [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes).
+# The volumeMounts specified here, are appended to the ones specified in `volumeMounts.`
+extraVolumeMounts: []
+
 # CKAN database ---------------------------------------------------------------
 db:
   # -- CKAN database host, used to build `sqlalchemy.url` see

From b3c7d8e71e8c535273b949d59660b60a7c8d2f69 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 00:30:47 +0100
Subject: [PATCH 18/50] cleanup and fixes to volumeMounts and initCont

---
 .../ckan/templates/ckan-statefulset.yml       | 19 ++++------
 charts/sddi-ckan/charts/ckan/values.yaml      | 35 +++++++++++--------
 2 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
index 91ce2d2..e898f70 100755
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-statefulset.yml
@@ -40,7 +40,6 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
 
-      # GREP
       volumes:
       {{- if .Values.volumes }}
       {{- include "common.tplvalues.render" ( dict "value" .Values.volumes  "context" $ ) | nindent 8 }}
@@ -59,15 +58,6 @@ spec:
       {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers  "context" $ ) | nindent 8 }}
       {{- end }}
 
-      volumeMounts:
-      {{- if .Values.volumeMounts }}
-      {{- include "common.tplvalues.render" ( dict "value" .Values.volumeMounts  "context" $ ) | nindent 8 }}
-      {{- end }}
-
-      {{- if .Values.extraVolumeMounts }}
-      {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts  "context" $ ) | nindent 8 }}
-      {{- end }}
-
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -98,8 +88,13 @@ spec:
             {{ end }}
 
           volumeMounts:
-            - name: data
-              mountPath: {{ .Values.persistence.storagePath }}
+          {{- if .Values.volumeMounts }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.volumeMounts  "context" $ ) | nindent 10 }}
+          {{- end }}
+
+          {{- if .Values.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts  "context" $ ) | nindent 10 }}
+          {{- end }}
 
           startupProbe:
             httpGet:
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 895d987..4c3fb53 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -20,9 +20,11 @@ image:
 # -- [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
 imagePullSecrets: []
 
-# -- Sets `initContainers`. Note: Set to `[]` to disable the default init containers or any list
-# of init container definition to overwrite the default init containers. Use `extraInitContainers` to
-# extend the default init containers.
+# initContainers --------------------------------------------------------------
+# -- Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+# Set to `[]` to disable the default initContainers.
+# Set to any list of initContainer definitions to overwrite the default initContainers.
+# Use `extraInitContainers` to extend the default initContainers.
 initContainers:
   - name: pg-ready
     image: bwibo/k8s-init-container:latest
@@ -30,22 +32,25 @@ initContainers:
       - pg_isready
     env:
       - name: PGHOST
-        value: "{{ .Values.global.db.host | default .Values.db.host | quote }}"
+        value: "{{ .Values.global.db.host | default .Values.db.host }}"
       - name: PGPORT
-        value: "{{ .Values.global.db.port | default .Values.db.port | quote }}"
+        value: "{{ .Values.global.db.port | default .Values.db.port }}"
       - name: PGDATABASE
-        value: "{{ .Values.global.db.dbname | default .Values.db.dbname | quote }}"
+        value: "{{ .Values.global.db.dbname | default .Values.db.dbname }}"
       - name: PGUSER
-        value: "{{ .Values.global.db.auth.username | default .Values.db.auth.username | quote }}"
+        value: "{{ .Values.global.db.auth.username | default .Values.db.auth.usernme }}"
       - name: PGPASSWORD
-        value: "{{ .Values.global.db.auth.password | default .Values.db.auth.password | quote }}"
+        value: "{{ .Values.global.db.auth.password | default .Values.db.auth.password }}"
   - name: init-data
     image: busybox:latest
     command:
       ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"]
+    volumeMounts:
+      - name: data
+        mountPath: "{{ .Values.persistence.storagePath }}"
 
-# -- Sets additional `initContainers`. The init containers specified here, are appended after the ones specified in
-# `initContainers.`
+# -- Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+# The initContainers specified here, are appended to the ones specified in `initContainers`.
 extraInitContainers: []
 
 # -- Additional pod annotations
@@ -350,8 +355,8 @@ persistence:
 
 # Volumes ---------------------------------------------------------------------
 # -- Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes).
-# Note: Set to `[]` to disable the default volumes.
-# Set to any list of volume definition to overwrite the default volumes.
+# Set to `[]` to disable the default volumes.
+# Set to any list of volume definitions to overwrite the default volumes.
 # Use `extraVolumes` to extend the default volumes.
 volumes:
   - name: data
@@ -359,12 +364,12 @@ volumes:
       claimName: '{{ include "ckan.fullname" . }}'
 
 # -- Sets additional [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes).
-# The volumes specified here, are appended to the ones specified in `volumes.`
+# The volumes specified here, are appended to the ones specified in `volumes`.
 extraVolumes: []
 
 # VolumeMounts ----------------------------------------------------------------
 # -- Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes).
-# Note: Set to `[]` to disable the default volumeMounts.
+# Set to `[]` to disable the default volumeMounts.
 # Set to any list of volumeMount definitions to overwrite the default volumeMounts.
 # Use `extraVolumeMounts` to extend the default volumeMounts.
 volumeMounts:
@@ -373,7 +378,7 @@ volumeMounts:
     readOnly: false
 
 # -- Sets additional [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes).
-# The volumeMounts specified here, are appended to the ones specified in `volumeMounts.`
+# The volumeMounts specified here, are appended to the ones specified in `volumeMounts`.
 extraVolumeMounts: []
 
 # CKAN database ---------------------------------------------------------------

From 7cd932abf73059196b5dc718fc74627f96932ff1 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 00:41:11 +0100
Subject: [PATCH 19/50] Apply changes to deployment

---
 .../charts/ckan/templates/ckan-depl.yml       | 51 ++++++++-----------
 1 file changed, 20 insertions(+), 31 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml
index 4f73b7e..c403619 100755
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-depl.yml
@@ -42,37 +42,22 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
 
       volumes:
-        - name: data
-          emptyDir: {}
+      {{- if .Values.volumes }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.volumes  "context" $ ) | nindent 8 }}
+      {{- end }}
 
-      initContainers:
-      - name: init-data
-        image: "{{ .Values.initContainers.initdata.image.repository }}:{{ .Values.initContainers.initdata.image.tag }}"
-        command: ["sh", "-c", "chown -Rv 92:92 {{ .Values.persistence.storagePath }}"]
-        # securityContext:
-        #   runAsUser: 0
-        #   runAsGroup: 0
+      {{- if .Values.extraVolumes }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes  "context" $ ) | nindent 8 }}
+      {{- end }}
 
-        volumeMounts:
-        - name: data
-          mountPath: {{ .Values.persistence.storagePath }}
-          readOnly: false
+      initContainers:
+      {{- if .Values.initContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
 
-      - name: pg-ready
-        image: "{{ .Values.initContainers.pgready.image.repository }}:{{ .Values.initContainers.pgready.image.tag }}"
-        command:
-          - pg_isready
-        env:
-          - name: PGHOST
-            value: {{ .Values.global.db.host | default .Values.db.host | quote }}
-          - name: PGPORT
-            value: {{ .Values.global.db.port | default .Values.db.port | quote }}
-          - name: PGDATABASE
-            value: {{ .Values.global.db.dbname | default .Values.db.dbname | quote }}
-          - name: PGUSER
-            value: {{ .Values.global.db.auth.username | default .Values.db.auth.username | quote }}
-          - name: PGPASSWORD
-            value: {{ .Values.global.db.auth.password | default .Values.db.auth.password | quote }}
+      {{- if .Values.extraInitContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
 
       containers:
         - name: {{ .Chart.Name }}
@@ -86,9 +71,13 @@ spec:
               protocol: TCP
 
           volumeMounts:
-          - name: data
-            mountPath: {{ .Values.persistence.storagePath }}
-            readOnly: false
+          {{- if .Values.volumeMounts }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.volumeMounts  "context" $ ) | nindent 10 }}
+          {{- end }}
+
+          {{- if .Values.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts  "context" $ ) | nindent 10 }}
+          {{- end }}
 
           envFrom:
             - configMapRef:

From 54037cfe8a0ca774746052923f7bd5d91cc69c10 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 00:49:11 +0100
Subject: [PATCH 20/50] revert not setting security context

---
 charts/sddi-ckan/charts/solr/values.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/charts/sddi-ckan/charts/solr/values.yaml b/charts/sddi-ckan/charts/solr/values.yaml
index ecf2a46..49766bb 100644
--- a/charts/sddi-ckan/charts/solr/values.yaml
+++ b/charts/sddi-ckan/charts/solr/values.yaml
@@ -33,10 +33,10 @@ serviceAccount:
   name: ""
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
-podSecurityContext: {}
-  # runAsUser: 8983
-  # runAsGroup: 8983
-  # fsGroup: 8983
+podSecurityContext:
+  runAsUser: 8983
+  runAsGroup: 8983
+  fsGroup: 8983
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 securityContext: {}

From 5355b46d345396e7b9d0a70cbadedeeff8c5a527 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 00:55:47 +0100
Subject: [PATCH 21/50] Update changelog

---
 CHANGELOG.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f2f4998..8c8e5b6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,14 @@ Versions are prefixed with `sddi-ckan-` due to usage of
 [chart-releaser-action](https://github.com/helm/chart-releaser-action).
 For releases `< 1.0.0` minor version step indicate breaking changes.
 
+## [sddi-ckan-2.0.1] - 2024-02-24
+
+### Changed
+
+- Revert 313c09c: Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24
+  - This causes the deployment of the chart to fail. For OpenShift users: Please overwrite
+    these settings at deploy time for compatibility.
+
 ## [sddi-ckan-2.0.0] - 2023-11-02
 
 This release updates the sddi-ckan Docker image to `v2.0.0` bringing several security improvements
@@ -346,8 +354,9 @@ is displayed when navigating to the _Datasets_ view of CKAN.
 
