[fixes #104] Task: postgres-operator installation optional

zalf-rdm · Feb 26, 2024 · 1a6c222 · 1a6c222
1 parent c3d30d1
commit 1a6c222
Show file tree

Hide file tree

Showing 12 changed files with 75 additions and 112 deletions.
diff --git a/charts/geonode/Chart.yaml b/charts/geonode/Chart.yaml
@@ -36,10 +36,6 @@ maintainers:
     email: [email protected]
     url: https://github.com/mwallschlaeger
 dependencies:
-  - name: postgres-operator-ui
-    version: ~1.9.0
-    repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui/
-    condition: postgres-operator-ui.enabled
   - name: postgres-operator
     version: ~1.9.0
     repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator/

diff --git a/charts/geonode/README.md b/charts/geonode/README.md
@@ -23,15 +23,14 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23.0, p
 |------------|------|---------|
 | https://charts.bitnami.com/bitnami | memcached | ~6.x.x |
 | https://charts.bitnami.com/bitnami | rabbitmq | ~10.1.7 |
-| https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui/ | postgres-operator-ui | ~1.9.0 |
 | https://opensource.zalando.com/postgres-operator/charts/postgres-operator/ | postgres-operator | ~1.9.0 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | favicon | string | AAABAAMAEBAAAAEAIABoBA ... AAAA== | A base64 encoded favicon |
-| geonode.accesscontrol.lockdown | bool | `false` | Enable/Disable lockdown mode of GeoNode |
+| geonode.accesscontrol.lockdown | string | `"False"` | Enable/Disable lockdown mode of GeoNode |
 | geonode.acme.email | string | `"[email protected]"` | the email to be used to gain certificates |
 | geonode.acme.enabled | bool | `false` | enables cert-manager to do ACME challenges (aka certificates via letsencrypt) |
 | geonode.acme.stageUrl | string | `"https://acme-staging-v02.api.letsencrypt.org/directory"` | ACME staging environment (use acme-staging to avoid running into rate limits) stageUrl: https://acme-v02.api.letsencrypt.org/directory |
@@ -68,7 +67,7 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23.0, p
 | geonode.haystack.search_results_per_page | string | `"200"` | hystack results per page |
 | geonode.image.name | string | `"52north/geonode"` | used geonode image |
 | geonode.image.tag | string | `"4.1.3"` | tag of used geonode image |
-| geonode.imagePullSecret | string | `""` | secret to use to pull geonode image |
+| geonode.imagePullSecret | string | `""` | pull secret to use for geonode image |
 | geonode.ingress.annotations | object | `{}` | adds ingress annotations for nginx ingress class |
 | geonode.ingress.enabled | bool | `true` | enables external access |
 | geonode.ingress.ingressClassName | string | `nil` | define kubernetes ingress class for geonode ingress |
@@ -142,7 +141,7 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23.0, p
 | geoserver.container_name | string | `"geoserver"` | geoserver container name |
 | geoserver.image.name | string | `"geonode/geoserver"` | geoserver image docker image (default in zalf namespace because geonode one was not up to date) |
 | geoserver.image.tag | string | `"2.23.0"` | geoserver docker image tag |
-| geoserver.imagePullSecret | string | `""` | secret to use to pull geoserver image |
+| geoserver.imagePullSecret | string | `""` | pull secret to use for geoserver image |
 | geoserver.pod_name | string | `"geoserver"` | geoserver pod name |
