From 1f8990c0a9c514db7d392a5907d52b99eebaf20a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcel=20Wallschl=C3=A4ger?= Date: Mon, 30 Oct 2023 11:36:54 +0100 Subject: [PATCH] Style edit not working geoserver resources geoserver password (#104) [Fixes #102 #103 #87] setting geserver password, setting geoserver resources --- README.md | 5 +- charts/geonode/Chart.yaml | 70 +++++++++---------- charts/geonode/README.md | 15 ++-- .../templates/geonode/geonode-deploy.yaml | 1 + .../templates/geonode/geonode-env.yaml | 14 +--- .../templates/geonode/geonode-secret.yaml | 5 ++ .../geonode/geonode-tasks-py-conf.yaml | 44 +++--------- .../templates/geoserver/geoserver-deploy.yaml | 4 +- .../templates/geoserver/geoserver-env.yaml | 3 +- .../templates/geoserver/geoserver-secret.yaml | 5 ++ charts/geonode/values.yaml | 51 +++++++------- 11 files changed, 101 insertions(+), 116 deletions(-) diff --git a/README.md b/README.md index b92a55f..77dfc6f 100644 --- a/README.md +++ b/README.md @@ -61,8 +61,9 @@ The chart will automatically install required dependencies, i.e. a RabbitMQ brok |---------------------------|--------------------|-------------------------|---------------------------| | [1.0.0](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.0) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) | | [1.0.1](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.1) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) | -| [1.0.2](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.2) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) | -| [1.0.3](https://github.com/zalf-rdm/geonode-k8s/releases/tag/1.0.2) | [4.1.3](https://github.com/GeoNode/geonode/releases/tag/4.1.3) | [52north/geonode:4.1.3](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) | +| [1.0.2](https://github.com/zalf-rdm/geonode-k8s/releases/tag/geonode-k8s-1.0.2) | [4.1.2](https://github.com/GeoNode/geonode/releases/tag/4.1.2) | [52north/geonode:4.1.2](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) | +| [1.0.3](https://github.com/zalf-rdm/geonode-k8s/releases/tag/geonode-k8s-1.0.3) | [4.1.3](https://github.com/GeoNode/geonode/releases/tag/4.1.3) | [52north/geonode:4.1.3](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) | +| [1.0.4](https://github.com/zalf-rdm/geonode-k8s/releases/tag/geonode-k8s-1.0.4) | [4.1.3](https://github.com/GeoNode/geonode/releases/tag/4.1.3) | [52north/geonode:4.1.3](https://hub.docker.com/r/52north/geonode/tags) | [geonode/geoserver:2.23.0](https://hub.docker.com/r/geonode/geoserver/tags) | ## Install chart dependencies diff --git a/charts/geonode/Chart.yaml b/charts/geonode/Chart.yaml index 04ae304..c960f6e 100644 --- a/charts/geonode/Chart.yaml +++ b/charts/geonode/Chart.yaml @@ -1,21 +1,21 @@ apiVersion: v2 name: geonode-k8s -version: 1.0.3 +version: 1.0.4 description: "Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyCSW: 2.61" keywords: -- geonode -- geospatial -- geodata -- SDI -- http -- web -- python -- geoserver -- postresql -- postgis -- rabbitmq -- memcached -- django + - geonode + - geospatial + - geodata + - SDI + - http + - web + - python + - geoserver + - postresql + - postgis + - rabbitmq + - memcached + - django icon: https://www.osgeo.org/wp-content/uploads/GeoNode-370x206.png annotations: artifacthub.io/links: | @@ -29,26 +29,26 @@ annotations: artifacthub.io/license: "GPL3" home: https://geonode.org/ sources: -- https://github.com/zalf-rdm/geonode-k8s -- https://github.com/geonode/geonode + - https://github.com/zalf-rdm/geonode-k8s + - https://github.com/geonode/geonode maintainers: -- name: mwallschlaeger - email: marcel.wallschlaeger@zalf.de - url: https://github.com/mwallschlaeger + - name: mwallschlaeger + email: marcel.wallschlaeger@zalf.de + url: https://github.com/mwallschlaeger dependencies: -- name: postgres-operator-ui - version: ~1.9.0 - repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui/ - condition: postgres-operator-ui.enabled -- name: postgres-operator - version: ~1.9.0 - repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator/ - condition: postgres-operator.enabled -- name: rabbitmq - version: ~10.1.7 - repository: https://charts.bitnami.com/bitnami - condition: rabbitmq.enabled -- name: memcached - repository: https://charts.bitnami.com/bitnami - condition: geonode.memcached.enaled - version: ~6.x.x + - name: postgres-operator-ui + version: ~1.9.0 + repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui/ + condition: postgres-operator-ui.enabled + - name: postgres-operator + version: ~1.9.0 + repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator/ + condition: postgres-operator.enabled + - name: rabbitmq + version: ~10.1.7 + repository: https://charts.bitnami.com/bitnami + condition: rabbitmq.enabled + - name: memcached + repository: https://charts.bitnami.com/bitnami + condition: geonode.memcached.enaled + version: ~6.x.x diff --git a/charts/geonode/README.md b/charts/geonode/README.md index 83f2b94..9f1df61 100644 --- a/charts/geonode/README.md +++ b/charts/geonode/README.md @@ -1,6 +1,6 @@ # geonode-k8s -![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) +![Version: 1.0.4](https://img.shields.io/badge/Version-1.0.4-informational?style=flat-square) Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyCSW: 2.61 @@ -48,8 +48,9 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyC | geonode.general.display.rating | bool | `true` | DISPLAY_RATINGS If set to False ratings are hidden. | | geonode.general.display.social | bool | `true` | DISPLAY_SOCIAL If set to False social sharing is hidden. | | geonode.general.display.wms_link | bool | `true` | DISPLAY_WMS_LINKS If set to False direct WMS link to GeoServer is hidden. | -| geonode.general.externalDomain | string | `"geonode"` | external ingress hostname | -| geonode.general.externalScheme | string | `"http"` | external ingress schema. If set to 'https', make sure to configure TLS either by configuring tls certificate or using cert-manager. Available options: (http|https) | +| geonode.general.externalDomain | string | `"geonode"` | external ingress hostname | +| geonode.general.externalScheme | string | `"http"` | external ingress schema. If set to 'https', make sure to configure TLS either by configuring tls certificate or using cert-manager. Available options: (http|https) | +| geonode.general.force_reinit | bool | `true` | set force reinit true so that changing passwords etc. in Values.yaml will take effect after restarting the pod this on the other hand will increase pod initializing time, only change if you know what you are doing | | geonode.general.freetext_keywords_readonly | bool | `false` | FREETEXT_KEYWORDS_READONLY Make Free-Text Keywords writable from users. Or read-only when set to False. | | geonode.general.max_document_size | int | `10` | max upload document size in MB | | geonode.general.ogc_request_backoff_factor | float | `0.3` | OGC_REQUEST_BACKOFF_FACTOR | @@ -67,11 +68,11 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyC | geonode.image.name | string | `"52north/geonode"` | used geonode image | | geonode.image.tag | string | `"4.1.3"` | tag of used geonode image | | geonode.ingress.addNginxIngressAnnotation | bool | `false` | adds ingress annotations for nginx ingress class to increase uploadsize and timeout time | -| geonode.ingress.enabled | bool | `true` | enables external access | +| geonode.ingress.enabled | bool | `true` | enables external access | | geonode.ingress.ingressClassName | string | `nil` | define kubernetes ingress class for geonode ingress | | geonode.ingress.tlsSecret | string | `"geonode-tls-secret"` | tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.general.externalScheme is set to 'https' | | geonode.ldap.always_update_user | bool | `true` | always update local user database from ldap | -| geonode.ldap.attr_map_email_addr | string | `"mailPrimaryAddress"` | email attribute used from