 ### Known issues
 
-[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...HEAD
+[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.1...HEAD
 
+[sddi-ckan-2.0.1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...sddi-ckan-2.0.1
 [sddi-ckan-2.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...sddi-ckan-2.0.0
 [sddi-ckan-1.2.2]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.1...sddi-ckan-1.2.2
 [sddi-ckan-1.2.1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.0...sddi-ckan-1.2.1

From 72283bf12663b3aa8cffc51a04ce7aa85a628e5b Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 22:58:55 +0100
Subject: [PATCH 22/50] Update helm-docs revision

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4e8a935..dd3c649 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/norwoodj/helm-docs
-    rev: v1.11.0
+    rev: v1.13.0
     hooks:
       - id: helm-docs
         args:

From b2880824afd1d348a61a961fdc4fc51590e76f1d Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 23:01:25 +0100
Subject: [PATCH 23/50] Update docs

---
 charts/sddi-ckan/README.md                   |  3 +--
 charts/sddi-ckan/charts/certIssuer/README.md |  2 --
 charts/sddi-ckan/charts/ckan/README.md       | 10 ++++++----
 charts/sddi-ckan/charts/datapusher/README.md |  2 --
 charts/sddi-ckan/charts/postgis/README.md    |  2 --
 charts/sddi-ckan/charts/redis/README.md      |  2 --
 charts/sddi-ckan/charts/solr/README.md       |  2 --
 7 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md
index 8afae06..b2bdc4f 100644
--- a/charts/sddi-ckan/README.md
+++ b/charts/sddi-ckan/README.md
@@ -32,6 +32,7 @@ Kubernetes: `>= 1.23.0-0`
 |  | solr | * |
 | https://charts.jetstack.io | cert-manager(cert-manager) | ^1 |
 | https://kubernetes.github.io/ingress-nginx | ingress-nginx(ingress-nginx) | ^4 |
+| oci://registry-1.docker.io/bitnamicharts | common | 2.x.x |
 
 ## Values
 
@@ -74,5 +75,3 @@ Kubernetes: `>= 1.23.0-0`
 | redis.enabled | bool | `true` | Enable/disable Redis instance. Disable, if an external Redis instance is used. |
 | solr.enabled | bool | `true` | Enable/disable Apache Solr instance. Disable, if an external Solr instance is used. |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/sddi-ckan/charts/certIssuer/README.md b/charts/sddi-ckan/charts/certIssuer/README.md
index 84f0b63..9a866b1 100644
--- a/charts/sddi-ckan/charts/certIssuer/README.md
+++ b/charts/sddi-ckan/charts/certIssuer/README.md
@@ -12,5 +12,3 @@ Namespace Issuers for CertManager.
 | enabled | bool | `true` | Enable/disable namespace [Issuers](https://cert-manager.io/docs/concepts/issuer/) for CertManager. |
 | issuerEmail | string | `"example@email.com"` | eMail address for registration with Let's Encrypt account. Note: This is overwritten by `global.ingress.certManager.issuerEmail`, if set. |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index b99be89..266a186 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -69,6 +69,9 @@ A Helm chart for SDDI enabled CKAN.
 | defaultViews | string | `"image_view recline_view text_view geo_view geojson_view wmts_view shp_view"` | [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): **Note**: Make sure the required view plugins are loaded! |
 | enabled | bool | `true` | Enable/disable CKAN |
 | extraEnv | object | `{}` | Extra environment variables. Values need to be quoted. This can be used to overwrite or extend [CKAN settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-configuration-file). See [ckanext-envvars](https://github.com/okfn/ckanext-envvars) for variable naming conventions. |
+| extraInitContainers | list | `[]` | Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). The initContainers specified here, are appended to the ones specified in `initContainers`. |
+| extraVolumeMounts | list | `[]` | Sets additional [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). The volumeMounts specified here, are appended to the ones specified in `volumeMounts`. |
+| extraVolumes | list | `[]` | Sets additional [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). The volumes specified here, are appended to the ones specified in `volumes`. |
 | favicon | string | `"/base/images/ckan.ico"` | Path to CKAN favicon. Custom logos will be located in e.g. `/webassets/`. See `webassets.path` setting. [CKAN config site_id](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-site-logo) |
 | featured.groups | string | `"dataset online-application online-service project software method device geoobject"` | [CKAN featured groups settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-featured-groups) |
 | featured.orgs | string | `"bayerische-vermessungsverwaltung lehrstuhl-fur-geoinformatik bayern-innovativ"` | [CKAN featured orgs settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-featured-orgs) |
@@ -95,8 +98,7 @@ A Helm chart for SDDI enabled CKAN.
 | ingress.stickySessions.sessionCookie.path | string | `"/"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.stickySessions.sessionCookie.secure | string | `"false"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. |
-| initContainers.initdata.image | object | `{"repository":"busybox","tag":"latest"}` | Image used to initialize `persistence.storagePath`. |
-| initContainers.pgready.image | object | `{"repository":"bwibo/k8s-init-container","tag":"latest"}` | Image used for testing PostgresSQL database readiness. |
+| initContainers | list | `[{"command":["pg_isready"],"env":[{"name":"PGHOST","value":"{{ .Values.global.db.host | default .Values.db.host }}"},{"name":"PGPORT","value":"{{ .Values.global.db.port | default .Values.db.port }}"},{"name":"PGDATABASE","value":"{{ .Values.global.db.dbname | default .Values.db.dbname }}"},{"name":"PGUSER","value":"{{ .Values.global.db.auth.username | default .Values.db.auth.usernme }}"},{"name":"PGPASSWORD","value":"{{ .Values.global.db.auth.password | default .Values.db.auth.password }}"}],"image":"bwibo/k8s-init-container:latest","name":"pg-ready"},{"command":["sh","-c","chown -Rv 92:92 {{ .Values.persistence.storagePath }}"],"image":"busybox:latest","name":"init-data","volumeMounts":[{"mountPath":"{{ .Values.persistence.storagePath }}","name":"data"}]}]` | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. |
 | licensesGroupUrl | string | `"https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"` | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. |
 | liveness.failureThreshold | int | `6` | Failure threshold for the liveness probe |
 | liveness.initialDelaySeconds | int | `20` | Initial delay for the liveness probe |
@@ -173,7 +175,7 @@ A Helm chart for SDDI enabled CKAN.
 | sysadmin.password | string | `"changeMe"` | CKAN admin password: Note: Min. password length = 8 chars! |
 | sysadmin.user | string | `"admin"` | CKAN admin username |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
+| volumeMounts | list | `[{"mountPath":"{{ .Values.persistence.storagePath }}","name":"data","readOnly":false}]` | Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumeMounts. Set to any list of volumeMount definitions to overwrite the default volumeMounts. Use `extraVolumeMounts` to extend the default volumeMounts. |
+| volumes | list | `[{"name":"data","persistentVolumeClaim":{"claimName":"{{ include \"ckan.fullname\" . }}"}}]` | Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumes. Set to any list of volume definitions to overwrite the default volumes. Use `extraVolumes` to extend the default volumes. |
 | webassets.path | string | `nil` | Webassets storage path, see [CKAN webassets settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#webassets-settings) This should point to the location of webassets in the CKAN image. The path may vary depending on the CKAN Docker image used. |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/sddi-ckan/charts/datapusher/README.md b/charts/sddi-ckan/charts/datapusher/README.md
index 800209f..dacaa0d 100644
--- a/charts/sddi-ckan/charts/datapusher/README.md
+++ b/charts/sddi-ckan/charts/datapusher/README.md
@@ -65,5 +65,3 @@ A Helm chart for CKAN Datapusher.
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/sddi-ckan/charts/postgis/README.md b/charts/sddi-ckan/charts/postgis/README.md
index e3ecfcb..f8e6266 100644
--- a/charts/sddi-ckan/charts/postgis/README.md
+++ b/charts/sddi-ckan/charts/postgis/README.md
@@ -66,5 +66,3 @@ A Helm chart for sa simple PostGIS database pre-configured for CKAN.
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/sddi-ckan/charts/redis/README.md b/charts/sddi-ckan/charts/redis/README.md
index 9002e4c..f0f4c07 100644
--- a/charts/sddi-ckan/charts/redis/README.md
+++ b/charts/sddi-ckan/charts/redis/README.md
@@ -55,5 +55,3 @@ A Helm chart for basic Redis for use with CKAN.
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/sddi-ckan/charts/solr/README.md b/charts/sddi-ckan/charts/solr/README.md
index 88cf639..99aad44 100644
--- a/charts/sddi-ckan/charts/solr/README.md
+++ b/charts/sddi-ckan/charts/solr/README.md
@@ -48,5 +48,3 @@ A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

From 715c784df961b4c184e1ab0c6cdd7281b2267703 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 23:07:04 +0100
Subject: [PATCH 24/50] improve docs readability