 | geoserver.port | int | `8080` | geoserver port |
 | geoserver.resources.limits.cpu | int | `2` | limit cpu as in resource.requests.cpu (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
@@ -161,50 +160,41 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23.0, p
 | nginx.external_cors.enabled | bool | `false` | Add Access-Control-Allow-Origin directive to allow integration from an external domain |
 | nginx.image.name | string | `"nginx"` | nginx docker image |
 | nginx.image.tag | string | `"1.25"` | nginx docker image tag |
-| nginx.imagePullSecret | string | `""` | secret to use to pull nginx image |
+| nginx.imagePullSecret | string | `""` | pull secret to use for nginx image |
 | nginx.maxClientBodySize | string | `"2G"` | max file upload size |
 | nginx.pod_name | string | `"nginx"` | nginx pod name |
 | nginx.replicaCount | int | `1` | nginx container replicas |
 | nginx.resources.limits.cpu | string | `"800m"` | limit cpu as in resource.requests.cpu (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | nginx.resources.limits.memory | string | `"1Gi"` | limits memory as in resource.limits.memory (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | nginx.resources.requests.cpu | string | `"500m"` | requested cpu as in resource.requests.cpu (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | nginx.resources.requests.memory | string | `"1Gi"` | requested memory as in resource.requests.memory (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
-| postgres-operator-ui.enabled | bool | `false` |  |
-| postgres-operator-ui.envs.operatorApiUrl | string | `"http://{{ $.Release.Name }}-postgres-operator:8080"` |  |
-| postgres-operator-ui.ingress.enabled | bool | `false` |  |
-| postgres-operator-ui.ingress.hosts[0].host | string | `"postgres-ui"` |  |
-| postgres-operator-ui.ingress.hosts[0].paths[0] | string | `""` |  |
-| postgres-operator-ui.ingress.ingressClassName | string | `nil` |  |
-| postgres-operator-ui.replicaCount | int | `1` |  |
-| postgres-operator-ui.service.port | int | `80` |  |
-| postgres-operator-ui.service.type | string | `"ClusterIP"` |  |
 | postgres-operator.configLoggingRestApi.api_port | int | `8080` | REST API listener listens to this port |
 | postgres-operator.enabled | bool | `true` | enable postgres-operator (this or postgresql.enabled NOT both ) |
 | postgres-operator.operatorApiUrl | string | `"http://{{ .Release.Name }}-postgres-operator:8080"` | ??? |
 | postgres-operator.podServiceAccount | object | `{"name":""}` | not setting the podServiceAccount name will leed to generation of this name. This allows to run multiple postgres-operators in a single kubernetes cluster. just seperating them by namespace. |
 | postgres-operator.storageClass | string | `nil` | postgress pv storageclass |
-| postgres.external_postgres.enabled | bool | `false` |  |
-| postgres.external_postgres.hostname | string | `"my-external-postgres.com"` |  |
-| postgres.external_postgres.port | int | `5432` |  |
-| postgres.external_postgres.secret.existingSecretName | string | `""` | name of an existing Secret to use. Set, if you want to separately maintain the Secret. |
-| postgres.external_postgres.secret.geodata_password | string | `"geogeonode"` |  |
-| postgres.external_postgres.secret.geonode_password | string | `"geonode"` |  |
-| postgres.external_postgres.secret.postgres_password | string | `"postgres"` |  |
+| postgres.external.hostname | string | `"my-external-postgres.com"` |  |