ldap | +| geonode.ldap.attr_map_email_addr | string | `"mailPrimaryAddress"` | email attribute used from ldap | | geonode.ldap.attr_map_first_name | string | `"givenName"` | given name attribute used from ldap | | geonode.ldap.attr_map_last_name | string | `"sn"` | last name attribute used from ldap | | geonode.ldap.bind_dn | string | `"CN=Users,DC=ad,DC=example,DC=com"` | ldap user bind dn | @@ -105,9 +106,11 @@ Helm Chart for Geonode. Supported versions: Geonode: 4.1.3, Geoserver: 2.23, pyC | geonode.resources.requests.memory | string | `"1Gi"` | requested memory as in resource.requests.memory (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | | geonode.secret.existingSecretName | string | `""` | name of an existing Secret to use. Set, if you want to separately maintain the Secret. | | geonode.secret.ldap.bind_password | string | `"password"` | ldap password | -| geonode.secret.mail.from | string | `"changeme@web.de"` | define from mail-addr | +| geonode.secret.mail.from | string | `"changeme@web.de"` | define from mail-addr | | geonode.secret.mail.password | string | `"changeme"` | set password for mailuser in geonode | | geonode.secret.mail.user | string | `"changeme"` | define mail user to send mails from | +| geonode.secret.oauth2.clientId | string | `"Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV"` | oauth2 geoserver clientID (OAUTH2_CLIENT_ID) | +| geonode.secret.oauth2.clientSecret | string | `"rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3"` | oauth2 geoserver secret (OAUTH2_CLIENT_SECRET) | | geonode.secret.superUser.email | string | `"support@example.com"` | admin user password | | geonode.secret.superUser.password | string | `"geonode"` | admin panel password | | geonode.secret.superUser.username | string | `"admin"` | admin username | diff --git a/charts/geonode/templates/geonode/geonode-deploy.yaml b/charts/geonode/templates/geonode/geonode-deploy.yaml index d708eb5..358e094 100644 --- a/charts/geonode/templates/geonode/geonode-deploy.yaml +++ b/charts/geonode/templates/geonode/geonode-deploy.yaml @@ -31,6 +31,7 @@ spec: org.geonode.instance: "{{ include "geonode_pod_name" . }}" annotations: checksum/geonode-env: {{ include (print $.Template.BasePath "/geonode/geonode-env.yaml") . | sha256sum }} + checksum/geonode-secret: {{ include (print $.Template.BasePath "/geonode/geonode-secret.yaml") . | sha256sum }} checksum/geonode-local-settings: {{ include (print $.Template.BasePath "/geonode/geonode-local-settings.yaml") . | sha256sum }} checksum/geonode-uwsig: {{ include (print $.Template.BasePath "/geonode/geonode-uwsgi-ini-conf.yaml") . | sha256sum }} spec: diff --git a/charts/geonode/templates/geonode/geonode-env.yaml b/charts/geonode/templates/geonode/geonode-env.yaml index b539cf3..723ce80 100644 --- a/charts/geonode/templates/geonode/geonode-env.yaml +++ b/charts/geonode/templates/geonode/geonode-env.yaml @@ -21,13 +21,8 @@ data: # GeoNode APIs API_LOCKDOWN: 'False' TASTYPIE_APIKEY: "" - # TODO (mwall) set this automatically with helm magics not fully implemented - {{ if ( eq .Release.Revision 1 )}} - IS_FIRST_START: 'True' - {{ else }} - IS_FIRST_START: 'False' - {{ end }} - FORCE_REINIT: 'False' + FORCE_REINIT: {{ .Values.geonode.general.force_reinit | quote }} + # set this to true breaks upload ASYNC_SIGNALS: 'True' CACHE_BUSTING_STATIC_ENABLED: 'False' @@ -125,11 +120,6 @@ data: {{ else }} CATALOGUE_ENGINE: geonode.catalogue.backends.pycsw_local {{ end}} - # OAuth2 - # TODO (mwall) implement OAUTH2 - OAUTH2_API_KEY: "" - OAUTH2_CLIENT_ID: "" - OAUTH2_CLIENT_SECRET: "" DJANGO_SETTINGS_MODULE: {{ .Values.geonode.general.settings_module }} DEFAULT_BACKEND_DATASTORE: datastore diff --git a/charts/geonode/templates/geonode/geonode-secret.yaml b/charts/geonode/templates/geonode/geonode-secret.yaml index 556517f..b6fb867 100644 --- a/charts/geonode/templates/geonode/geonode-secret.yaml +++ b/charts/geonode/templates/geonode/geonode-secret.yaml @@ -18,4 +18,9 @@ data: # ldap secrets LDAP_BIND_PASSWORD: {{ .Values.geonode.secret.ldap.bind_password | b64enc }} + + # OAuth2 + OAUTH2_API_KEY: "" + OAUTH2_CLIENT_ID: {{ .Values.geonode.secret.oauth2.clientId | b64enc }} + OAUTH2_CLIENT_SECRET: {{ .Values.geonode.secret.oauth2.clientSecret | b64enc }} {{ end }} \ No newline at end of file diff --git a/charts/geonode/templates/geonode/geonode-tasks-py-conf.yaml b/charts/geonode/templates/geonode/geonode-tasks-py-conf.yaml index 9a11f52..5d44f26 100644 --- a/charts/geonode/templates/geonode/geonode-tasks-py-conf.yaml +++ b/charts/geonode/templates/geonode/geonode-tasks-py-conf.yaml @@ -34,7 +34,7 @@ data: import datetime import requests - from urllib.parse import urlparse + from urllib.parse import urlparse, urlunparse from invoke import task BOOTSTRAP_IMAGE_CHEIP = 'codenvy/che-ip:nightly' @@ -337,28 +337,7 @@ data: _prepare_oauth_fixture() ctx.run("rm -rf /tmp/default_site.json", pty=True) _prepare_site_fixture() - # Updating OAuth2 Service Config - new_ext_ip = os.environ["SITEURL"] - client_id = os.environ["OAUTH2_CLIENT_ID"] - client_secret = os.environ["OAUTH2_CLIENT_SECRET"] - oauth_config = "/geoserver_data/data/security/filter/geonode-oauth2/config.xml" - ctx.run(f'sed -i "s|.*|{client_id}|g" {oauth_config}', pty=True) - ctx.run( - f'sed -i "s|.*|{client_secret}|g" {oauth_config}', - pty=True, - ) - ctx.run( - f'sed -i "s|.*|{new_ext_ip}o/authorize/|g" {oauth_config}', # noqa - pty=True, - ) - ctx.run( - f'sed -i "s|.*|{new_ext_ip}geoserver/index.html|g" {oauth_config}', # noqa - pty=True, - ) - ctx.run( - f'sed -i "s|.*|{new_ext_ip}account/logout/|g" {oauth_config}', - pty=True, - ) + @task def fixtures(ctx): @@ -436,8 +415,6 @@ data: pty=True, ) - - @task def initialized(ctx): print("**************************init file********************************") @@ -516,12 +493,7 @@ data: def _prepare_oauth_fixture(): - upurl = urlparse(os.environ['SITEURL']) - net_scheme = upurl.scheme - pub_ip = os.getenv('GEONODE_LB_HOST_IP') - print(f"Public Hostname or IP is {pub_ip}") - pub_port = os.getenv('GEONODE_LB_PORT') - print(f"Public PORT is {pub_port}") + upurl = urlparse(os.environ["SITEURL"]) default_fixture = [ { "model": "oauth2_provider.application", @@ -531,9 +503,7 @@ data: "created": "2018-05-31T10:00:31.661Z", "updated": "2018-05-31T11:30:31.245Z", "algorithm": "RS256", - "redirect_uris": f"{net_scheme}://{pub_ip}:{pub_port}/geoserver/index.html" - if pub_port - else f"{net_scheme}://{pub_ip}/geoserver/index.html", + "redirect_uris": f"{urlunparse(upurl)}geoserver/index.html", "name": "GeoServer", "authorization_grant_type": "authorization-code", "client_type": "confidential", @@ -549,7 +519,11 @@ data: def _prepare_site_fixture(): upurl = urlparse(os.environ["SITEURL"]) default_fixture = [ - {"model": "sites.site", "pk": 1, "fields": {"domain": str(upurl.hostname), "name": str(upurl.hostname)}} + { + "model": "sites.site", + "pk": 1, + "fields": {"domain": str(upurl.hostname), "name": str(upurl.hostname)}, + } ] with open("/tmp/default_site.json", "w") as fixturefile: json.dump(default_fixture, fixturefile) diff --git a/charts/geonode/templates/geoserver/geoserver-deploy.yaml b/charts/geonode/templates/geoserver/geoserver-deploy.yaml index 52371df..1cd8638 100644 --- a/charts/geonode/templates/geoserver/geoserver-deploy.yaml +++ b/charts/geonode/templates/geoserver/geoserver-deploy.yaml @@ -15,7 +15,9 @@ spec: labels: org.geonode.instance: "{{ include "geoserver_pod_name" . }}" annotations: - checksum/config: {{ include (print $.Template.BasePath "/geoserver/geoserver-env.yaml") . | sha256sum }} + checksum/geoserver-env: {{ include (print $.Template.BasePath "/geoserver/geoserver-env.yaml") . | sha256sum }} + checksum/geoserver-secret: {{ include (print $.Template.BasePath "/geoserver/geoserver-secret.yaml") . | sha256sum }} + spec: terminationGracePeriodSeconds: 3 initContainers: diff --git a/charts/geonode/templates/geoserver/geoserver-env.yaml b/charts/geonode/templates/geoserver/geoserver-env.yaml index cce533b..c154cc4 100644 --- a/charts/geonode/templates/geoserver/geoserver-env.yaml +++ b/charts/geonode/templates/geoserver/geoserver-env.yaml @@ -10,7 +10,8 @@ data: DJANGO_URL: http://{{ include "geonode_pod_name" .