---
 charts/sddi-ckan/charts/ckan/README.md   | 6 +++---
 charts/sddi-ckan/charts/ckan/values.yaml | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 266a186..2cecd1a 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -98,7 +98,7 @@ A Helm chart for SDDI enabled CKAN.
 | ingress.stickySessions.sessionCookie.path | string | `"/"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.stickySessions.sessionCookie.secure | string | `"false"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. |
-| initContainers | list | `[{"command":["pg_isready"],"env":[{"name":"PGHOST","value":"{{ .Values.global.db.host | default .Values.db.host }}"},{"name":"PGPORT","value":"{{ .Values.global.db.port | default .Values.db.port }}"},{"name":"PGDATABASE","value":"{{ .Values.global.db.dbname | default .Values.db.dbname }}"},{"name":"PGUSER","value":"{{ .Values.global.db.auth.username | default .Values.db.auth.usernme }}"},{"name":"PGPASSWORD","value":"{{ .Values.global.db.auth.password | default .Values.db.auth.password }}"}],"image":"bwibo/k8s-init-container:latest","name":"pg-ready"},{"command":["sh","-c","chown -Rv 92:92 {{ .Values.persistence.storagePath }}"],"image":"busybox:latest","name":"init-data","volumeMounts":[{"mountPath":"{{ .Values.persistence.storagePath }}","name":"data"}]}]` | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. |
+| initContainers | list | See `values.yml` for the list of default initContainers. | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. |
 | licensesGroupUrl | string | `"https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"` | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. |
 | liveness.failureThreshold | int | `6` | Failure threshold for the liveness probe |
 | liveness.initialDelaySeconds | int | `20` | Initial delay for the liveness probe |
@@ -175,7 +175,7 @@ A Helm chart for SDDI enabled CKAN.
 | sysadmin.password | string | `"changeMe"` | CKAN admin password: Note: Min. password length = 8 chars! |
 | sysadmin.user | string | `"admin"` | CKAN admin username |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
-| volumeMounts | list | `[{"mountPath":"{{ .Values.persistence.storagePath }}","name":"data","readOnly":false}]` | Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumeMounts. Set to any list of volumeMount definitions to overwrite the default volumeMounts. Use `extraVolumeMounts` to extend the default volumeMounts. |
-| volumes | list | `[{"name":"data","persistentVolumeClaim":{"claimName":"{{ include \"ckan.fullname\" . }}"}}]` | Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumes. Set to any list of volume definitions to overwrite the default volumes. Use `extraVolumes` to extend the default volumes. |
+| volumeMounts | list | See `values.yml` for the list of default volumeMounts. | Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumeMounts. Set to any list of volumeMount definitions to overwrite the default volumeMounts. Use `extraVolumeMounts` to extend the default volumeMounts. |
+| volumes | list | See `values.yml` for the list of default volumes. | Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumes. Set to any list of volume definitions to overwrite the default volumes. Use `extraVolumes` to extend the default volumes. |
 | webassets.path | string | `nil` | Webassets storage path, see [CKAN webassets settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#webassets-settings) This should point to the location of webassets in the CKAN image. The path may vary depending on the CKAN Docker image used. |
 
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 4c3fb53..69ba305 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -25,6 +25,7 @@ imagePullSecrets: []
 # Set to `[]` to disable the default initContainers.
 # Set to any list of initContainer definitions to overwrite the default initContainers.
 # Use `extraInitContainers` to extend the default initContainers.
+# @default -- See `values.yml` for the list of default initContainers.
 initContainers:
   - name: pg-ready
     image: bwibo/k8s-init-container:latest
@@ -358,6 +359,7 @@ persistence:
 # Set to `[]` to disable the default volumes.
 # Set to any list of volume definitions to overwrite the default volumes.
 # Use `extraVolumes` to extend the default volumes.
+# @default -- See `values.yml` for the list of default volumes.
 volumes:
   - name: data
     persistentVolumeClaim:
@@ -372,6 +374,7 @@ extraVolumes: []
 # Set to `[]` to disable the default volumeMounts.
 # Set to any list of volumeMount definitions to overwrite the default volumeMounts.
 # Use `extraVolumeMounts` to extend the default volumeMounts.
+# @default -- See `values.yml` for the list of default volumeMounts.
 volumeMounts:
   - name: data
     mountPath: "{{ .Values.persistence.storagePath }}"

From d176c29a589a94ac0344ac8b4761d10c64591b2a Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 23:09:54 +0100
Subject: [PATCH 25/50] more readability improvements

---
 charts/sddi-ckan/charts/ckan/README.md   | 6 +++---
 charts/sddi-ckan/charts/ckan/values.yaml | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 2cecd1a..3cb4f3f 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -66,7 +66,7 @@ A Helm chart for SDDI enabled CKAN.
 | db.dbname | string | `"ckan_default"` | CKAN database database name, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) |
 | db.host | string | `"postgis"` | CKAN database host, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) |
 | db.port | int | `5432` | CKAN database port, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) |
-| defaultViews | string | `"image_view recline_view text_view geo_view geojson_view wmts_view shp_view"` | [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): **Note**: Make sure the required view plugins are loaded! |
+| defaultViews | string | See `values.yml` for the default values. | [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): **Note**: Make sure the required view plugins are loaded! |
 | enabled | bool | `true` | Enable/disable CKAN |
 | extraEnv | object | `{}` | Extra environment variables. Values need to be quoted. This can be used to overwrite or extend [CKAN settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-configuration-file). See [ckanext-envvars](https://github.com/okfn/ckanext-envvars) for variable naming conventions. |
 | extraInitContainers | list | `[]` | Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). The initContainers specified here, are appended to the ones specified in `initContainers`. |
@@ -99,7 +99,7 @@ A Helm chart for SDDI enabled CKAN.
 | ingress.stickySessions.sessionCookie.secure | string | `"false"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. |
 | initContainers | list | See `values.yml` for the list of default initContainers. | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. |
-| licensesGroupUrl | string | `"https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"` | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. |
+| licensesGroupUrl | string | See `values.yml` for the default values. | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. |
 | liveness.failureThreshold | int | `6` | Failure threshold for the liveness probe |
 | liveness.initialDelaySeconds | int | `20` | Initial delay for the liveness probe |
 | liveness.periodSeconds | int | `10` | Check interval for the liveness probe |
@@ -107,7 +107,7 @@ A Helm chart for SDDI enabled CKAN.
 | locale.default | string | `"de"` | CKAN default locale, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
 | locale.filtered_out | string | `"en_GB"` | CKAN locales filtered out, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
 | locale.offered | string | `"de en"` | CKAN locales offered, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
-| locale.order | string | `"de en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv"` | CKAN locale order, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
+| locale.order | string | See `values.yml` for the default value. | CKAN locale order, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
 | maxUploadSizeMB | int | `250` | Max file upload size in MB. Note: This setting is mapped to the `nginx.ingress.kubernetes.io/proxy-body-size: "600m"` and `nginx.org/client-max-body-size: "600m"` CKAN Ingress annotations too. |
 | nameOverride | string | `""` | Override name |
 | nodeSelector | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 69ba305..222cd33 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -193,9 +193,11 @@ favicon: /base/images/ckan.ico
 maxUploadSizeMB: 250
 # -- [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url):
 # A URL pointing to a JSON file containing a list of license objects.
+# @default -- See `values.yml` for the default values.
 licensesGroupUrl: "https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"
 # -- [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views):
 # **Note**: Make sure the required view plugins are loaded!
+# @default -- See `values.yml` for the default values.
 defaultViews: "image_view recline_view text_view geo_view geojson_view wmts_view shp_view"
 preview:
   # -- [CKAN config TextView](https://docs.ckan.org/en/latest/maintaining/configuration.html#text-view-settings):
@@ -312,6 +314,7 @@ locale:
   default: de
   # -- CKAN locale order, see
   # [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings)
+  # @default -- See `values.yml` for the default value.
   order: de en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv
   # -- CKAN locales offered, see
   # [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings)

From 436041bb78c3e3c7f6f8df23f4e0594b0b5998d7 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 23:11:51 +0100
Subject: [PATCH 26/50] more readability improvements

---
 charts/sddi-ckan/charts/ckan/README.md   | 2 +-
 charts/sddi-ckan/charts/ckan/values.yaml | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 3cb4f3f..750b80f 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -82,7 +82,7 @@ A Helm chart for SDDI enabled CKAN.
 | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. |
 | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) |
 | ingress.annotations | string | `nil` | Additional Ingress annotations |
-| ingress.certManager | object | `{"issuerEmail":"me@example.com","issuerName":"letsencrypt-staging","issuerType":"namespace"}` | Additional Ingress annotation for e.g. CORS, timeouts, SSL settings. See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md) for more. |
+| ingress.certManager | object | See `values.yml` for the default values. | Additional Ingress annotation for e.g. CORS, timeouts, SSL settings. See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md) for more. |
 | ingress.certManager.issuerEmail | string | `"me@example.com"` | eMail address for ACME registration with Let's Encrypt. Only used for issuerType = namespace. |
 | ingress.certManager.issuerName | string | `"letsencrypt-staging"` | Name of the Issuer to use. For certManager.type = namespace `letsencrypt-staging`, `letsencrypt-prod` and `self-signed` are available. |
 | ingress.certManager.issuerType | string | `"namespace"` | Type of [cert-manager](https://cert-manager.io/docs/) Issuer: Use either "namespace" or "cluster". |
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 222cd33..3b02100 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -122,6 +122,7 @@ ingress:
   # -- Additional Ingress annotation for e.g. CORS, timeouts, SSL settings.
   # See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md)
   # for more.
+  # @default -- See `values.yml` for the default values.
   certManager:
     # -- eMail address for ACME registration with Let's Encrypt. Only used for issuerType = namespace.
     issuerEmail: me@example.com

From 4570519eede5340e910e5cda1231496d0cb3c504 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Sat, 24 Feb 2024 23:15:40 +0100
Subject: [PATCH 27/50] link to values.yml