+| postgres.external.port | int | `5432` |  |
+| postgres.external.secret.existingSecretName | string | `""` | name of an existing Secret to use. Set, if you want to separately maintain the Secret. |
+| postgres.external.secret.geodata_password | string | `"geogeonode"` |  |
+| postgres.external.secret.geonode_password | string | `"geonode"` |  |
+| postgres.external.secret.postgres_password | string | `"postgres"` |  |
 | postgres.geodata_databasename_and_username | string | `"geodata"` | geoserver database name and username |
 | postgres.geonode_databasename_and_username | string | `"geonode"` | geonode database name and username |
-| postgres.operator_manifest.numberOfInstances | int | `1` | number of database instances |
-| postgres.operator_manifest.pod_name | string | `"postgresql"` | pod name for postgres containers == teamID for mainifest |
-| postgres.operator_manifest.postgres_version | int | `15` | postgres version |
-| postgres.operator_manifest.storageSize | string | `"3Gi"` | Database storage size |
+| postgres.operator.numberOfInstances | int | `1` | number of database instances |
+| postgres.operator.pod_name | string | `"postgresql"` | pod name for postgres containers == teamID for mainifest |
+| postgres.operator.postgres_version | int | `15` | postgres version |
+| postgres.operator.storageSize | string | `"3Gi"` | Database storage size |
 | postgres.schema | string | `"public"` | database schema |
+| postgres.type | string | `"operator"` | type of used postgres: "operator" or "external". \ if external is used, host, port and password have to be set in postgres.external using values or external secret if operator is used, host port and passwords get set automatically using postgres-operator. If your Kubernetes cluster does not have a running postgres-operator, you can install the postgres-operator with  postgres-operator.enabled = true |
 | postgres.username | string | `"postgres"` | postgres username |
 | pycsw.config | string | based of pycsw example.cfg: https://github.com/geopython/pycsw/blob/master/docker/pycsw.cfg | pycsw config file parameters, see docs: https://docs.pycsw.org/_/downloads/en/latest/pdf/ |
 | pycsw.container_name | string | `"pycsw"` | pycsw container name |
 | pycsw.enabled | bool | `true` | enable single pycsw pod |
 | pycsw.endpoint | string | `"/catalogue/csw"` | pycsw url below geonode.ingress.externalDomain |
 | pycsw.image.name | string | `"geopython/pycsw"` | pycsw docker image |
 | pycsw.image.tag | string | `"2.6.1"` | pycsw docker image tag |
-| pycsw.imagePullSecret | string | `""` | secret to use to pull pycsw image |
+| pycsw.imagePullSecret | string | `""` | pull secret to use for pycsw image |
 | pycsw.mappings | string | copied from 4.1.x: https://github.com/GeoNode/geonode/blob/master/geonode/catalogue/backends/pycsw_local_mappings.py | pycsw config file parameters, see docs: https://docs.pycsw.org/_/downloads/en/latest/pdf/ |
 | pycsw.pod_name | string | `"pysw"` | pycsw pod name |
 | pycsw.port | int | `8000` | pycsw endpoint port |
@@ -227,4 +217,4 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23.0, p
 | rabbitmq.requests.memory | string | `"1Gi"` | requested memory as in resource.requests.memory (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/geonode/templates/_helpers.tpl b/charts/geonode/templates/_helpers.tpl
@@ -9,7 +9,7 @@
 {{- end -}}
 