}}/ ENABLE_JSONP: 'true' outFormat: text/javascript - GEOSERVER_JAVA_OPTS: "-Djava.awt.headless=true -Xms2G -Xmx4G -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine" + # trimSuffix trims of suffix "i" coming from resources memory in Gi or Mi + GEOSERVER_JAVA_OPTS: "-Xms{{ .Values.geoserver.resources.requests.memory | trimSuffix "i" }} -Xmx{{ .Values.geoserver.resources.limits.memory | trimSuffix "i" }} -Djava.awt.headless=true -Dgwc.context.suffix=gwc -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGS-SHAPEFILE-CHARSET=UTF-8 -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL={{ include "public_url" . }}/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine" NGINX_BASE_URL: "{{ include "public_url" . }}/" DATABASE_HOST: "{{ include "database_hostname" . }}" diff --git a/charts/geonode/templates/geoserver/geoserver-secret.yaml b/charts/geonode/templates/geoserver/geoserver-secret.yaml index ce861c9..47e81eb 100644 --- a/charts/geonode/templates/geoserver/geoserver-secret.yaml +++ b/charts/geonode/templates/geoserver/geoserver-secret.yaml @@ -9,4 +9,9 @@ data: # geoserver admin credentials GEOSERVER_ADMIN_USER: {{ .Values.geoserver.secret.admin_username | b64enc }} GEOSERVER_ADMIN_PASSWORD: {{ .Values.geoserver.secret.admin_password | b64enc }} + + # geonode oauth2 + OAUTH2_API_KEY: "" + OAUTH2_CLIENT_ID: {{ .Values.geonode.secret.oauth2.clientId | b64enc}} + OAUTH2_CLIENT_SECRET: {{ .Values.geonode.secret.oauth2.clientSecret | b64enc }} {{ end }} \ No newline at end of file diff --git a/charts/geonode/values.yaml b/charts/geonode/values.yaml index 9be4e62..95caaf9 100644 --- a/charts/geonode/values.yaml +++ b/charts/geonode/values.yaml @@ -4,7 +4,6 @@ global: # -- storage access mode used by helm dependency pvc accessMode: ReadWriteMany - # geonode configuration geonode: # -- pod name @@ -22,7 +21,7 @@ geonode: # -- used geonode image name: 52north/geonode # -- tag of used geonode image - tag: '4.1.3' + tag: "4.1.3" # -- additions to tasks.py init script, must be additional code written in python tasks_pre_script: | @@ -46,12 +45,16 @@ geonode: user: "changeme" # -- set password for mailuser in geonode password: "changeme" - # -- define from mail-addr + # -- define from mail-addr from: "changeme@web.de" ldap: # -- ldap password bind_password: password - + oauth2: + # -- oauth2 geoserver clientID (OAUTH2_CLIENT_ID) + clientId: Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV + # -- oauth2 geoserver secret (OAUTH2_CLIENT_SECRET) + clientSecret: rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3 resources: requests: @@ -66,7 +69,7 @@ geonode: cpu: 2 ingress: - # -- enables external access + # -- enables external access enabled: True # -- define kubernetes ingress class for geonode ingress ingressClassName: @@ -130,13 +133,15 @@ geonode: cheaper_busyness_backlog_step: 2 general: - - # -- external ingress schema. If set to 'https', make sure to configure TLS either by + # -- external ingress schema. If set to 'https', make sure to configure TLS either by # configuring tls certificate or using cert-manager. Available options: (http|https) externalScheme: http - # -- external ingress hostname + # -- external ingress hostname externalDomain: geonode + # -- set force reinit true so that changing passwords etc. in Values.yaml will take effect after restarting the pod + # this on the other hand will increase pod initializing time, only change if you know what you are doing + force_reinit: true # -- max upload document size in MB max_document_size: 10 # -- to describe @@ -192,7 +197,7 @@ geonode: # -- set mail host for genode mail host: smtp.gmail.com # -- mail port fo geonode