---
 charts/sddi-ckan/charts/ckan/README.md   | 12 ++++++------
 charts/sddi-ckan/charts/ckan/values.yaml | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 750b80f..17bf980 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -66,7 +66,7 @@ A Helm chart for SDDI enabled CKAN.
 | db.dbname | string | `"ckan_default"` | CKAN database database name, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) |
 | db.host | string | `"postgis"` | CKAN database host, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) |
 | db.port | int | `5432` | CKAN database port, used to build `sqlalchemy.url` see [CKAN database settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#database-settings) |
-| defaultViews | string | See `values.yml` for the default values. | [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): **Note**: Make sure the required view plugins are loaded! |
+| defaultViews | string | See [`values.yml`](values.yml) for the default values. | [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views): **Note**: Make sure the required view plugins are loaded! |
 | enabled | bool | `true` | Enable/disable CKAN |
 | extraEnv | object | `{}` | Extra environment variables. Values need to be quoted. This can be used to overwrite or extend [CKAN settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-configuration-file). See [ckanext-envvars](https://github.com/okfn/ckanext-envvars) for variable naming conventions. |
 | extraInitContainers | list | `[]` | Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). The initContainers specified here, are appended to the ones specified in `initContainers`. |
@@ -82,7 +82,7 @@ A Helm chart for SDDI enabled CKAN.
 | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. |
 | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) |
 | ingress.annotations | string | `nil` | Additional Ingress annotations |
-| ingress.certManager | object | See `values.yml` for the default values. | Additional Ingress annotation for e.g. CORS, timeouts, SSL settings. See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md) for more. |
+| ingress.certManager | object | See [`values.yml`](values.yml) for the default values. | Additional Ingress annotation for e.g. CORS, timeouts, SSL settings. See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md) for more. |
 | ingress.certManager.issuerEmail | string | `"me@example.com"` | eMail address for ACME registration with Let's Encrypt. Only used for issuerType = namespace. |
 | ingress.certManager.issuerName | string | `"letsencrypt-staging"` | Name of the Issuer to use. For certManager.type = namespace `letsencrypt-staging`, `letsencrypt-prod` and `self-signed` are available. |
 | ingress.certManager.issuerType | string | `"namespace"` | Type of [cert-manager](https://cert-manager.io/docs/) Issuer: Use either "namespace" or "cluster". |
@@ -99,7 +99,7 @@ A Helm chart for SDDI enabled CKAN.
 | ingress.stickySessions.sessionCookie.secure | string | `"false"` | [Nginx Ingress Controller Sticky sessions](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/) |
 | ingress.tls.secretName | string | `nil` | Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`. |
 | initContainers | list | See `values.yml` for the list of default initContainers. | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. |
-| licensesGroupUrl | string | See `values.yml` for the default values. | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. |
+| licensesGroupUrl | string | See [`values.yml`](values.yml) for the default values. | [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url): A URL pointing to a JSON file containing a list of license objects. |
 | liveness.failureThreshold | int | `6` | Failure threshold for the liveness probe |
 | liveness.initialDelaySeconds | int | `20` | Initial delay for the liveness probe |
 | liveness.periodSeconds | int | `10` | Check interval for the liveness probe |
@@ -107,7 +107,7 @@ A Helm chart for SDDI enabled CKAN.
 | locale.default | string | `"de"` | CKAN default locale, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
 | locale.filtered_out | string | `"en_GB"` | CKAN locales filtered out, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
 | locale.offered | string | `"de en"` | CKAN locales offered, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
-| locale.order | string | See `values.yml` for the default value. | CKAN locale order, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
+| locale.order | string | See [`values.yml`](values.yml) for the default values. | CKAN locale order, see [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings) |
 | maxUploadSizeMB | int | `250` | Max file upload size in MB. Note: This setting is mapped to the `nginx.ingress.kubernetes.io/proxy-body-size: "600m"` and `nginx.org/client-max-body-size: "600m"` CKAN Ingress annotations too. |
 | nameOverride | string | `""` | Override name |
 | nodeSelector | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
@@ -175,7 +175,7 @@ A Helm chart for SDDI enabled CKAN.
 | sysadmin.password | string | `"changeMe"` | CKAN admin password: Note: Min. password length = 8 chars! |
 | sysadmin.user | string | `"admin"` | CKAN admin username |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
-| volumeMounts | list | See `values.yml` for the list of default volumeMounts. | Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumeMounts. Set to any list of volumeMount definitions to overwrite the default volumeMounts. Use `extraVolumeMounts` to extend the default volumeMounts. |
-| volumes | list | See `values.yml` for the list of default volumes. | Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumes. Set to any list of volume definitions to overwrite the default volumes. Use `extraVolumes` to extend the default volumes. |
+| volumeMounts | list | See [`values.yml`](values.yml) for the list of default volumeMounts. | Sets [`volumeMounts`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumeMounts. Set to any list of volumeMount definitions to overwrite the default volumeMounts. Use `extraVolumeMounts` to extend the default volumeMounts. |
+| volumes | list | See [`values.yml`](values.yml) for the list of default volumes. | Sets [`volumes`](https://kubernetes.io/docs/concepts/storage/volumes). Set to `[]` to disable the default volumes. Set to any list of volume definitions to overwrite the default volumes. Use `extraVolumes` to extend the default volumes. |
 | webassets.path | string | `nil` | Webassets storage path, see [CKAN webassets settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#webassets-settings) This should point to the location of webassets in the CKAN image. The path may vary depending on the CKAN Docker image used. |
 
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index 3b02100..251e622 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -122,7 +122,7 @@ ingress:
   # -- Additional Ingress annotation for e.g. CORS, timeouts, SSL settings.
   # See [nginx-ingress annotations docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md)
   # for more.
-  # @default -- See `values.yml` for the default values.
+  # @default -- See [`values.yml`](values.yml) for the default values.
   certManager:
     # -- eMail address for ACME registration with Let's Encrypt. Only used for issuerType = namespace.
     issuerEmail: me@example.com
@@ -194,11 +194,11 @@ favicon: /base/images/ckan.ico
 maxUploadSizeMB: 250
 # -- [CKAN licences group url](https://docs.ckan.org/en/latest/maintaining/configuration.html#licenses-group-url):
 # A URL pointing to a JSON file containing a list of license objects.
-# @default -- See `values.yml` for the default values.
+# @default -- See [`values.yml`](values.yml) for the default values.
 licensesGroupUrl: "https://raw.githubusercontent.com/tum-gis/ckanext-grouphierarchy-sddi/main/ckanext/grouphierarchy/licenses_SDDI.json"
 # -- [CKAN config dafault_views](https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-views-default-views):
 # **Note**: Make sure the required view plugins are loaded!
-# @default -- See `values.yml` for the default values.
+# @default -- See [`values.yml`](values.yml) for the default values.
 defaultViews: "image_view recline_view text_view geo_view geojson_view wmts_view shp_view"
 preview:
   # -- [CKAN config TextView](https://docs.ckan.org/en/latest/maintaining/configuration.html#text-view-settings):
@@ -315,7 +315,7 @@ locale:
   default: de
   # -- CKAN locale order, see
   # [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings)
-  # @default -- See `values.yml` for the default value.
+  # @default -- See [`values.yml`](values.yml) for the default values.
   order: de en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv
   # -- CKAN locales offered, see
   # [CKAN internationalization settings](https://docs.ckan.org/en/latest/maintaining/configuration.html#internationalisation-settings)
@@ -363,7 +363,7 @@ persistence:
 # Set to `[]` to disable the default volumes.
 # Set to any list of volume definitions to overwrite the default volumes.
 # Use `extraVolumes` to extend the default volumes.
-# @default -- See `values.yml` for the list of default volumes.
+# @default -- See [`values.yml`](values.yml) for the list of default volumes.
 volumes:
   - name: data
     persistentVolumeClaim:
@@ -378,7 +378,7 @@ extraVolumes: []
 # Set to `[]` to disable the default volumeMounts.
 # Set to any list of volumeMount definitions to overwrite the default volumeMounts.
 # Use `extraVolumeMounts` to extend the default volumeMounts.
-# @default -- See `values.yml` for the list of default volumeMounts.
+# @default -- See [`values.yml`](values.yml) for the list of default volumeMounts.
 volumeMounts:
   - name: data
     mountPath: "{{ .Values.persistence.storagePath }}"

From 9a74a5080bc263e3ad55599fc3bd32d5eea96f45 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Mon, 26 Feb 2024 22:30:37 +0100
Subject: [PATCH 28/50] set vol permissions using InitContainer not
 podSecurityContext

---
 charts/sddi-ckan/charts/solr/Chart.yaml       |  2 +-
 charts/sddi-ckan/charts/solr/README.md        |  6 ++---
 .../solr/templates/solr-statefulset.yml       | 22 +++++++----------
 charts/sddi-ckan/charts/solr/values.yaml      | 24 +++++++++++++++----
 4 files changed, 33 insertions(+), 21 deletions(-)

diff --git a/charts/sddi-ckan/charts/solr/Chart.yaml b/charts/sddi-ckan/charts/solr/Chart.yaml
index 07eae2d..facc7e0 100644
--- a/charts/sddi-ckan/charts/solr/Chart.yaml
+++ b/charts/sddi-ckan/charts/solr/Chart.yaml
@@ -8,7 +8,7 @@ sources:
   - https://github.com/ckan/ckan-solr
   - https://github.com/ckan/ckanext-spatial
 
-version: 0.3.2
+version: 0.4.0
 appVersion: "2.9-solr8-spatial"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/solr/README.md b/charts/sddi-ckan/charts/solr/README.md
index 88cf639..0d5156f 100644
--- a/charts/sddi-ckan/charts/solr/README.md
+++ b/charts/sddi-ckan/charts/solr/README.md
@@ -1,6 +1,6 @@
 # solr
 
-![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square)
+![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square)
 
 A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 
@@ -25,11 +25,13 @@ A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 | affinity | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
 | component | string | `"index"` | Role of Solr in this chart |
 | enabled | bool | `true` | Enable/disable Solr |
+| extraInitContainers | list | `[]` | Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). The initContainers specified here, are appended to the ones specified in `initContainers`. |
 | fullnameOverride | string | `"solr"` | Override fullname |
 | image.pullPolicy | string | `"IfNotPresent"` | [Image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) |
 | image.repository | string | `"ckan/ckan-solr"` | [Image repository](https://kubernetes.io/docs/concepts/containers/images/) |
 | image.tag | string | `""` | Overrides the image tag whose default is the chart `appVersion`. |
 | imagePullSecrets | list | `[]` | [Image pull secrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) |
+| initContainers | list | See `values.yml` for the list of default initContainers. | Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). Set to `[]` to disable the default initContainers. Set to any list of initContainer definitions to overwrite the default initContainers. Use `extraInitContainers` to extend the default initContainers. |
 | loadBalancer.enabled | bool | `false` | Enable/disable a LoadBalancer service for external Database access |
 | nameOverride | string | `""` | Override name |
 | nodeSelector | object | `{}` | [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) |
@@ -48,5 +50,3 @@ A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | [k8S: Taints and tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml b/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml
index bd95050..7269d5e 100644
--- a/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml
+++ b/charts/sddi-ckan/charts/solr/templates/solr-statefulset.yml
@@ -37,6 +37,15 @@ spec:
           persistentVolumeClaim:
             claimName: {{ include "solr.fullname" . }}
 