 {{- define "postgres_pod_name" -}}
-{{ .Release.Name }}-{{ .Values.postgres.operator_manifest.pod_name }}
+{{ .Release.Name }}-{{ .Values.postgres.operator.pod_name }}
 {{- end -}}
 
 {{- define "nginx_pod_name" -}}
@@ -29,77 +29,77 @@
 
 # Database definitions
 {{- define "database_hostname" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 {{ include "postgres_pod_name" . }}
-{{- else if .Values.postgres.external_postgres.enabled -}}
-{{- .Values.postgres.external_postgres.hostname -}}
+{{- else if (eq .Values.postgres.type "external") -}}
+{{- .Values.postgres.external.hostname -}}
 {{- end -}}
 {{- end -}}
 
 {{- define "database_port" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 5432
-{{- else if .Values.postgres.external_postgres.enabled -}}
-{{ .Values.postgres.external_postgres.port }}
+{{- else if (eq .Values.postgres.type "external") -}}
+{{ .Values.postgres.external.port }}
 {{- end -}}
 {{- end -}}
 
 # secret key reference for the password of user:  .Values.postgres.username
 {{- define "database_postgres_password_secret_key_ref" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 "{{ .Values.postgres.username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do"
-{{- else if and .Values.postgres.external_postgres.enabled (not .Values.postgres.external_postgres.secret.existingSecretName ) -}}
+{{- else if and (eq .Values.postgres.type "external") (not .Values.postgres.external.secret.existingSecretName ) -}}
 "{{ .Release.Name }}-postgres-external-secrets"
 {{- else -}}
-"{{.Values.postgres.external_postgres.secret.existingSecretName }}"
+"{{.Values.postgres.external.secret.existingSecretName }}"
 {{- end -}}
 {{- end -}}
 
 # secret key reference for the password of user:  .Values.postgres.geonode_databasename_and_username
 {{- define "database_geonode_password_secret_key_ref" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 "{{ .Values.postgres.geonode_databasename_and_username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do"
-{{- else if and .Values.postgres.external_postgres.enabled (not .Values.postgres.external_postgres.secret.existingSecretName ) -}}
+{{- else if and (eq .Values.postgres.type "external") (not .Values.postgres.external.secret.existingSecretName ) -}}
 "{{ .Release.Name }}-geonode-external-secrets"
 {{- else -}}
-"{{.Values.postgres.external_postgres.secret.existingSecretName }}"
+"{{.Values.postgres.external.secret.existingSecretName }}"
 {{- end -}}
 {{- end -}}
 
 # secret key reference for the password of user: .Values.postgres.geodata_databasename_and_username
 {{- define "database_geodata_password_secret_key_ref" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 "{{ .Values.postgres.geodata_databasename_and_username }}.{{ include "postgres_pod_name" . }}.credentials.postgresql.acid.zalan.do"
-{{- else if and .Values.postgres.external_postgres.enabled (not .Values.postgres.external_postgres.secret.existingSecretName ) -}}
+{{- else if and (eq .Values.postgres.type "external") (not .Values.postgres.external.secret.existingSecretName ) -}}
 "{{ .Release.Name }}-geodata-external-secrets"
-{{- else -}}
-"{{.Values.postgres.external_postgres.secret.existingSecretName }}"
+{{- else if .Values.postgres.external.secret.existingSecretName -}}
+"{{.Values.postgres.external.secret.existingSecretName }}"
 {{- end -}}
 {{- end -}}
 
 # define password key name in geonode postgres secret
 {{- define "database_geonode_password_key_ref" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 password
-{{- else if .Values.postgres.external_postgres.enabled -}}
+{{- else if (eq .Values.postgres.type "external") -}}
 geonode-password
 {{- end -}}
 {{- end -}}
 
 # define password key name in geodata postgres secret
 {{- define "database_geodata_password_key_ref" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 password
-{{- else if .Values.postgres.external_postgres.enabled -}}
+{{- else if (eq .Values.postgres.type "external") -}}
 geodata-password
 {{- end -}}
 {{- end -}}
 
 # define password key name in postgres postgres secret
 {{- define "database_postgres_password_key_ref" -}}
-{{- if (index .Values "postgres-operator" "enabled") -}}
+{{- if (eq .Values.postgres.type "operator") -}}
 password
-{{- else if .Values.postgres.external_postgres.enabled -}}
+{{- else if (eq .Values.postgres.type "external") -}}
 postgres-password
 {{- end -}}
 {{- end -}}

diff --git a/charts/geonode/templates/geonode/geonode-deploy.yaml b/charts/geonode/templates/geonode/geonode-deploy.yaml
@@ -1,17 +1,9 @@
-# check if external and postgres-operator database backends are active
-{{ $postgres_operator := index .Values "postgres-operator" "enabled" }}
-{{ $postgres_operator_ui := index .Values "postgres-operator-ui" "enabled"}}
-# check if multiple database backends are active
-{{ if and .Values.postgres.external_postgres.enabled $postgres_operator }}
-  {{- fail "Error, two Database backends enabled, check .Values.postgres.external_postgres or .Values.postgres-operator ..." }}
-{{ else if  and (not .Values.postgres.external_postgres.enabled) (not $postgres_operator) }}
-  {{- fail "Error, no Database backend is enabled, check .Values.postgres.external_postgres or .Values.postgres-operator ..." }}
+# check if postgres.type is set to external operator
+{{ $is_operator := (eq .Values.postgres.type "operator") }}
+{{ $is_external := (eq .Values.postgres.type "external") }}
+{{ if not (or $is_operator  $is_external) }}
+  {{- fail "Deploymnent FAILED, unknown postgres.type defined, please set postgres.type to operator or external ..." }}
 {{ end }}
-# check if operator ui is activated even postgres-operator is disabled
-{{ if and ($postgres_operator_ui) (not $postgres_operator) }}
-  {{- fail "Error, postgres-operator-ui enabled even postgres-operator ist disabled ..." }}
-{{ end }}
-
 
 # geonode stateful set
 apiVersion: apps/v1
@@ -105,17 +97,17 @@ spec:
           valueFrom:
             secretKeyRef:
               name: {{ include "database_geonode_password_secret_key_ref" . }}
-              key: password
+              key: {{ include "database_geonode_password_key_ref" . }}
         - name: GEONODE_GEODATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
               name: {{ include "database_geodata_password_secret_key_ref" . }}
-              key: password
+              key: {{ include "database_geodata_password_key_ref" . }}
         - name: POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
               name: {{ include "database_postgres_password_secret_key_ref" . }}
-              key: password
+              key: {{ include "database_postgres_password_key_ref" . }}
         - name: GEODATABASE_URL
           value: "postgis://$(GEONODE_GEODATABASE):$(GEONODE_GEODATABASE_PASSWORD)@$(DATABASE_HOST):$(DATABASE_PORT)/$(GEONODE_GEODATABASE)"
         - name: DATABASE_URL

diff --git a/charts/geonode/templates/postgres/postgres-external-geodata-secrets.yaml b/charts/geonode/templates/postgres/postgres-external-geodata-secrets.yaml
@@ -1,10 +1,10 @@
-{{ if and .Values.postgres.external_postgres.enabled (not .Values.postgres.external_postgres.secret.existingSecretName )}}
+{{ if and (eq .Values.postgres.type "external") (not .Values.postgres.external.secret.existingSecretName )}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ .Release.Name }}-geodata-external-secrets
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
-  geodata_password: {{ .Values.postgres.external_postgres.secret.geodata_password | b64enc }}
+  geodata_password: {{ .Values.postgres.external.secret.geodata_password | b64enc }}
 {{ end }}
diff --git a/charts/geonode/templates/postgres/postgres-external-geonode-secrets.yaml b/charts/geonode/templates/postgres/postgres-external-geonode-secrets.yaml
@@ -1,10 +1,10 @@
-{{ if and .Values.postgres.external_postgres.enabled (not .Values.postgres.external_postgres.secret.existingSecretName )}}
+{{ if and (eq .Values.postgres.type "external") (not .Values.postgres.external.secret.existingSecretName )}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ .Release.Name }}-geonode-external-secrets
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
-  geonode_password: {{ .Values.postgres.external_postgres.secret.geonode_password | b64enc }}
+  geonode_password: {{ .Values.postgres.external.secret.geonode_password | b64enc }}
 {{ end }}
diff --git a/charts/geonode/templates/postgres/postgres-external-postgres-secrets.yaml b/charts/geonode/templates/postgres/postgres-external-postgres-secrets.yaml
@@ -1,10 +1,10 @@
-{{ if and .Values.postgres.external_postgres.enabled (not .Values.postgres.external_postgres.secret.existingSecretName )}}
+{{ if and (eq .Values.postgres.type "external") (not .Values.postgres.external.secret.existingSecretName )}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ .Release.Name }}-postgres-external-secrets
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
-  postgres_password: {{ .Values.postgres.external_postgres.secret.postgres_password | b64enc }}
+  postgres_password: {{ .Values.postgres.external.secret.postgres_password | b64enc }}
 {{ end }}