values.yaml

georchestra:
  # Set additional nodeSelector items
  nodeSelector: {}
    # "georchestra": "true"
  webapps:
    # Note: if a secret is needed to fetch the images from a private registry,
    # it can be specified using the "registry_secret" value on each images.
    #
    # If images are publicly available, the parameter should be left commented
    # out.
    #
    # Set replicaCount to "0" to turn off an app for maintenance as discussed
    # in https://github.com/georchestra/helm-georchestra/issues/42.
    # For all the apps, setting a replica count of more than 1 is not supported
    # by the helm chart (cardinality 0..1).
    analytics:
      enabled: false
      replicaCount: "1"
      docker_image: georchestra/analytics:latest
      extra_environment: []
      # registry_secret: default
      service:
        annotations: {}
      tolerations: []
    cas:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/cas:latest
      extra_environment: []
      # registry_secret: default
      service:
        annotations: {}
      tolerations: []
    console:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/console:latest
      extra_environment: []
      lifecycle: {}
      # registry_secret: default
      service:
        annotations: {}
      tolerations: []
    datafeeder:
      enabled: true  # won't deploy if datafeeder_frontend is not enable
      replicaCount: "1"
      docker_image: georchestra/datafeeder:latest
      extra_environment: []
      # - name: SMTPHOST
      #   value: "my_smtp_host"
      # - name: SMTPPORT
      #   value: "25"
      # registry_secret: default
      envsubst:
        enabled: true
      service:
        annotations: {}
      tolerations: []
    datafeeder_frontend:
      # Matches datafeeder/import-xxx.yaml templates in the helm chart
      enabled: true  # won't deploy if datafeeder is not enable
      replicaCount: "1"
      docker_image: georchestra/datafeeder-frontend:latest
      lifecycle: {}
      extra_environment: []
      # registry_secret: default
      service:
        annotations: {}
      tolerations: []
    geonetwork:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/geonetwork:latest
      # the registry secret is only used for the GeoNetwork image
      # registry_secret: default
      jetty_monitoring: false
      extra_environment: []
      # volumes is the deployment-compliant specification of the pod's extra volume
      # It should match with an item from the extra_volumeName.name variable below.
      extra_volumes: []
      # volumeMounts is the deployment-compliant specification of the georchestra-GeoNetwork
      # container extra volume. It should match an item from the extra_volumes.name
      # variable above.
      extra_volumeMounts: []
      tolerations: []
      ogc_api_records:
        enabled: true
        replicaCount: "1"
        image: georchestra/gn-cloud-ogc-api-records-service:4.2.8
        extra_environment: []
        envsubst:
          enabled: true
        service:
          annotations: {}
        tolerations: []
      elasticsearch:
        replicaCount: "1"
        resources:
          limits:
            memory: 5120Mi
          requests:
            memory: 5120Mi
        image: docker.elastic.co/elasticsearch/elasticsearch:7.17.21
        service:
          annotations: {}
        tolerations: []
      kibana:
        replicaCount: "1"
        image: docker.elastic.co/kibana/kibana:7.15.1
        service:
          annotations: {}
        tolerations: []
      # automatically clean some logs of geonetwork
      housekeeping:
        harvester_logs:
          enabled: false
          schedule: "0 1 * * *"
        tolerations: []
      service:
        annotations: {}
    geoserver:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/geoserver:latest
      jetty_monitoring: false
      extra_environment: []
      # volumes is the deployment-compliant specification of the pod's extra volume
      # It should match with an item from the extra_volumeName.name variable below.
      extra_volumes: []
      # volumeMounts is the deployment-compliant specification of the georchestra-GeoNetwork
      # container extra volume. It should match an item from the extra_volumes.name
      # variable above.
      extra_volumeMounts: []
      tolerations: []
      # registry_secret: default
      service:
        annotations: {}
    geowebcache:
      enabled: false
      replicaCount: "1"
      envsubst:
        enabled: true
      docker_image: georchestra/geowebcache:latest
      extra_environment: []
      tolerations: []
      service:
        annotations: {}
    header:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/header:latest
      extra_environment: []
      tolerations: []
      # registry_secret: default
      service:
        annotations: {}
    mapstore:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/mapstore:latest
      # registry_secret: default
      # no need to put the original command already managed
      extra_environment: []
      tolerations: []
      command: []
      args: []
      lifecycle: {}
      service:
        annotations: {}
    openldap:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/ldap:latest
      extraVolumeMounts: []
      #  - name: copy-portal-skins
      #   mountPath: /var/lib/lemonldap-ng/portal/skins
      extraVolumes: []
      #  - name: copy-portal-skins
      #    emptyDir: {}
      extraContainers:
      #  - name: my-sidecar
      #    image: nginx:latest
      # registry_secret: default
      service:
        annotations: {}
      tolerations: []
    proxy:
      enabled: false
      replicaCount: "1"
      docker_image: georchestra/security-proxy:latest
      jetty_monitoring: false
      extra_environment: []
      # registry_secret: default
      envsubst:
        enabled: true
      service:
        annotations: {}
      tolerations: []
    gateway:
      enabled: true
      replicaCount: "1"
      docker_image: georchestra/gateway:latest
      environment:
        JAVA_TOOL_OPTIONS: "-Dgeorchestra.datadir=/etc/georchestra"
      extra_environment: []
      service:
        annotations: {}
      tolerations: []
  datadir:
    volume:
    - name: georchestra-datadir
      emptyDir: {}
    git:
      url: https://github.com/georchestra/datadir.git
      ref: docker-master
      # ssh_secret: my-private-ssh-key
  # Some cloud providers automatically create & assign PVs to PVCs
  # some other need to create a PV first ; if so, then you can
  # uncomment the `pv_name` entries below.
  storage:
    gn4_es:
      # pv_name: gn4_es_data
      size: 2Gi
    geonetwork_datadir:
      # pv_name: geonetwork_datadir
      size: 2Gi
    geoserver_datadir:
      # pv_name: geoserver_datadir
      size: 256Mi
    geoserver_geodata:
      # pv_name: geoserver_geodata
      # works for other storage items
      # storage_class_name: default or "-" for empty storageClassName
      # accessModes:
      # - ReadWriteOnce
      size: 2Gi
    mapstore_datadir:
      # pv_name: mapstore_datadir
      size: 256Mi
    openldap_data:
      # pv_name: openldap_data
      size: 256Mi
    openldap_config:
      # pv_name: openldap_config
      size: 1Mi
    geoserver_tiles:
      # pv_name: geoserver_tiles
      size: 2Gi
    geowebcache_tiles:
      # pv_name: geowebcache_tiles
      size: 5Gi
    # We also might need to specify a custom storageClass
    # Leave it commented if not needed
    # storage_class_name: default or "-" for empty storageClassName
    accessModes:
    - ReadWriteOnce
  smtp_smarthost:
    enabled: true
    # mailname: georchestra-127-0-1-1.traefik.me
    # postmaster: postmaster@georchestra-127-0-1-1.traefik.me
    # relay_host: my-external-smtp
    # relay_port: 25
    # relay_username:  aaaa
    # relay_password:  aaaa
    extra_environment: []