+      initContainers:
+      {{- if .Values.initContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
+
+      {{- if .Values.extraInitContainers }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.extraInitContainers  "context" $ ) | nindent 8 }}
+      {{- end }}
+
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -52,19 +61,6 @@ spec:
             - name: data
               mountPath: /var/solr/data
 
-          # livenessProbe:
-          #   periodSeconds: 10
-          #   timeoutSeconds: 2
-          #   exec:
-          #     command: [ sh, -c, "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB" ]
-
-          # readinessProbe:
-          #   initialDelaySeconds: 15
-          #   periodSeconds: 10
-          #   timeoutSeconds: 2
-          #   exec:
-          #     command: [ sh, -c, "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB" ]
-
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
diff --git a/charts/sddi-ckan/charts/solr/values.yaml b/charts/sddi-ckan/charts/solr/values.yaml
index 49766bb..6661e4a 100644
--- a/charts/sddi-ckan/charts/solr/values.yaml
+++ b/charts/sddi-ckan/charts/solr/values.yaml
@@ -33,10 +33,7 @@ serviceAccount:
   name: ""
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
-podSecurityContext:
-  runAsUser: 8983
-  runAsGroup: 8983
-  fsGroup: 8983
+podSecurityContext: {}
 
 # -- [k8s: Security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
 securityContext: {}
@@ -70,6 +67,25 @@ persistence:
   annotations:
   # helm.sh/resource-policy: keep
 
+# initContainers --------------------------------------------------------------
+# -- Sets [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+# Set to `[]` to disable the default initContainers.
+# Set to any list of initContainer definitions to overwrite the default initContainers.
+# Use `extraInitContainers` to extend the default initContainers.
+# @default -- See `values.yml` for the list of default initContainers.
+initContainers:
+  - name: init-data
+    image: busybox:latest
+    command:
+      ["sh", "-c", "chown -Rv 8983:8983 /var/solr/data"]
+    volumeMounts:
+      - name: data
+        mountPath: "/var/solr/data"
+
+# -- Sets additional [`initContainers`](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+# The initContainers specified here, are appended to the ones specified in `initContainers`.
+extraInitContainers: []
+
 # -- [k8s: Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
 resources: {}
 # -- [k8s: Assign pods to nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)

From a591a05c60dba0f07839a5a86811dda9181c872d Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Mon, 26 Feb 2024 22:40:33 +0100
Subject: [PATCH 29/50] Update changelog

---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f2f4998..a4d4374 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,16 @@ Versions are prefixed with `sddi-ckan-` due to usage of
 [chart-releaser-action](https://github.com/helm/chart-releaser-action).
 For releases `< 1.0.0` minor version step indicate breaking changes.
 
+## [sddi-ckan-3.0.0-beta1] - 2024-02-24
+
+## Added
+
+- Allow setting `initContainers`, `extraInitContainers`, `volumes`, `extraVolumes` tum-gis/sddi-ckan-k8s#32
+
+### Changed
+
+- Revert 313c09c: Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24, tum-gis/sddi-ckan-k8s#33
+
 ## [sddi-ckan-2.0.0] - 2023-11-02
 
 This release updates the sddi-ckan Docker image to `v2.0.0` bringing several security improvements
@@ -348,6 +358,7 @@ is displayed when navigating to the _Datasets_ view of CKAN.
 
 [Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...HEAD
 
+[sddi-ckan-3.0.0-beta1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...sddi-ckan-3.0.0-beta1
 [sddi-ckan-2.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...sddi-ckan-2.0.0
 [sddi-ckan-1.2.2]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.1...sddi-ckan-1.2.2
 [sddi-ckan-1.2.1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.0...sddi-ckan-1.2.1

From c4b9ce134ebeb7617037e3662296ea24b1cf2940 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Mon, 26 Feb 2024 22:41:10 +0100
Subject: [PATCH 30/50] minor fix to helm docs generation

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2a81389..272a360 100644
--- a/README.md
+++ b/README.md
@@ -190,7 +190,7 @@ the repo root.
 
 ```shell
 docker run --rm -u $(id -u) --name helm-docs \
-    --volume "$PWD/sddi-ckan/charts:/helm-docs" \
+    --volume "$PWD/charts/sddi-ckan:/helm-docs" \
   jnorwood/helm-docs:latest
 ```
 

From a40b16d86d63d4bc42105c2fe9edfca1e57993ee Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:09:03 +0100
Subject: [PATCH 31/50] Upgrade to solr9

---
 CHANGELOG.md                            | 6 ++++++
 charts/sddi-ckan/charts/solr/Chart.yaml | 4 ++--
 charts/sddi-ckan/charts/solr/README.md  | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e0a6bec..04b0c68 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,12 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 ### Changed
 
 - Revert 313c09c: Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24, tum-gis/sddi-ckan-k8s#33
+- Upgrade Solr 8 -> Solr 9: **Warning**: The upgrade from 8.x to Solr 9.x introduces several major changes that you should be
+  aware of before upgrading. Make sure to thoroughly go though the
+  [docs for upgrading Solr](https://solr.apache.org/guide/solr/latest/upgrade-notes/solr-upgrade-notes.html#upgrading-to-9-x-from-8-x-releases)
+  for possible breaking changes or necessary manual migration steps.
+  - [Major changes in Solr9](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html)
+  - [Reindex aufter upgrade](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#reindexing-after-upgrade)
 
 ## [sddi-ckan-2.0.0] - 2023-11-02
 
diff --git a/charts/sddi-ckan/charts/solr/Chart.yaml b/charts/sddi-ckan/charts/solr/Chart.yaml
index facc7e0..864d6d8 100644
--- a/charts/sddi-ckan/charts/solr/Chart.yaml
+++ b/charts/sddi-ckan/charts/solr/Chart.yaml
@@ -8,8 +8,8 @@ sources:
   - https://github.com/ckan/ckan-solr
   - https://github.com/ckan/ckanext-spatial
 
-version: 0.4.0
-appVersion: "2.9-solr8-spatial"
+version: 0.5.0
+appVersion: "2.9-solr9-spatial"
 
 maintainers:
   - email: b.willenborg@tum.de
diff --git a/charts/sddi-ckan/charts/solr/README.md b/charts/sddi-ckan/charts/solr/README.md
index 0d5156f..db0dbc3 100644
--- a/charts/sddi-ckan/charts/solr/README.md
+++ b/charts/sddi-ckan/charts/solr/README.md
@@ -1,6 +1,6 @@
 # solr
 
-![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![AppVersion: 2.9-solr8-spatial](https://img.shields.io/badge/AppVersion-2.9--solr8--spatial-informational?style=flat-square)
+![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: 2.9-solr9-spatial](https://img.shields.io/badge/AppVersion-2.9--solr9--spatial-informational?style=flat-square)
 
 A Helm chart for Solr pre-configured for CKAN  and ckanext-spatial.
 

From 72dea74d23d8456c9d4c940ee16d670226ddd1b9 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:09:39 +0100
Subject: [PATCH 32/50] Release 3.0.0-beta1

---
 charts/sddi-ckan/Chart.yaml             | 2 +-
 charts/sddi-ckan/README.md              | 2 +-
 charts/sddi-ckan/charts/ckan/Chart.yaml | 2 +-
 charts/sddi-ckan/charts/ckan/README.md  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml
index 07492ef..b611b3e 100644
--- a/charts/sddi-ckan/Chart.yaml
+++ b/charts/sddi-ckan/Chart.yaml
@@ -10,7 +10,7 @@ sources:
   - https://www.asg.ed.tum.de/en/gis/projects/smart-district-data-infrastructure
   - https://github.com/tum-gis/ckan-docker
 
-version: 2.0.0
+version: 3.0.0-beta1
 appVersion: "2.0.0"
 kubeVersion: ">= 1.23.0-0"
 
diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md
index b2bdc4f..3ceeaed 100644
--- a/charts/sddi-ckan/README.md
+++ b/charts/sddi-ckan/README.md
@@ -1,6 +1,6 @@
 # sddi-ckan
 
-![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
+![Version: 3.0.0-beta1](https://img.shields.io/badge/Version-3.0.0--beta1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 Helm Chart for a SDDI enabled CKAN catalog. See [CHANGELOG](https://github.com/tum-gis/sddi-ckan-k8s/blob/main/CHANGELOG.md) for changes.
 
diff --git a/charts/sddi-ckan/charts/ckan/Chart.yaml b/charts/sddi-ckan/charts/ckan/Chart.yaml
index e32dcb2..01c12fe 100644
--- a/charts/sddi-ckan/charts/ckan/Chart.yaml
+++ b/charts/sddi-ckan/charts/ckan/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://github.com/tum-gis/ckan-docker
   - https://github.com/keitaroinc/docker-ckan
 
-version: 2.0.0
+version: 3.0.0
 appVersion: "2.0.0"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 17bf980..0c9eca9 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -1,6 +1,6 @@
 # ckan
 
-![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
+![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 A Helm chart for SDDI enabled CKAN.
 

