Kubernetes

hetzner-test-helm-values.yaml

@@ -0,0 +1,82 @@
+# Provide additional config in toml format. Broker and result-backend connection strings are generated by the chart and do not need to be supplied here.
+# customConfig: |
+#   wms-read-timeout = 700
+
+celery:
+  image:
+    repository: repo.heigit.org/heigit/sketch-map-tool
+    tag: main
+
+  # Configuration for the volume that holds the weights
+  persistence:
+    accessModes:
+      - ReadWriteOnce
+    size: 10Gi
+    storageClassName: local-lvm
+
+  resources:
+    limits:
+      cpu: 2000m
+      memory: 24Gi
+    requests:
+      # scheduling of new pod (minimal resource requirement)
+      cpu: 500m
+      memory: 15Gi
+
+flask:
+  image:
+    repository: repo.heigit.org/heigit/sketch-map-tool
+    tag: main
+
+  ingress:
+    # Tell proxy to make flask public
+    enabled: true
+    className: traefik
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - host: smt.heigitk8s.de
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls:
+     - secretName: smt-heigitk8s-de-tls
+       hosts:
+         - smt.heigitk8s.de
+
+  resources:
+    limits:
+      cpu: 400m
+      memory: 2Gi
+    requests:
+      cpu: 200m
+      memory: 1Gi
+
+flower:
+  image:
+    repository: repo.heigit.org/heigit/sketch-map-tool
+    tag: main
+  ingress:
+    enabled: false
+
+  resources:
+    limits:
+      cpu: 200m
+      memory: 1Gi
+    requests:
+      cpu: 100m
+      memory: 512Mi
+
+postgres:
+  nodeSelector:
+    instance.hetzner.cloud/provided-by: cloud
+  storage:
+    requestedSize: 100Gi
+    className: hcloud-volumes
+
+redis:
+  nodeSelector:
+    instance.hetzner.cloud/provided-by: cloud
+  storage:
+    requestedSize: 10Gi
+    className: hcloud-volumes

manifests/.gitignore

@@ -0,0 +1,2 @@
+sketch-map-tool/charts/
+Chart.lock

manifests/sketch-map-tool/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

manifests/sketch-map-tool/Chart.yaml

@@ -0,0 +1,32 @@
+apiVersion: v2
+name: sketch-map-tool
+description: A Helm chart for SketchMapTool
+icon: https://heigit.org/wp-content/uploads/2025/11/SketchMap_Logo.svg
+type: application
+
+sources:
+  - https://github.com/GIScience/sketch-map-tool
+maintainers:
+  - name: HeiGIT
+    url: https://heigit.org/
+
+dependencies:
+  - name: postgres
+    repository: https://groundhog2k.github.io/helm-charts
+    condition: postgres.enabled
+    version: 1.5.12
+  - name: redis
+    repository: https://groundhog2k.github.io/helm-charts
+    condition: redis.enabled
+    version: 2.1.8
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.2.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "2025.11.12"

manifests/sketch-map-tool/README.md

@@ -0,0 +1,16 @@
+# SketchMapTool Helm chart
+## Result-backend database configuration
+SketchMapTool requires a postgres database to run.
+- Default config: A database will be deployed along side SMT with default passwords.
+- Supply your own database: Set `postgres.enabled` to `false`. Provide the connection details of your external postgres host at `postgres.external`.
+
+## Broker cache configuration
+SketchMapTool requires a redis cache to run.
+- Default config: A redis cache will be deployed along side SMT.
+- Supply your own cache: Set `redis.enabled` to `false`. Provide the connection details of your external redis host at `redis.external.connectionString`.
+
+## Generic configuration
+Any additional config options can be supplied in toml format under the `customConfig` key.
+
+## External access
+By default this chart deploys two services to kubernetes, flask and flower. These are not exposed outside the cluster unless you enable either ingress or httpRoute for them, depending on which API your cluster supports. If, for example, you want to expose flask with an ingress you should set `flask.ingress.enabled` to true and configure your ingress with the other options under `flask.ingress`.

manifests/sketch-map-tool/templates/_helpers.tpl

@@ -0,0 +1,122 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sketch-map-tool.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sketch-map-tool.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sketch-map-tool.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "sketch-map-tool.labels" -}}
+helm.sh/chart: {{ include "sketch-map-tool.chart" . }}
+{{ include "sketch-map-tool.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sketch-map-tool.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sketch-map-tool.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "sketch-map-tool.postgresVars" -}}
+- name: SMT_POSTGRES_HOST
+  value: {{ ternary (printf "%s-postgres" .Release.Name) .Values.postgres.external.host .Values.postgres.enabled }}
+{{- with .Values.postgres.external.port }}
+- name: SMT_POSTGRES_PORT
+  value: {{ quote .Values.postgres.external.port }}
+{{- end }}
+- name: SMT_POSTGRES_DBNAME
+  {{- if .Values.postgres.enabled }}
+  {{- if .Values.postgres.userDatabase.name.secretKey }}
+  valueFrom:
+    secretKeyRef:
+      key: {{ .Values.postgres.userDatabase.name.secretKey }}
+      name: {{ .Values.postgres.userDatabase.existingSecret }}
+  {{- else }}
+  value: {{ .Values.postgres.userDatabase.name.value }}
+  {{- end }}
+  {{- else }}
+  value: {{ .Values.postgres.external.database }}
+  {{- end }}
+- name: SMT_POSTGRES_USER
+  {{- if .Values.postgres.enabled }}
+  {{- if .Values.postgres.userDatabase.user.secretKey }}
+  valueFrom:
+  secretKeyRef:
+    key: {{ .Values.postgres.userDatabase.user.secretKey }}
+    name: {{ .Values.postgres.userDatabase.existingSecret }}
+  {{- else }}
+  value: {{ .Values.postgres.userDatabase.user.value }}
+  {{- end }}
+  {{- else }}
+  value: {{ .Values.postgres.external.user }}
+  {{- end }}
+- name: SMT_POSTGRES_PASSWORD
+  {{- if .Values.postgres.enabled }}
+  {{- if .Values.postgres.userDatabase.password.secretKey }}
+  valueFrom:
+  secretKeyRef:
+    key: {{ .Values.postgres.userDatabase.password.secretKey }}
+    name: {{ .Values.postgres.userDatabase.existingSecret }}
+  {{- else }}
+  value: {{ .Values.postgres.userDatabase.password.value }}
+  {{- end }}
+  {{- else }}
+  value: {{ .Values.postgres.external.password }}
+  {{- end }}
+{{- end }}
+
+{{- define "sketch-map-tool.redisVars" -}}
+- name: SMT_REDIS_HOST
+  value: {{ ternary (printf "%s-redis" .Release.Name) .Values.redis.external.host .Values.redis.enabled }}
+{{- with .Values.redis.external.port }}
+- name: SMT_REDIS_PORT
+  value: {{ quote .Values.redis.external.port }}
+{{- end }}
+{{- if not .Values.redis.enabled }}
+{{- with .Values.redis.external.dbNumber }}
+- name: SMT_REDIS_DB_NUMBER
+  value: {{ quote .Values.redis.external.dbNumber }}
+{{- end }}
+{{- with .Values.redis.external.username }}
+- name: SMT_REDIS_USERNAME
+  value: {{ quote .Values.redis.external.username }}
+{{- end }}
+{{- with .Values.redis.external.password }}
+- name: SMT_REDIS_PASSWORD
+  value: {{ quote .Values.redis.external.password }}
+{{- end }}
+{{- end }}
+{{- end }}

manifests/sketch-map-tool/templates/celery/deployment.yaml

@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "sketch-map-tool.fullname" . }}-celery
+  labels:
+    {{- include "sketch-map-tool.labels" . | nindent 4 }}
+    app.kubernetes.io/component: celery
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "sketch-map-tool.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: celery
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        {{- include "sketch-map-tool.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: celery
+    spec:
+      initContainers:
+        - name: download-weights
+          image: debian:stable-slim
+          command:
+            - sh
+            - -c
+          args:
+            - "apt-get update && apt-get install -y wget && wget --timestamping --directory-prefix /data/weights {{ .Values.celery.weightsSourceUrl.osm }} {{ .Values.celery.weightsSourceUrl.esri }} {{ .Values.celery.weightsSourceUrl.cls }}"
+          volumeMounts:
+            - name: weights
+              mountPath: /data/weights
+      containers:
+        - name: celery
+          image: "{{ .Values.celery.image.repository }}:{{ .Values.celery.image.tag }}"
+          command:
+            - celery
+            - --app
+            - sketch_map_tool.tasks
+            - worker
+            - --beat
+            - --concurrency
+            - "6"
+            - --loglevel
+            - INFO
+            - -E
+          env:
+            {{- include "sketch-map-tool.postgresVars" . | nindent 12 }}
+            {{- include "sketch-map-tool.redisVars" . | nindent 12 }}
+          {{- with .Values.celery.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: weights
+              mountPath: /app/weights
+          {{- if .Values.customConfig }}
+            - name: config
+              mountPath: /app/config
+          {{- end }}
+      {{- with .Values.celery.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: Always
+      volumes:
+        - name: weights
+          persistentVolumeClaim:
+            claimName: {{ include "sketch-map-tool.fullname" . }}-celery-weights
+        {{- if .Values.customConfig }}
+        - name: config
+          secret:
+            secretName: {{ include "sketch-map-tool.fullname" . }}-custom-config
+        {{- end }}

manifests/sketch-map-tool/templates/celery/persistent-volume-claim.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "sketch-map-tool.fullname" . }}-celery-weights
+  labels:
+    {{- include "sketch-map-tool.labels" . | nindent 4 }}
+    app.kubernetes.io/component: celery
+spec:
+  accessModes:
+  {{- range .Values.celery.persistence.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ .Values.celery.persistence.size | quote }}
+  {{- if .Values.celery.persistence.storageClassName }}
+  storageClassName: {{ .Values.celery.persistence.storageClassName }}
+  {{- end }}

manifests/sketch-map-tool/templates/custom-config.yaml

@@ -0,0 +1,9 @@
+{{- if .Values.customConfig }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "sketch-map-tool.fullname" . }}-custom-config
+stringData:
+  config.toml: |
+    {{- .Values.customConfig | nindent 4 }}
+{{- end }}