diff --git a/charts/geonode/README.md b/charts/geonode/README.md index c557639..9edca1b 100644 --- a/charts/geonode/README.md +++ b/charts/geonode/README.md @@ -1,15 +1,21 @@ -[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/geonode-k8s)](https://artifacthub.io/packages/search?repo=geonode-k8s) # geonode-k8s ![Version: 4.1.0](https://img.shields.io/badge/Version-4.1.0-informational?style=flat-square) -Helm Chart for Geonode +Helm Chart for Geonode a web-based application and platform for developing geospatial information systems (GIS) and for deploying spatial data infrastructures (SDI) -**Homepage:** +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| mwallschlaeger | | | ## Source Code * +* ## Requirements @@ -42,6 +48,8 @@ Helm Chart for Geonode | geonode.general.display.rating | bool | `true` | DISPLAY_RATINGS If set to False ratings are hidden. | | geonode.general.display.social | bool | `true` | DISPLAY_SOCIAL If set to False social sharing is hidden. | | geonode.general.display.wms_link | bool | `true` | DISPLAY_WMS_LINKS If set to False direct WMS link to GeoServer is hidden. | +| geonode.general.externalDomain | string | `"geonode"` | external ingress hostname | +| geonode.general.externalScheme | string | `"http"` | external ingress schema. If set to 'https', make sure to configure TLS either by configuring tls certificate or using cert-manager. Available options: (http|https) | | geonode.general.freetext_keywords_readonly | bool | `false` | FREETEXT_KEYWORDS_READONLY Make Free-Text Keywords writable from users. Or read-only when set to False. | | geonode.general.max_document_size | int | `10` | max upload document size in MB | | geonode.general.ogc_request_backoff_factor | float | `0.3` | OGC_REQUEST_BACKOFF_FACTOR | @@ -63,10 +71,8 @@ Helm Chart for Geonode | geonode.image.tag | string | `"4.1.x"` | tag of used geonode image | | geonode.ingress.addNginxIngressAnnotation | bool | `false` | adds ingress annotations for nginx ingress class to increase uploadsize and timeout time | | geonode.ingress.enabled | bool | `true` | enables external access | -| geonode.ingress.externalDomain | string | `"geonode"` | external ingress hostname | -| geonode.ingress.externalScheme | string | `"http"` | external ingress schema. if set to https ingress tls is used. Loading tls certificate via tls-secret options Available options: (http|https) | | geonode.ingress.ingressClassName | string | `nil` | define kubernetes ingress class for geonode ingress | -| geonode.ingress.tlsSecret | string | `"geonode-tls-secret"` | tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.ingress.externalScheme is set to https | +| geonode.ingress.tlsSecret | string | `"geonode-tls-secret"` | tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.general.externalScheme is set to 'https' | | geonode.ldap.always_update_user | bool | `true` | always update local user database from ldap | | geonode.ldap.attr_map_email_addr | string | `"mailPrimaryAddress"` | email attribute used from ldap | | geonode.ldap.attr_map_first_name | string | `"givenName"` | given name attribute used from ldap | diff --git a/charts/geonode/templates/_helpers.tpl b/charts/geonode/templates/_helpers.tpl index 53bfb26..e2c9e3d 100644 --- a/charts/geonode/templates/_helpers.tpl +++ b/charts/geonode/templates/_helpers.tpl @@ -78,7 +78,7 @@ amqp://{{ .Values.rabbitmq.auth.username }}:{{ .Values.rabbitmq.auth.password }} {{- end -}} {{- define "public_url" -}} -{{ .Values.geonode.ingress.externalScheme }}://{{ .Values.geonode.ingress.externalDomain }} +{{ .Values.geonode.general.externalScheme }}://{{ .Values.geonode.general.externalDomain }} {{- end -}} # function diff --git a/charts/geonode/templates/geonode/geonode-env.yaml b/charts/geonode/templates/geonode/geonode-env.yaml index e0bd452..e736c99 