Skip to main content

ADR 025: Geo Server Cloud

Date: 2026-01-15

Status: Reviewed

Decision Makers: TODO

Context

Classic GeoServer is shipped and operated largely as a monolith, which creates deployment challenges in Kubernetes (e.g., harder scaling, high resource consumption, operational complexity). Therefore, GeoServer Cloud should be evaluated because it is designed to be cloud-native.

At the same time,CIVITAS V2 must stay as close as possible to the CIVITAS V1 behavior and integrations. The main challenge is the set of GeoServer extensions used in V1: this ADR focuses on whether these extensions are compatible with GeoServer Cloud and, if not, whether they are still required in V2 or can be replaced.

Checked architecture principles

  • [partial] Model-centric data flow
    • Not sure, about that
  • [full] Distributed architecture with unified user experience
  • [full] Modular design
  • [full] Integration capability through defined interfaces
  • [full] Open source as the default
  • [full] Cloud-native architecture
  • [full] Prefer standard solutions over custom development
  • [full] Self-contained deployment
  • [full] Technological consistency to ensure maintainability
  • [partial] Multi-tenancy
    • Would a Workspace-per-tenant setup work? But I guess same in classic Geo Server
  • [full] Security by design

Decision

We use Geo Server Cloud for CCV2.

Consequences

Geo Server Cloud must be deployed according to documentation. Ther might be a ready to use Helmchart. If not trustworthy, a custom Helmchart could be created for sure.

Extension compatibility (V1 → V2)

importer-plugin: supported; low relevance.

metadata-plugin / csw-iso-plugin: obsolete because metadata is managed by the portal in V2.

web-resource-plugin: covered via “Resource Browser Tool” supported Resource Browser Tool; low relevance.

cog-s3-plugin: COG is supported, but S3 specifics unclear → requires validation; COG remains important for large raster use cases.

sec-keycloak-plugin not supported → use gateway-based auth (prefer APISIX) and optional authorization with GeoServer ACL. Fallback option mentioned in GeoServer Cloud docs: georchestra-gateway.

Alternatives

  • <Alternative A>: Stay with classic Geo Server

See also

<link to external resource that are helpful or relevant for this ADR e.g.:>