fqdn: "georchestra-127-0-1-1.traefik.me"

ingress:
  enabled: true
  annotations: {}
  # kubernetes.io/ingress.class: nginx
  # kubernetes.io/tls-acme: "true"
  hosts: []
  #  - host: georchestra-127-0-1-1.traefik.me
  tls: []
  # You can import TLS secrets using
  # kubectl create secret tls testsecret --key key.pem --cert cert.pem
  # Then specify the TLS secret name below.
  #  - secretName: testsecret
  #    hosts:
  #      - georchestra-127-0-1-1.traefik.me
  # define a custom incressClassName, like "traefik" or "nginx"
  className: ""

ldap:
  # host: "myldaphost" # uncomment for external host
  port: "389"
  adminPassword: "secret"
  scheme: "ldap"
  baseDn: "dc=georchestra,dc=org"
  usersRdn: "ou=users"
  adminDn: "cn=admin,dc=georchestra,dc=org"
  rolesRdn: "ou=roles"
  orgsRdn: "ou=orgs"
  # By default, a secret is automatically created with the password declared above.
  # You can override this by using an existingSecret declaring some environment variables
  # and that should at least declare the ldap admin password
  # Example of valid secret content (limited to the data part) would be
  # "data": {
  #     "SLAPD_PASSWORD": "mysecretldapadminpasswor_base64encoded"
  # },
  # Optionally, you can also provide the GEORCHESTRA_PRIVILEGED_USER_PASSWORD env var, that will
  # be used to replace the default one on first run, see https://github.com/georchestra/georchestra/blob/master/ldap/docker-root/docker-entrypoint.d/01-populate#L47-L54
  # existingSecret: mysecretldapenvvars

database:
  builtin: true
  image:  # section of parameters for builtin database
    repository: georchestra/database
    tag: latest
  auth:
    database: georchestra
    # If using an existing secret: this one will both be used by the bitnami chart managing the DB
    # and by the georchestra db secret
    # (https://github.com/georchestra/helm-georchestra/blob/main/templates/database/database-georchestra-secret.yaml)
    # that is used by the apps
    # So you must be quite careful. It should follow the pattern from the previsouly mentioned secret
    # and tell the bitnami chart which variable provide the user and password
    # And the `database`, `username` and `ssl` params still have to be defined here and match the ones
    # provided by the secret
    # existingSecret: mysecret
    # secretKeys:
    #   adminPasswordKey: postgresPassword
    #   userPasswordKey: password # This one should stay as it is
#   host: georchestra
    password: georchestra
    postgresPassword: georchestra
    port: "5432"
    ssl: false
    username: georchestra
  primary:  # section of parameters for builtin database
    startupProbe:
      enabled: true
    containerSecurityContext:
      readOnlyRootFilesystem: false
    persistentVolumeClaimRetentionPolicy:
      enabled: true
    extraVolumeMounts:
      - name: "00-initsql"
        mountPath: "/docker-entrypoint-initdb.d/00_init.sql"
        subPath: "00_init.sql"
    extraVolumes:
      - name: "00-initsql"
        configMap:
          name: "{{ .Release.Name }}-database-init"
    initdb:
      username: georchestra
      password: georchestra
  geodata:
    auth:
      database: geodata
      # If using the builtin database, you cannot use an existingSecret configuration: the init script (see above)
      # is only able to use the basic yaml params.
      # If using an existing secret: this one will need to match the pattern followed by
      # https://github.com/georchestra/helm-georchestra/blob/main/templates/database/database-geodata-secret.yaml
      # The other configuration params will not be used.
      # existingSecret: mysecret
      host: geodata
      password: geodata
      port: "5432"
      ssl: false
      username: geodata
  datafeeder:
    auth:
      database: datafeeder
      # If using the builtin database, you cannot use an existingSecret configuration: the init script (see above)
      # is only able to use the basic yaml params.
      # If using an existing secret: this one will need to match the pattern followed by
      # https://github.com/georchestra/helm-georchestra/blob/main/templates/database/database-datafeeder-secret.yaml
      # The other configuration params will not be used.
      # existingSecret: mysecret
      host: datafeeder
      port: "5432"
      ssl: false
      password: datafeeder
      username: datafeeder

rabbitmq:
  enabled: false
  builtin: true
  auth:
    username: georchestra
    password: georchestra
    erlangCookie: georchestra  # needed only for builtin rabbitmq
#   host: rabbitmq
    port: "5672"
#   existingSecret: mysecret
  # if you want to attach any existing PV - don't use this parameter
  # if you just automatically want storage, consult the bitnam helm chart doc
#  storage:
#    pv_name: rabbitmq-data
#    storage_class_name: default
#    size: 1Gi

# Allow to override /etc/hosts for ALL apps
# https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/
hostAliases: []
# - ip: "127.0.0.1"
#   hostnames:
#   - "host.alias.com"