100644 --- a/charts/geonode/templates/geonode/geonode-env.yaml +++ b/charts/geonode/templates/geonode/geonode-env.yaml @@ -34,7 +34,7 @@ data: CACHE_BUSTING_MEDIA_ENABLED: 'False' GEONODE_INSTANCE_NAME: {{ .Release.Name }} - GEONODE_LB_HOST_IP: {{ .Values.geonode.ingress.externalDomain | quote }} + GEONODE_LB_HOST_IP: {{ .Values.geonode.general.externalDomain | quote }} GEONODE_DB_CONN_MAX_AGE: '0' GEONODE_DB_CONN_TOUT: '5' @@ -43,8 +43,8 @@ data: # DJANGO SITE CONF SITEURL: "{{ include "public_url" . }}/" - SITE_HOST_SCHEMA: {{ .Values.geonode.ingress.externalScheme | quote }} - ALLOWED_HOSTS: "['django', '*', '{{ .Values.geonode.ingress.externalDomain }}']" + SITE_HOST_SCHEMA: {{ .Values.geonode.general.externalScheme | quote }} + ALLOWED_HOSTS: "['django', '*', '{{ .Values.geonode.general.externalDomain }}']" PROXY_ALLOWED_HOSTS: 'localhost,django,geonode,geoserver,spatialreference.org,nominatim.openstreetmap.org,dev.openlayers.org' # Admin Settings @@ -178,7 +178,7 @@ data: # GEOSERVER CONFIGURATION # GEOSERVER_WEB_UI_LOCATION: "{{ include "public_url" . }}/geoserver/" GEOSERVER_PUBLIC_LOCATION: "{{ include "public_url" . }}/geoserver/" - GEOSERVER_PUBLIC_SCHEMA: {{ .Values.geonode.ingress.externalScheme | quote }} + GEOSERVER_PUBLIC_SCHEMA: {{ .Values.geonode.general.externalScheme | quote }} GEOSERVER_LOCATION: "http://{{ include "geoserver_pod_name" . }}:{{ .Values.geoserver.port }}/geoserver/" GEOSERVER_ADMIN_USER: {{ .Values.geoserver.admin_username | quote }} GEOSERVER_ADMIN_PASSWORD: {{ .Values.geoserver.admin_password | quote }} diff --git a/charts/geonode/templates/geoserver/geoserver-env.yaml b/charts/geonode/templates/geoserver/geoserver-env.yaml index 036aac1..fd2ffc1 100644 --- a/charts/geonode/templates/geoserver/geoserver-env.yaml +++ b/charts/geonode/templates/geoserver/geoserver-env.yaml @@ -4,7 +4,7 @@ metadata: name: {{ include "geoserver_pod_name" . }}-env namespace: {{ .Release.Namespace }} data: - GEONODE_LB_HOST_IP: {{ .Values.geonode.ingress.externalDomain | quote }} + GEONODE_LB_HOST_IP: {{ .Values.geonode.general.externalDomain | quote }} GEONODE_HOST_IP: localhost DJANGO_URL: http://{{ include "geonode_pod_name" .}}/ diff --git a/charts/geonode/templates/nginx/nginx-conf.yaml b/charts/geonode/templates/nginx/nginx-conf.yaml index 4bc9ae8..5fa7294 100644 --- a/charts/geonode/templates/nginx/nginx-conf.yaml +++ b/charts/geonode/templates/nginx/nginx-conf.yaml @@ -137,7 +137,7 @@ data: # FIXME: Work around /proxy sometimes using a mix of public/internal URL to geonode... rewrite_log on; - #rewrite ^/proxy/(.*)url=http?://{{ .Values.geonode.ingress.externalDomain }}(:\d+)?/geoserver(.*) /proxy/$1url=http://geoserver:{{ .Values.geoserver.port }}$3 last; + #rewrite ^/proxy/(.*)url=http?://{{ .Values.geonode.general.externalDomain }}(:\d+)?/geoserver(.*) /proxy/$1url=http://geoserver:{{ .Values.geoserver.port }}$3 last; if ($request_method = OPTIONS) { add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, OPTIONS"; diff --git a/charts/geonode/templates/nginx/nginx-deploy.yaml b/charts/geonode/templates/nginx/nginx-deploy.yaml index bccd12a..be10711 100644 --- a/charts/geonode/templates/nginx/nginx-deploy.yaml +++ b/charts/geonode/templates/nginx/nginx-deploy.yaml @@ -23,7 +23,7 @@ spec: image: "{{ .Values.nginx.image.name }}:{{ .Values.nginx.image.tag }}" ports: - {{- if (eq .Values.geonode.ingress.externalScheme "https" )}} + {{- if (eq .Values.geonode.general.externalScheme "https" )}} - containerPort: 443 name: https {{- else }} diff --git a/charts/geonode/templates/nginx/nginx-ingress.yaml b/charts/geonode/templates/nginx/nginx-ingress.yaml index 641c3bb..c55fed9 100644 --- a/charts/geonode/templates/nginx/nginx-ingress.yaml +++ b/charts/geonode/templates/nginx/nginx-ingress.yaml @@ -1,3 +1,6 @@ + +{{if (eq .Values.geonode.ingress.enabled true) }} + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -16,14 +19,14 @@ metadata: {{ end }} spec: ingressClassName: {{ .Values.geonode.ingress.ingressClassName }} - {{ if (eq .Values.geonode.ingress.externalScheme "https") }} + {{ if (eq .Values.geonode.general.externalScheme "https") }} tls: - hosts: - - {{ .Values.geonode.ingress.externalDomain }} + - {{ .Values.geonode.general.externalDomain }} secretName: {{ .Values.geonode.ingress.tlsSecret }} {{ end }} rules: - - host: {{ .Values.geonode.ingress.externalDomain }} + - host: {{ .Values.geonode.general.externalDomain }} http: paths: - pathType: Prefix @@ -52,8 +55,11 @@ spec: solvers: - selector: dnsNames: - - {{ .Values.geonode.ingress.externalDomain }} + - {{ .Values.geonode.general.externalDomain }} http01: ingress: ingressClassName: {{ .Values.geonode.ingress.ingressClassName }} {{ end }} + + +{{ end }} \ No newline at end of file diff --git a/charts/geonode/values.yaml b/charts/geonode/values.yaml index ee1b772..c14699f 100644 --- a/charts/geonode/values.yaml +++ b/charts/geonode/values.yaml @@ -50,11 +50,7 @@ geonode: ingressClassName: # -- adds ingress annotations for nginx ingress class to increase uploadsize and timeout time addNginxIngressAnnotation: false - # -- external ingress schema. if set to https ingress tls is used. Loading tls certificate via tls-secret options Available options: (http|https) - externalScheme: http - # -- external ingress hostname - externalDomain: geonode - # -- tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.ingress.externalScheme is set to https + # -- tls certificate for geonode ingress https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/ (for the use of cert-manager, configure the acme section properly). is used when geonode.general.externalScheme is set to 'https' tlsSecret: geonode-tls-secret acme: @@ -113,6 +109,12 @@ geonode: cheaper_busyness_backlog_step: 2 general: + # -- external ingress schema. If set to 'https', make sure to configure TLS either by + # configuring tls certificate or using cert-manager. Available options: (http|https) + externalScheme: http + # -- external ingress hostname + externalDomain: geonode + # -- max upload document size in MB max_document_size: 10 # -- to describe diff --git a/docs/https-ingress.md b/docs/https-ingress.md index 75fa3c1..99ff9e6 100644 --- a/docs/https-ingress.md +++ b/docs/https-ingress.md @@ -1,11 +1,11 @@ HTTPS Ingress ------------- -To enable https for the given configuration: geonode.ingress.externalDomain in values.yaml. Set the externalScheme to "https" and define a secret which has to be +To enable https for the given configuration: geonode.general.externalDomain in values.yaml. Set the externalScheme to "https" and define a secret which has to be in the same namespace as the geonode installation. ``` -geonode.ingress.externalScheme: https +geonode.general.externalScheme: https geonode.ingress.tlsSecret: geonode-tls-secret ``` diff --git a/minikube-values-external-db.yaml b/minikube-values-external-db.yaml index df0edc1..66f2e68 100644 --- a/minikube-values-external-db.yaml +++ b/minikube-values-external-db.yaml @@ -7,15 +7,14 @@ geonode: general: debug: True debug_static: True + externalScheme: http + externalDomain: geonode persistant: storageSize: 2Gi ingress: enabled: False - externalScheme: http - externalDomain: geonode - externalPort: 80 superUser: password: geonode diff --git a/minikube-values.yaml b/minikube-values.yaml index 798ede4..8ded9c1 100644 --- a/minikube-values.yaml +++ b/minikube-values.yaml @@ -7,14 +7,14 @@ geonode: general: debug: True debug_static: True + externalScheme: http + externalDomain: geonode persistant: storageSize: 2Gi ingress: enabled: False - externalScheme: http - externalDomain: geonode superUser: password: geonode