mail - port: '587' + port: "587" # -- activate tls for geonode mail (only tls or ssl can be true not both) tls: true # -- enable ssl for geonode mail (only tls or ssl can be true not both) @@ -214,7 +219,7 @@ geonode: # -- always update local user database from ldap always_update_user: True # -- TODO ADD mirror groups_except AUTH_LDAP_MIRROR_GROUPS_EXCEPT - # mirror_groups_except: + # mirror_groups_except: # -- ldap group search dn group_search_dn: "OU=Groups,DC=ad,DC=example,DC=com" # -- ldap group filterstr @@ -223,11 +228,11 @@ geonode: attr_map_first_name: "givenName" # -- last name attribute used from ldap attr_map_last_name: "sn" - # -- email attribute used from ldap + # -- email attribute used from ldap attr_map_email_addr: mailPrimaryAddress # -- Find docs for register values under: - # - https://docs.geonode.org/en/3.3.x/basic/settings/index.html + # - https://docs.geonode.org/en/3.3.x/basic/settings/index.html # - https://github.com/pinax/django-user-accounts/blob/master/docs/settings.rst # - https://django-allauth.readthedocs.io/en/latest/configuration.html # @ignored @@ -268,16 +273,16 @@ geonode: # -- hystack index name engine_index_name: haystack # -- hystack results per page - search_results_per_page: '200' + search_results_per_page: "200" # configure memcached as django cache. .Values.memcached.... to configure memcached replicas, architecture and so on (see https://docs.djangoproject.com/en/4.0/topics/cache/) memcached: # -- enable memcache, this will spawn one or more seperate memcache container(s) and configure django geonode repsectivly. Dynamic caching (see https://docs.djangoproject.com/en/4.0/topics/cache/) enabled: True # -- memcached lock expire time - lock_expire: '3600' + lock_expire: "3600" # -- memcached lock timeout - lock_timeout: '10' + lock_timeout: "10" # TODO not tested yey monitoring: @@ -302,7 +307,7 @@ geonode: # -- limit cpu as in resource.requests.cpu (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) cpu: 2 -# CONFIGURATION FOR GEOSERVER DEPLOYMENT# +# CONFIGURATION FOR GEOSERVER DEPLOYMENT# geoserver: # -- geoserver pod name pod_name: geoserver @@ -312,7 +317,7 @@ geoserver: # -- geoserver image docker image (default in zalf namespace because geonode one was not up to date) name: geonode/geoserver # -- geoserver docker image tag - tag: '2.23.0' + tag: "2.23.0" # -- geoserver port port: 8080 @@ -348,7 +353,7 @@ nginx: # -- nginx docker image name: nginx # -- nginx docker image tag - tag: '1.25' + tag: "1.25" # -- max file upload size maxClientBodySize: 2G resources: @@ -377,7 +382,7 @@ pycsw: # -- pycsw docker image name: geopython/pycsw # -- pycsw docker image tag - tag: '2.6.1' + tag: "2.6.1" # -- pycsw endpoint port port: 8000 # -- pycsw url below geonode.ingress.externalDomain @@ -525,7 +530,6 @@ pycsw: contact_email=Email Address temp_extent=YYYY-MM-DD/YYYY-MM-DD - # MEMCACHED CONFIGURATION # https://artifacthub.io/packages/helm/bitnami/memcached memcached: @@ -578,7 +582,7 @@ postgres: numberOfInstances: 1 # -- postgres version postgres_version: 15 - # database passwords are set randomly + # database passwords are set randomly # infos @ https://postgres-operator.readthedocs.io/en/refactoring-sidecars/user/ # get password after creation via: kubectl get secret {{ .Release.name }}.{{ .Release.name }}-{{ container_name }}.credentials -o 'jsonpath={.data.password}' | base64 -d @@ -608,7 +612,6 @@ postgres-operator: podServiceAccount: name: "" - # VALUES DEFINITION: https://github.com/zalando/postgres-operator/blob/master/charts/postgres-operator-ui/values.yaml postgres-operator-ui: enabled: False @@ -622,8 +625,8 @@ postgres-operator-ui: enabled: False ingressClassName: hosts: - - host: postgres-ui - paths: [""] + - host: postgres-ui + paths: [""] # -- (map of fixture files) Fixture files which shall be made available under /usr/src/geonode/geonode/fixtures (refer to https://docs.djangoproject.com/en/4.2/howto/initial-data/) geonodeFixtures: