A K8S based solution to build and operate Geospatial Platforms
Caution
The Dowker swarm version is no more supported. The latest available version supporting Docker Swarm is the v0.18.0.
Chart releases are now automated via the manage_release GitHub Actions pipeline. The pipeline is triggered automatically on every push to master that touches files in charts/**, or manually via workflow_dispatch.
For each modified chart, the pipeline automatically decides between a production release and a dev release:
- Tag
$CHART-$VERSIONabsent → new version → production release (Harbor OCI:version+ S3 backup + git tag) - Tag
$CHART-$VERSIONpresent → version unchanged → dev release (Harbor OCI:0.0.0-dev+ S3 backup, no git tag)
Go to Actions → manage_release → Run workflow and fill in the inputs:
- Chart(s): space-separated list of charts to release (eg.
geokoder trakkar). Leave empty for automatic detection based on git diff. - Force dev release: check this box to force a
0.0.0-devrelease even if the tag does not exist yet.
- Update the chart version in
charts/$CHART/Chart.yaml - Push your changes to
master - The pipeline triggers automatically and publishes the chart to Harbor OCI and S3
Note
The pipeline ensures only one release runs at a time to avoid conflicts on the S3 index.yaml.
If you try to release manually using release-chart.sh after a push, you may get an error indicating the chart already exists on Harbor, this means the CI already published it.
The chart management scripts (release-dev-chart.sh and release-chart.sh) both require :
- a valid
rcloneconfiguration, ie. containing a remote/alias namedkalisio_chartspointing on the object storage bucket path where we backup our charts. - an
helmcommand able to push on our OCI-based registry, ie. you need to usehelm registry login harbor.portal.kalisio.com/kalisioand enter the required credentials.
Use the ./scripts/release-dev-chart.sh. It takes a single parameter, the chart to release. If no parameter is given, it'll release all charts.
The script will package the requested chart(s) then push on our OCI registry and on a backup s3 storage.
- Prepare the new chart version, update chart version in $CHART/Chart.yaml
- Push your changes to the central repository
- Use
./scripts/release-chart.sh $CHARTwhere $CHART is the name of the chart to release (mapserver, kano, ...)
The script will package the chart, push on our oci registry and on a backup s3 storage. If everything is ok, it'll make a git tag named $CHART-$VERSION
- kargo specific container images (tileservergl & friends ...)
- use a commit message including
[build app-name tag]
- use a commit message including
- Prefer
-slimimages as base and use multi stage builds to reduce image sizes - Make your docker image run as unpriviliged user
- If it's node based, and using a node image as base, there's a 'node' user (uid 1000) already available
- Copy app's files using COPY --chown node
- Make your command run as 'node' user
- If there's no preinstalled user, create one and use it
- If it's node based, and using a node image as base, there's a 'node' user (uid 1000) already available
- Since it'll run as unpriviliged user, if you need to open ports, make sure they're >= 1024
- Snippet to install packages with apt and clean afterwards:
RUN \
DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get --no-install-recommends --yes install \
openjdk-11-jre-headless \
ca-certificates \
gdal-bin && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
- Snippet to install dependencies with yarn and clean afterwards
RUN \
yarn global add @weacast/grib2json@${GRIB2JSON_TAG} && \
chmod a+x /usr/local/share/.config/yarn/global/node_modules/@weacast/grib2json/bin/grib2json && \
yarn cache clean
- Define appVersion to the docker image tag it's supposed to pull (no latest in defined charts, latest can be specified using values.yaml in infra definition)
- Include configurable resource requests & limits
- Include configurable security context and put sensible defaults in chart's values.yaml
- If it's being deployed on some preprod infra, then chart version should be at least 1.0.0
This project is licensed under the MIT License - see the license file for details
This project is sponsored by