From a9d8d2d7d6676da6e67127f096562f56972eedab Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:14:58 +0100
Subject: [PATCH 33/50] Upgrade Redis

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 04b0c68..28b8ba9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
   for possible breaking changes or necessary manual migration steps.
   - [Major changes in Solr9](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html)
   - [Reindex aufter upgrade](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#reindexing-after-upgrade)
+- Upgrade Redis `7.0.8` -> `7.2.4`
 
 ## [sddi-ckan-2.0.0] - 2023-11-02
 

From 670a3b077c6896b2c3685394f366fc9ece9bb73d Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:15:37 +0100
Subject: [PATCH 34/50] Upgrade Redis

---
 charts/sddi-ckan/charts/redis/Chart.yaml | 4 ++--
 charts/sddi-ckan/charts/redis/README.md  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/sddi-ckan/charts/redis/Chart.yaml b/charts/sddi-ckan/charts/redis/Chart.yaml
index 5026475..157dcb8 100644
--- a/charts/sddi-ckan/charts/redis/Chart.yaml
+++ b/charts/sddi-ckan/charts/redis/Chart.yaml
@@ -9,8 +9,8 @@ sources:
   - https://hub.docker.com/_/redis
 
 
-version: 0.2.1
-appVersion: "7.0.8-alpine"
+version: 0.3.0
+appVersion: "7.2.4-alpine"
 
 maintainers:
   - email: b.willenborg@tum.de
diff --git a/charts/sddi-ckan/charts/redis/README.md b/charts/sddi-ckan/charts/redis/README.md
index f0f4c07..5f38c49 100644
--- a/charts/sddi-ckan/charts/redis/README.md
+++ b/charts/sddi-ckan/charts/redis/README.md
@@ -1,6 +1,6 @@
 # redis
 
-![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.0.8-alpine](https://img.shields.io/badge/AppVersion-7.0.8--alpine-informational?style=flat-square)
+![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.2.4-alpine](https://img.shields.io/badge/AppVersion-7.2.4--alpine-informational?style=flat-square)
 
 A Helm chart for basic Redis for use with CKAN.
 

From bdf330568c0653f27b47d6e7a90a96842619b30c Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:30:24 +0100
Subject: [PATCH 35/50] Fix ckan pathType warning

---
 charts/sddi-ckan/charts/ckan/Chart.yaml                 | 2 +-
 charts/sddi-ckan/charts/ckan/README.md                  | 2 +-
 charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/Chart.yaml b/charts/sddi-ckan/charts/ckan/Chart.yaml
index 01c12fe..2e3b466 100644
--- a/charts/sddi-ckan/charts/ckan/Chart.yaml
+++ b/charts/sddi-ckan/charts/ckan/Chart.yaml
@@ -9,7 +9,7 @@ sources:
   - https://github.com/tum-gis/ckan-docker
   - https://github.com/keitaroinc/docker-ckan
 
-version: 3.0.0
+version: 3.0.1
 appVersion: "2.0.0"
 
 maintainers:
diff --git a/charts/sddi-ckan/charts/ckan/README.md b/charts/sddi-ckan/charts/ckan/README.md
index 0c9eca9..b515214 100644
--- a/charts/sddi-ckan/charts/ckan/README.md
+++ b/charts/sddi-ckan/charts/ckan/README.md
@@ -1,6 +1,6 @@
 # ckan
 
-![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
+![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 A Helm chart for SDDI enabled CKAN.
 
diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
index acc577b..7a7f92d 100644
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
@@ -57,7 +57,7 @@ spec:
     http:
       paths:
       - path: /(.*)
-        pathType: Prefix
+        pathType: ImplementationSpecific
         backend:
           service:
             name: {{ $fullName }}

From c985e01d7a3760acc9ba3fe70dcf55d8ff0b8657 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:31:05 +0100
Subject: [PATCH 36/50] Upgrade PostgreSQL/PostGIS

---
 charts/sddi-ckan/charts/postgis/Chart.yaml | 4 ++--
 charts/sddi-ckan/charts/postgis/README.md  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/sddi-ckan/charts/postgis/Chart.yaml b/charts/sddi-ckan/charts/postgis/Chart.yaml
index 46cfa7d..514b71f 100644
--- a/charts/sddi-ckan/charts/postgis/Chart.yaml
+++ b/charts/sddi-ckan/charts/postgis/Chart.yaml
@@ -8,8 +8,8 @@ sources:
   - https://github.com/tum-gis/sddi-ckan-k8s/tree/main/sddi-ckan/charts/charts/postgis
   - https://registry.hub.docker.com/r/postgis/postgis/
 
-version: 0.6.1
-appVersion: "14-3.3"
+version: 0.7.0
+appVersion: "14-3.4"
 
 maintainers:
   - email: b.willenborg@tum.de
diff --git a/charts/sddi-ckan/charts/postgis/README.md b/charts/sddi-ckan/charts/postgis/README.md
index f8e6266..a0e070f 100644
--- a/charts/sddi-ckan/charts/postgis/README.md
+++ b/charts/sddi-ckan/charts/postgis/README.md
@@ -1,6 +1,6 @@
 # postgis
 
-![Version: 0.6.1](https://img.shields.io/badge/Version-0.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 14-3.3](https://img.shields.io/badge/AppVersion-14--3.3-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 14-3.4](https://img.shields.io/badge/AppVersion-14--3.4-informational?style=flat-square)
 
 A Helm chart for sa simple PostGIS database pre-configured for CKAN.
 

From 03996cee36e8324d8653b5148f21afc3619710a2 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:37:00 +0100
Subject: [PATCH 37/50] Update changelog

---
 CHANGELOG.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 28b8ba9..129dd30 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,13 +17,18 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 ### Changed
 
 - Revert 313c09c: Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24, tum-gis/sddi-ckan-k8s#33
-- Upgrade Solr 8 -> Solr 9: **Warning**: The upgrade from 8.x to Solr 9.x introduces several major changes that you should be
+- Upgrade Solr `8.11.2` -> `9.2.1`: **Warning**: The upgrade from 8.x to Solr 9.x introduces several major changes that you should be
   aware of before upgrading. Make sure to thoroughly go though the
   [docs for upgrading Solr](https://solr.apache.org/guide/solr/latest/upgrade-notes/solr-upgrade-notes.html#upgrading-to-9-x-from-8-x-releases)
   for possible breaking changes or necessary manual migration steps.
   - [Major changes in Solr9](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html)
   - [Reindex aufter upgrade](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#reindexing-after-upgrade)
 - Upgrade Redis `7.0.8` -> `7.2.4`
+- Upgrade Postgresql/PostGIS `14-3.3` -> `14-3.4`
+
+### Fixed
+
+- CKAN ingress `pathType` warning
 
 ## [sddi-ckan-2.0.0] - 2023-11-02
 

From dcf71fa42bd080d021725964450f175a165ff582 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:43:34 +0100
Subject: [PATCH 38/50] Don't mark beta release as latest

---
 .github/workflows/chart-releaser-beta.yml | 41 +++++++++++++++++++++++
 .github/workflows/chart-releaser.yml      |  2 ++
 2 files changed, 43 insertions(+)
 create mode 100644 .github/workflows/chart-releaser-beta.yml

diff --git a/.github/workflows/chart-releaser-beta.yml b/.github/workflows/chart-releaser-beta.yml
new file mode 100644
index 0000000..a59b3ef
--- /dev/null
+++ b/.github/workflows/chart-releaser-beta.yml
@@ -0,0 +1,41 @@
+name: Release Charts beta
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'releases/**-alpha'
+      - 'releases/**-beta'
+    paths:
+      - charts/sddi-ckan/**
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.14.1
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        with:
+          mark_as_latest: false
+          skip_existing: true
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/chart-releaser.yml b/.github/workflows/chart-releaser.yml
index 3207655..18995b3 100644
--- a/.github/workflows/chart-releaser.yml
+++ b/.github/workflows/chart-releaser.yml
@@ -6,6 +6,8 @@ on:
     branches:
       - main
       - release/**
+      - '!releases/**-alpha'
+      - '!releases/**-beta'
     paths:
       - charts/sddi-ckan/**
 

From 0f4aaf56d4b4532ac14a5f9564f05b9c92ba93aa Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:46:35 +0100
Subject: [PATCH 39/50] rename job

---
 .github/workflows/chart-releaser-beta.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/chart-releaser-beta.yml b/.github/workflows/chart-releaser-beta.yml
index a59b3ef..80b00eb 100644
--- a/.github/workflows/chart-releaser-beta.yml
+++ b/.github/workflows/chart-releaser-beta.yml
@@ -10,7 +10,7 @@ on:
       - charts/sddi-ckan/**
 
 jobs:
-  release:
+  release-beta:
     # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
     # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
     permissions:

From 40d243d7c38e7e4954a46e18c20f0f810af394ed Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 27 Feb 2024 15:49:14 +0100
Subject: [PATCH 40/50] fix workflow triggers

---
 .github/workflows/chart-releaser-beta.yml | 6 ++++--
 .github/workflows/chart-releaser.yml      | 7 +++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/chart-releaser-beta.yml b/.github/workflows/chart-releaser-beta.yml
index 80b00eb..15654d0 100644
--- a/.github/workflows/chart-releaser-beta.yml
+++ b/.github/workflows/chart-releaser-beta.yml
@@ -4,8 +4,10 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - 'releases/**-alpha'
-      - 'releases/**-beta'
+      - 'release/**-alpha*'
+      - 'release/**-beta*'
+      - 'releases/**-alpha*'
+      - 'releases/**-beta*'
     paths:
       - charts/sddi-ckan/**
 
diff --git a/.github/workflows/chart-releaser.yml b/.github/workflows/chart-releaser.yml
index 18995b3..fd1cbba 100644
--- a/.github/workflows/chart-releaser.yml
+++ b/.github/workflows/chart-releaser.yml
@@ -6,8 +6,11 @@ on:
     branches:
       - main
       - release/**
-      - '!releases/**-alpha'
-      - '!releases/**-beta'
+      - '!release/**-alpha*'
+      - '!release/**-beta*'
+      - releases/**
+      - '!releases/**-alpha*'
+      - '!releases/**-beta*'
     paths:
       - charts/sddi-ckan/**
 

From e40cd4170622176778e1677a74a7ef8ac52861a2 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <me@brunowillenborg.de>
Date: Sat, 2 Mar 2024 22:25:55 +0100
Subject: [PATCH 41/50] Upgrade helm docs v1.13.0 -> v1.13.1

