Issue#67 separate site url related settings from ingress config (#69)

issue#67_separate_site_url_related_settings_from_ingress_config
zalf-rdm · Sep 6, 2023 · aec62d0 · aec62d0
1 parent dfe75e8
commit aec62d0
Show file tree

Hide file tree

Showing 11 changed files with 43 additions and 30 deletions.
diff --git a/charts/geonode/README.md b/charts/geonode/README.md
@@ -1,15 +1,21 @@
-[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/geonode-k8s)](https://artifacthub.io/packages/search?repo=geonode-k8s)
 # geonode-k8s
 
 ![Version: 4.1.0](https://img.shields.io/badge/Version-4.1.0-informational?style=flat-square)
 
-Helm Chart for Geonode
+Helm Chart for Geonode a web-based application and platform for developing geospatial information systems (GIS) and for deploying spatial data infrastructures (SDI)
 
-**Homepage:** <https://github.com/zalf-rdm/geonode-k8s>
+**Homepage:** <https://geonode.org/>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| mwallschlaeger | <[email protected]> |  |
 
 ## Source Code
 
 * <https://github.com/zalf-rdm/geonode-k8s>
+* <https://github.com/geonode/geonode>
 
 ## Requirements
 
@@ -42,6 +48,8 @@ Helm Chart for Geonode
 | geonode.general.display.rating | bool | `true` | DISPLAY_RATINGS If set to False ratings are hidden. |
 | geonode.general.display.social | bool | `true` | DISPLAY_SOCIAL If set to False social sharing is hidden. |
 | geonode.general.display.wms_link | bool | `true` | DISPLAY_WMS_LINKS If set to False direct WMS link to GeoServer is hidden. |
+| geonode.general.externalDomain | string | `"geonode"` | external ingress hostname  |
+| geonode.general.externalScheme | string | `"http"` | external ingress schema. If set to 'https', make sure to configure TLS either by  configuring tls certificate or using cert-manager. Available options: (http|https) |
 | geonode.general.freetext_keywords_readonly | bool | `false` | FREETEXT_KEYWORDS_READONLY Make Free-Text Keywords writable from users. Or read-only when set to False. |
 | geonode.general.max_document_size | int | `10` | max upload document size in MB |
 | geonode.general.ogc_request_backoff_factor | float | `0.3` | OGC_REQUEST_BACKOFF_FACTOR |
@@ -63,10 +71,8 @@ Helm Chart for Geonode
 | geonode.image.tag | string | `"4.1.x"` | tag of used geonode image |
 | geonode.ingress.addNginxIngressAnnotation | bool | `false` | adds ingress annotations for nginx ingress class to increase uploadsize and timeout time |
 | geonode.ingress.enabled | bool | `true` | enables external access  |
-| geonode.ingress.externalDomain | string | `"geonode"` | external ingress hostname  |
-| geonode.ingress.externalScheme | string | `"http"` | external ingress schema. if set to https ingress tls is used. Loading tls certificate via tls-secret options Available options: (http|https) |
 | geonode.ingress.ingressClassName | string | `nil` | define kubernetes ingress class for geonode ingress |
-| geonode.ingress.tlsSecret | string | `"geonode-tls-secret"` | tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.ingress.externalScheme is set to https |
+| geonode.ingress.tlsSecret | string | `"geonode-tls-secret"` | tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.general.externalScheme is set to 'https' |
 | geonode.ldap.always_update_user | bool | `true` | always update local user database from ldap |
 | geonode.ldap.attr_map_email_addr | string | `"mailPrimaryAddress"` | email attribute used from ldap  |
 | geonode.ldap.attr_map_first_name | string | `"givenName"` | given name attribute used from ldap |

diff --git a/charts/geonode/templates/_helpers.tpl b/charts/geonode/templates/_helpers.tpl
@@ -78,7 +78,7 @@ amqp://{{ .Values.rabbitmq.auth.username }}:{{ .Values.rabbitmq.auth.password }}
 {{- end -}}
 
 {{- define "public_url" -}}
-{{ .Values.geonode.ingress.externalScheme }}://{{ .Values.geonode.ingress.externalDomain }}
+{{ .Values.geonode.general.externalScheme }}://{{ .Values.geonode.general.externalDomain }}
 {{- end -}}
 