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index dd3c649..626d64e 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/norwoodj/helm-docs
-    rev: v1.13.0
+    rev: v1.13.1
     hooks:
       - id: helm-docs
         args:

From 2a95a72199e0261ca27f09c233a26ee17ad666fe Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Mon, 4 Mar 2024 09:45:48 +0100
Subject: [PATCH 42/50] Add vscode settings

---
 .gitignore            | 3 ---
 .vscode/settings.json | 6 ++++++
 CHANGELOG.md          | 3 ++-
 3 files changed, 8 insertions(+), 4 deletions(-)
 create mode 100644 .vscode/settings.json

diff --git a/.gitignore b/.gitignore
index 3bef280..de33daf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -129,6 +129,3 @@ scheduler.json
 # */charts
 requirements.lock
 Chart.lock
-
-# VS-Code
-.vscode/
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..112e739
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,6 @@
+{
+  "markdownlint.config": {
+    "default": true,
+    "MD024": false
+  }
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 129dd30..98dfa6c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,7 +12,8 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 ## Added
 
-- Allow setting `initContainers`, `extraInitContainers`, `volumes`, `extraVolumes` tum-gis/sddi-ckan-k8s#32
+- Allow setting CKAN `initContainers`, `extraInitContainers`, `volumes`, `extraVolumes`. tum-gis/sddi-ckan-k8s#32
+- Allow setting Solr `initContainers`, `extraInitContainers`. tum-gis/sddi-ckan-k8s#33
 
 ### Changed
 

From 376a96e159267e64c02234f079a44d79435cbeb5 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <me@brunowillenborg.de>
Date: Mon, 4 Mar 2024 21:53:37 +0100
Subject: [PATCH 43/50] Improve changelog

---
 CHANGELOG.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 129dd30..015b18a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,13 +16,16 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 ### Changed
 
-- Revert 313c09c: Relax Solr security context for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24, tum-gis/sddi-ckan-k8s#33
+- Revert 313c09c: Relax Solr security context for OpenShift compatibility. Fixing file permissions is now done using
+  an `initContainer`, that can be disabled for OpenShift compatibility. tum-gis/sddi-ckan-k8s#24, tum-gis/sddi-ckan-k8s#33
 - Upgrade Solr `8.11.2` -> `9.2.1`: **Warning**: The upgrade from 8.x to Solr 9.x introduces several major changes that you should be
   aware of before upgrading. Make sure to thoroughly go though the
   [docs for upgrading Solr](https://solr.apache.org/guide/solr/latest/upgrade-notes/solr-upgrade-notes.html#upgrading-to-9-x-from-8-x-releases)
   for possible breaking changes or necessary manual migration steps.
   - [Major changes in Solr9](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html)
-  - [Reindex aufter upgrade](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#reindexing-after-upgrade)
+  - If upgrading from `v2.x.x` no action should be required.
+  - You should [Recrate the search index after upgrade](https://solr.apache.org/guide/solr/latest/upgrade-notes/major-changes-in-solr-9.html#reindexing-after-upgrade)
+    - See [`ckan search-index rebuild`](https://docs.ckan.org/en/latest/maintaining/cli.html#search-index-search-index-commands)
 - Upgrade Redis `7.0.8` -> `7.2.4`
 - Upgrade Postgresql/PostGIS `14-3.3` -> `14-3.4`
 

From be0903885fc1e64bc00baa026aceb9bc105295b8 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Tue, 5 Mar 2024 19:00:44 +0100
Subject: [PATCH 44/50] use new Tip syntax

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 272a360..1024788 100644
--- a/README.md
+++ b/README.md
@@ -54,8 +54,8 @@ The default username and password are: `admin: changeMe`.
 
 Instructions for *local* testing with e.g. `minikube` or `Docker Desktop` are available in the [examples](examples) section.
 
-> **Note:** To try out
-> `alpha`/`beta` [releases](https://github.com/tum-gis/sddi-ckan-k8s/releases),
+> [!TIP]
+> To try out `alpha`/`beta` [releases](https://github.com/tum-gis/sddi-ckan-k8s/releases),
 > add the [`--devel`](https://helm.sh/docs/helm/helm_install/#options)
 > option to the `helm install` command.
 

From c71f52f2b2de7159682546aafb65ae54f0fee8ff Mon Sep 17 00:00:00 2001
From: Ilche Bedelovski <ilche.bedelovski@gmail.com>
Date: Tue, 19 Mar 2024 08:20:49 +0100
Subject: [PATCH 45/50] Ingress configuration snippet headers

---
 charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml | 4 ++++
 charts/sddi-ckan/charts/ckan/values.yaml                | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
index acc577b..54f5a2a 100644
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
@@ -30,6 +30,10 @@ metadata:
     {{- end }}
     nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.maxUploadSizeMB }}m"
     nginx.org/client-max-body-size: "{{ .Values.maxUploadSizeMB }}m"
+    {{- range .Values.ingress.configurationSnippet }}
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      {{ . | quote }}
+    {{- end }}
     {{- if .Values.ingress.stickySessions.enabled }}
     # https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/
     nginx.ingress.kubernetes.io/affinity: "cookie"
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index ef8179b..c8fda07 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -132,6 +132,9 @@ ingress:
   tls:
     # -- Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`.
     secretName:
+  configurationSnippet:
+    - more_set_headers "X-Frame-Options: Deny";
+    - more_set_headers "X-XSS-Protection: 1; mode=block";
 
 # General settings
 # -- CKAN site url. This should match a domain name of CKAN specified in `ingress.domains`/`global.ingress.domains`

From eb99b5a7bc901cfac222366d2421668556d3ea88 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Fri, 22 Mar 2024 22:32:20 +0100
Subject: [PATCH 46/50] Added basic example for OpenShift usage

---
 CHANGELOG.md                   |  1 +
 examples/open-shift/README.md  | 47 +++++++++++++++++++
 examples/open-shift/route.yml  | 16 +++++++
 examples/open-shift/values.yml | 83 ++++++++++++++++++++++++++++++++++
 4 files changed, 147 insertions(+)
 create mode 100644 examples/open-shift/README.md
 create mode 100644 examples/open-shift/route.yml
 create mode 100644 examples/open-shift/values.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8560f2b..06dafc0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ For releases `< 1.0.0` minor version step indicate breaking changes.
 
 - Allow setting CKAN `initContainers`, `extraInitContainers`, `volumes`, `extraVolumes`. tum-gis/sddi-ckan-k8s#32
 - Allow setting Solr `initContainers`, `extraInitContainers`. tum-gis/sddi-ckan-k8s#33
+- Basic example for OpenShift usage, see [here](examples/open-shift).
 
 ### Changed
 
diff --git a/examples/open-shift/README.md b/examples/open-shift/README.md
new file mode 100644
index 0000000..89e2d67
--- /dev/null
+++ b/examples/open-shift/README.md
@@ -0,0 +1,47 @@
+# Running this chart on OpenShift
+
+[Red Hat OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift), is a popular hybrid cloud application platform powered by Kubernetes. due to security reasons, in OpenShift pods run as an random user ID and all files in the container image that need to be writable, have to be in a
+volume. This example provides a basic setup to run this stack on OpenShift.
+
+## Additional notes on this example
+
+- Instead of Ingress OpenShift [Route](https://docs.openshift.com/container-platform/4.11/rest_api/network_apis/route-route-openshift-io-v1.html) can be used. A local [Route](route.yml) template is included, which can be deployed using a separate chart and the values `ckan.host`.
+- DataPusher is disabled, as it causes problems with OpenShift in it's current version.
+
+## :eye_speech_bubble: Requirements
+
+- An OpenShift cluster
+- [`kubectl`](https://kubernetes.io/docs/tasks/tools/#kubectl) installed and configured for you local cluster
+- [`helm`](https://helm.sh/docs/intro/install/) installed
+
+## :rocket: Usage
+
+1. Add the Helm repos for all dependencies
+
+    ```bash
+    helm repo add sddi-ckan https://tum-gis.github.io/sddi-ckan-k8s
+
+    # Optional, comment out if nginx-ingress controller is already installed in your cluster
+    # helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+
+    # Optional: Uncomment, if you want to test cert-manager as certificate issuer
+    # helm repo add jetstack https://charts.jetstack.io
+
+    # Update all repos
+    helm repo update
+    ```
+
+2. Adapt `ckan.siteUrl`, `global.ingress.domains[]`, `global.ingress.certManager.issuerEmail` in a local copy of [values.yml](values.yml) according to your domain name and eMail address.
+
+3. Deploy the chart with the default configuration specified in
+   [values.yml](values.yml):
+
+    ```bash
+    helm install ckan sddi-ckan/sddi-ckan \
+      -n ckan --create-namespace \
+      --atomic --wait --timeout 10m \
+      --values values.yml
+    ```
+
+    > [!TIP]
+    > If you want to try out a development (`beta`, `alpha`) version of the helm chart, use the `--devel` option of helm.
diff --git a/examples/open-shift/route.yml b/examples/open-shift/route.yml
new file mode 100644
index 0000000..d3662ae
--- /dev/null
+++ b/examples/open-shift/route.yml
@@ -0,0 +1,16 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: ckan
+spec:
+  host: {{ .Values.ckan.host }}
+  port:
+    targetPort: http
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: ckan
+    weight: 100
+  wildcardPolicy: None
diff --git a/examples/open-shift/values.yml b/examples/open-shift/values.yml
new file mode 100644
index 0000000..4397543
--- /dev/null
+++ b/examples/open-shift/values.yml
@@ -0,0 +1,83 @@
+global:
+  ingress:
+    className: nginx
+    certManager:
+      issuerEmail: me@example.com
+    domains:
+      - https://test.de
+
+# Nginx ingress configuration -------------------------------------------------
+# This needs to be enabled, if you don't have nginx-ingress installed already
+# in your cluster.
+ingress-nginx:
+  enabled: true
+
+# cert-manager configuration --------------------------------------------------
+# Disable cert-manager and certIssuer for local testing, they are not required.
+# Nginx ingress will create a self-signed certificate for testing automatically.
+
+# If you want to try out cert-manager, make sure install CRDs BEFORE you install the chart.
+# Make sure to enable certIssuer and configure ingress settings accordingly, see above.
+# For local testing issuerType = namespace and issuerName = self-signed is recommended.
+# (see here: https://cert-manager.io/docs/installation/helm/#3-install-customresourcedefinitions )
+cert-manager:
+  enabled: false
+
+certIssuer:
+  enabled: false
+
+# ckan configuration ----------------------------------------------------------
+ckan:
+  # Host for Route, if used instead of Ingress.
+  # Same as `ckan.siteUrl`, but without protocol: `https://` or `http://`.
+  host: test.de
+  # Replace default initContainers
+
+  siteUrl: https://test.de
+
+  initContainers:
+    - name: pg-ready
+      image: bwibo/k8s-init-container:latest
+      command:
+        - pg_isready
+      env:
+      - name: PGHOST
+        value: "{{ .Values.global.db.host | default .Values.db.host }}"
+      - name: PGPORT
+        value: "{{ .Values.global.db.port | default .Values.db.port }}"
+      - name: PGDATABASE
+        value: "{{ .Values.global.db.dbname | default .Values.db.dbname }}"
+      - name: PGUSER
+        value: "{{ .Values.global.db.auth.username | default .Values.db.auth.usernme }}"
+      - name: PGPASSWORD
+        value: "{{ .Values.global.db.auth.password | default .Values.db.auth.password }}"
+
+  # Extra Volumes
+  extraVolumes:
+    # Volumes for paths that need to be writable
+    - name: srv-app-i18n
+      emptyDir:
+        sizeLimit: 500Mi
+    - name: srv-app-data
+      emptyDir:
+        sizeLimit: 500Mi
+
+  # Extra Volume Mounts
+  extraVolumeMounts:
+    # Mount emptyDir volumes for paths that need to be writable
+    - name: srv-app-data
+      mountPath: /srv/app/data/
+    - name: srv-app-i18n
+      mountPath: /srv/app/src/ckan/ckan/public/base/i18n/
+
+# Remove Solr initContainer
+solr:
+  initContainers: []
+
+# Disable datapusher.
+datapusher:
+  enabled: false
+
+# Disable cerIssuer
+certIssuer:
+  enabled: false

From 1634e2e02fa73f17e34ae11e9f49740d821e6973 Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Fri, 22 Mar 2024 22:34:43 +0100
Subject: [PATCH 47/50] remove outdate NOTES.md

---
 NOTES.md | 28 ----------------------------
 1 file changed, 28 deletions(-)
 delete mode 100644 NOTES.md

diff --git a/NOTES.md b/NOTES.md
deleted file mode 100644
index ebf04b8..0000000
--- a/NOTES.md
+++ /dev/null
@@ -1,28 +0,0 @@
-# SDDI CKAN setup notes
-
-## Upcoming changes
-
-### CKAN v2.10
-
-- CKAN Datapusher requires token starting from 2.10:
-  https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-datapusher-api-token
-
-## ToDos
-
-## Code snippets
-
-### Create sysadmin
-
-#### Existing user
-
-```shell
-kubectl exec -t -i CKAN-POD_NAME -- \
-  ckan -c /srv/app/production.ini sysadmin add USERNAME
-```
-
-#### New user
-
-```shell
-kubectl exec -t -i CKAN-POD_NAME -- \
-  ckan -c /srv/app/production.ini sysadmin add USERNAME email=user@example.de name=Fristname Lastname
-```

From fa1d1df9ca42ed21899b9f0516affefc2c34183c Mon Sep 17 00:00:00 2001
From: Bruno Willenborg <bruno.willenborg@list-eco.de>
Date: Fri, 22 Mar 2024 22:35:36 +0100
Subject: [PATCH 48/50] v3.0.0

---
 CHANGELOG.md                | 6 +++---
 charts/sddi-ckan/Chart.yaml | 2 +-
 charts/sddi-ckan/README.md  | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 06dafc0..2997940 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@ Versions are prefixed with `sddi-ckan-` due to usage of
 [chart-releaser-action](https://github.com/helm/chart-releaser-action).
 For releases `< 1.0.0` minor version step indicate breaking changes.
 
-## [sddi-ckan-3.0.0-beta1] - 2024-02-24
+## [sddi-ckan-3.0.0] - 2024-03-22
 
 ## Added
 
@@ -373,9 +373,9 @@ is displayed when navigating to the _Datasets_ view of CKAN.
 
 ### Known issues
 
-[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.1...HEAD
+[Unreleased]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-3.0.0...HEAD
 
-[sddi-ckan-3.0.0-beta1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...sddi-ckan-3.0.0-beta1
+[sddi-ckan-3.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-2.0.0...sddi-ckan-3.0.0
 [sddi-ckan-2.0.0]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.2...sddi-ckan-2.0.0
 [sddi-ckan-1.2.2]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.1...sddi-ckan-1.2.2
 [sddi-ckan-1.2.1]: https://github.com/tum-gis/sddi-ckan-k8s/compare/sddi-ckan-1.2.0...sddi-ckan-1.2.1
diff --git a/charts/sddi-ckan/Chart.yaml b/charts/sddi-ckan/Chart.yaml
index b611b3e..9ded483 100644
--- a/charts/sddi-ckan/Chart.yaml
+++ b/charts/sddi-ckan/Chart.yaml
@@ -10,7 +10,7 @@ sources:
   - https://www.asg.ed.tum.de/en/gis/projects/smart-district-data-infrastructure
   - https://github.com/tum-gis/ckan-docker
 
-version: 3.0.0-beta1
+version: 3.0.0
 appVersion: "2.0.0"
 kubeVersion: ">= 1.23.0-0"
 
diff --git a/charts/sddi-ckan/README.md b/charts/sddi-ckan/README.md
index 3ceeaed..f770814 100644
--- a/charts/sddi-ckan/README.md
+++ b/charts/sddi-ckan/README.md
@@ -1,6 +1,6 @@
 # sddi-ckan
 
-![Version: 3.0.0-beta1](https://img.shields.io/badge/Version-3.0.0--beta1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
+![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 Helm Chart for a SDDI enabled CKAN catalog. See [CHANGELOG](https://github.com/tum-gis/sddi-ckan-k8s/blob/main/CHANGELOG.md) for changes.
 

From e33c0228ed42e3fd36fcba0f3a90db8af296307e Mon Sep 17 00:00:00 2001
From: Ilche Bedelovski <ilche.bedelovski@gmail.com>
Date: Mon, 25 Mar 2024 09:37:53 +0100
Subject: [PATCH 49/50] Ingress configure snippet annotations CSP

---
 charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml | 5 +----
 charts/sddi-ckan/charts/ckan/values.yaml                | 8 +++++---
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
index 54f5a2a..da0149e 100644
--- a/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
+++ b/charts/sddi-ckan/charts/ckan/templates/ckan-ingress.yml
@@ -30,10 +30,7 @@ metadata:
     {{- end }}
     nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.maxUploadSizeMB }}m"
     nginx.org/client-max-body-size: "{{ .Values.maxUploadSizeMB }}m"
-    {{- range .Values.ingress.configurationSnippet }}
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      {{ . | quote }}
-    {{- end }}
+    nginx.ingress.kubernetes.io/configuration-snippet: {{- .Values.ingress.configurationSnippet | toYaml | indent 4 }}
     {{- if .Values.ingress.stickySessions.enabled }}
     # https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/
     nginx.ingress.kubernetes.io/affinity: "cookie"
diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index c8fda07..d5babbe 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -132,9 +132,11 @@ ingress:
   tls:
     # -- Specify a custom tls secret name. This overwrites `global.ingress.tls.secretName`.
     secretName:
-  configurationSnippet:
-    - more_set_headers "X-Frame-Options: Deny";
-    - more_set_headers "X-XSS-Protection: 1; mode=block";
+  configurationSnippet: |
+    more_set_headers "X-Frame-Options: DENY";
+    more_set_headers "X-Xss-Protection: 0";
+    more_set_headers "X-Content-Type-Options: nosniff";
+    more_set_headers "Content-Security-Policy: default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecurerequests; blockall-mixed-content; require-trustedtypes-for 'script'";
 
 # General settings
 # -- CKAN site url. This should match a domain name of CKAN specified in `ingress.domains`/`global.ingress.domains`

From 1d39a07821902d291ae4591c9910a7c520606959 Mon Sep 17 00:00:00 2001
From: Ilche Bedelovski <ilche.bedelovski@gmail.com>
Date: Sat, 20 Apr 2024 20:47:20 +0200
Subject: [PATCH 50/50] Ingress configuration snippet CSP update

---
 charts/sddi-ckan/charts/ckan/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/sddi-ckan/charts/ckan/values.yaml b/charts/sddi-ckan/charts/ckan/values.yaml
index d5babbe..9b7df36 100755
--- a/charts/sddi-ckan/charts/ckan/values.yaml
+++ b/charts/sddi-ckan/charts/ckan/values.yaml
@@ -136,7 +136,7 @@ ingress:
     more_set_headers "X-Frame-Options: DENY";
     more_set_headers "X-Xss-Protection: 0";
     more_set_headers "X-Content-Type-Options: nosniff";
-    more_set_headers "Content-Security-Policy: default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecurerequests; blockall-mixed-content; require-trustedtypes-for 'script'";
+    more_set_headers "Content-Security-Policy: object-src 'none'; child-src 'self'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecurerequests; blockall-mixed-content; require-trustedtypes-for 'script'";
 
 # General settings
 # -- CKAN site url. This should match a domain name of CKAN specified in `ingress.domains`/`global.ingress.domains`