 # function

diff --git a/charts/geonode/templates/geonode/geonode-env.yaml b/charts/geonode/templates/geonode/geonode-env.yaml
@@ -34,7 +34,7 @@ data:
   CACHE_BUSTING_MEDIA_ENABLED: 'False'
 
   GEONODE_INSTANCE_NAME: {{ .Release.Name }}
-  GEONODE_LB_HOST_IP: {{ .Values.geonode.ingress.externalDomain | quote }}
+  GEONODE_LB_HOST_IP: {{ .Values.geonode.general.externalDomain | quote }}
   GEONODE_DB_CONN_MAX_AGE: '0'
   GEONODE_DB_CONN_TOUT: '5'
 
@@ -43,8 +43,8 @@ data:
 
   # DJANGO SITE CONF
   SITEURL: "{{ include "public_url" . }}/"
-  SITE_HOST_SCHEMA: {{ .Values.geonode.ingress.externalScheme | quote }}
-  ALLOWED_HOSTS: "['django', '*', '{{ .Values.geonode.ingress.externalDomain }}']"
+  SITE_HOST_SCHEMA: {{ .Values.geonode.general.externalScheme | quote }}
+  ALLOWED_HOSTS: "['django', '*', '{{ .Values.geonode.general.externalDomain }}']"
   PROXY_ALLOWED_HOSTS: 'localhost,django,geonode,geoserver,spatialreference.org,nominatim.openstreetmap.org,dev.openlayers.org'
 
   # Admin Settings
@@ -178,7 +178,7 @@ data:
   # GEOSERVER CONFIGURATION #
   GEOSERVER_WEB_UI_LOCATION: "{{ include "public_url" . }}/geoserver/"
   GEOSERVER_PUBLIC_LOCATION: "{{ include "public_url" . }}/geoserver/"
-  GEOSERVER_PUBLIC_SCHEMA: {{ .Values.geonode.ingress.externalScheme | quote }}
+  GEOSERVER_PUBLIC_SCHEMA: {{ .Values.geonode.general.externalScheme | quote }}
   GEOSERVER_LOCATION: "http://{{ include "geoserver_pod_name" . }}:{{ .Values.geoserver.port }}/geoserver/"
   GEOSERVER_ADMIN_USER: {{ .Values.geoserver.admin_username | quote }}
   GEOSERVER_ADMIN_PASSWORD: {{ .Values.geoserver.admin_password | quote }}

diff --git a/charts/geonode/templates/geoserver/geoserver-env.yaml b/charts/geonode/templates/geoserver/geoserver-env.yaml
@@ -4,7 +4,7 @@ metadata:
   name: {{ include "geoserver_pod_name" . }}-env
   namespace: {{ .Release.Namespace }}
 data:
-  GEONODE_LB_HOST_IP: {{ .Values.geonode.ingress.externalDomain | quote }}
+  GEONODE_LB_HOST_IP: {{ .Values.geonode.general.externalDomain | quote }}
   GEONODE_HOST_IP: localhost
 
   DJANGO_URL: http://{{ include "geonode_pod_name" .}}/

diff --git a/charts/geonode/templates/nginx/nginx-conf.yaml b/charts/geonode/templates/nginx/nginx-conf.yaml
@@ -137,7 +137,7 @@ data:
 
         # FIXME: Work around /proxy sometimes using a mix of public/internal URL to geonode...
         rewrite_log on;
-        #rewrite ^/proxy/(.*)url=http?://{{ .Values.geonode.ingress.externalDomain  }}(:\d+)?/geoserver(.*) /proxy/$1url=http://geoserver:{{ .Values.geoserver.port }}$3 last;
+        #rewrite ^/proxy/(.*)url=http?://{{ .Values.geonode.general.externalDomain  }}(:\d+)?/geoserver(.*) /proxy/$1url=http://geoserver:{{ .Values.geoserver.port }}$3 last;
 
         if ($request_method = OPTIONS) {
           add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS";

diff --git a/charts/geonode/templates/nginx/nginx-deploy.yaml b/charts/geonode/templates/nginx/nginx-deploy.yaml
@@ -23,7 +23,7 @@ spec:
         image: "{{ .Values.nginx.image.name }}:{{ .Values.nginx.image.tag }}"
 
         ports:
-        {{- if (eq .Values.geonode.ingress.externalScheme "https" )}}
+        {{- if (eq .Values.geonode.general.externalScheme "https" )}}
         - containerPort: 443
           name: https
         {{- else }}

diff --git a/charts/geonode/templates/nginx/nginx-ingress.yaml b/charts/geonode/templates/nginx/nginx-ingress.yaml
@@ -1,3 +1,6 @@
+
+{{if (eq .Values.geonode.ingress.enabled true) }}
+
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -16,14 +19,14 @@ metadata:
     {{ end }}
 spec:
   ingressClassName: {{ .Values.geonode.ingress.ingressClassName }}
-  {{ if (eq .Values.geonode.ingress.externalScheme "https") }}
+  {{ if (eq .Values.geonode.general.externalScheme "https") }}
   tls:
   - hosts:
-    -  {{ .Values.geonode.ingress.externalDomain }}
+    -  {{ .Values.geonode.general.externalDomain }}
     secretName: {{ .Values.geonode.ingress.tlsSecret }}
   {{ end }}
   rules:
-  - host: {{ .Values.geonode.ingress.externalDomain }}
+  - host: {{ .Values.geonode.general.externalDomain }}
     http:
       paths:
       - pathType: Prefix
@@ -52,8 +55,11 @@ spec:
     solvers:
     - selector:
         dnsNames:
-          - {{ .Values.geonode.ingress.externalDomain }}
+          - {{ .Values.geonode.general.externalDomain }}
       http01:
         ingress:
           ingressClassName: {{ .Values.geonode.ingress.ingressClassName }}
 {{ end }}
+
+
+{{ end }}
diff --git a/charts/geonode/values.yaml b/charts/geonode/values.yaml
@@ -50,11 +50,7 @@ geonode:
     ingressClassName:
     # -- adds ingress annotations for nginx ingress class to increase uploadsize and timeout time
     addNginxIngressAnnotation: false
-    # -- external ingress schema. if set to https ingress tls is used. Loading tls certificate via tls-secret options Available options: (http|https)
-    externalScheme: http
-    # -- external ingress hostname 
-    externalDomain: geonode
-    # -- tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.ingress.externalScheme is set to https
+    # -- tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.general.externalScheme is set to 'https'
     tlsSecret: geonode-tls-secret
 
   acme:
@@ -113,6 +109,12 @@ geonode:
     cheaper_busyness_backlog_step: 2
 
   general:
+    # -- external ingress schema. If set to 'https', make sure to configure TLS either by 
+    # configuring tls certificate or using cert-manager. Available options: (http|https)
+    externalScheme: http
+    # -- external ingress hostname 
+    externalDomain: geonode
+
     # -- max upload document size in MB
     max_document_size: 10
     # -- to describe

diff --git a/docs/https-ingress.md b/docs/https-ingress.md
@@ -1,11 +1,11 @@
 HTTPS Ingress
 -------------
 
-To enable https for the given configuration: geonode.ingress.externalDomain in values.yaml. Set the externalScheme to "https" and define a secret which has to be
+To enable https for the given configuration: geonode.general.externalDomain in values.yaml. Set the externalScheme to "https" and define a secret which has to be
 in the same namespace as the geonode installation.
 
 ```
-geonode.ingress.externalScheme: https
+geonode.general.externalScheme: https
 geonode.ingress.tlsSecret: geonode-tls-secret
 ```
 

diff --git a/minikube-values-external-db.yaml b/minikube-values-external-db.yaml
@@ -7,15 +7,14 @@ geonode:
   general:
     debug: True
     debug_static: True
+    externalScheme: http
+    externalDomain: geonode
 
   persistant:
     storageSize: 2Gi
 
   ingress:
     enabled: False
-    externalScheme: http
-    externalDomain: geonode
-    externalPort: 80
 
   superUser:
     password: geonode

diff --git a/minikube-values.yaml b/minikube-values.yaml
@@ -7,14 +7,14 @@ geonode:
   general:
     debug: True
     debug_static: True
+    externalScheme: http
+    externalDomain: geonode
 
   persistant:
     storageSize: 2Gi
 
   ingress:
     enabled: False
-    externalScheme: http
-    externalDomain: geonode
 
   superUser:
     password: geonode