Adjusted ingress middleware.

Author: pantierra

charts/eoapi/templates/networking/ingress-browser.yaml

@@ -20,10 +20,9 @@ metadata:
     nginx.ingress.kubernetes.io/rewrite-target: /browser/$2
     nginx.ingress.kubernetes.io/use-regex: "true"
     {{- end }}
-    # Temporary annotations for Traefik until uvicorn support real prefix in ASGI: https://github.com/encode/uvicorn/discussions/2490
+    # Traefik configuration - services handle their own root paths
     {{- if eq .Values.ingress.className "traefik" }}
     traefik.ingress.kubernetes.io/router.entrypoints: web
-    traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd
     {{- end }}
 spec:
   {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}

charts/eoapi/templates/networking/ingress-stac.yaml

@@ -0,0 +1,66 @@
+{{- if and .Values.stac.enabled .Values.ingress.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }}
+apiVersion: networking.k8s.io/v1beta1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}-ingress-stac
+  labels:
+    app: {{ .Release.Name }}-ingress-stac
+  annotations:
+    {{- if .Values.ingress.annotations }}
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+    {{- end }}
+    # STAC uses stac-auth-proxy which handles its own path manipulation
+    {{- if eq .Values.ingress.className "traefik" }}
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+    {{- end }}
+    {{- if eq .Values.ingress.className "nginx" }}
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  rules:
+    {{- if .Values.ingress.hosts }}
+    {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ $.Values.stac.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+            backend:
+              service:
+                {{- if index $.Values "stac-auth-proxy" "enabled" }}
+                name: {{ $.Release.Name }}-stac-auth-proxy
+                {{- else }}
+                name: {{ $.Release.Name }}-stac
+                {{- end }}
+                port:
+                  number: {{ $.Values.service.port }}
+    {{- end }}
+    {{- else }}
+    - {{- if .Values.ingress.host }}
+      host: {{ .Values.ingress.host }}
+      {{- end }}
+      http:
+        paths:
+          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
+            path: {{ .Values.stac.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
+            backend:
+              service:
+                {{- if index .Values "stac-auth-proxy" "enabled" }}
+                name: {{ .Release.Name }}-stac-auth-proxy
+                {{- else }}
+                name: {{ .Release.Name }}-stac
+                {{- end }}
+                port:
+                  number: {{ .Values.service.port }}
+    {{- end }}
+{{- end }}

charts/eoapi/templates/networking/ingress.yaml

@@ -19,7 +19,7 @@ metadata:
     {{- if .Values.ingress.annotations }}
 {{ toYaml .Values.ingress.annotations | indent 4 }}
     {{- end }}
-    # Temporary annotations for Traefik until uvicorn support real prefix in ASGI: https://github.com/encode/uvicorn/discussions/2490
+    # Traefik stripPrefix middleware for services that need path stripping (excludes STAC)
     {{- if eq .Values.ingress.className "traefik" }}
     traefik.ingress.kubernetes.io/router.entrypoints: web
     traefik.ingress.kubernetes.io/router.middlewares: {{ $.Release.Namespace }}-{{ $.Release.Name }}-strip-prefix-middleware@kubernetescrd
@@ -44,19 +44,7 @@ spec:
                   number: {{ $.Values.service.port }}
           {{- end }}
 
-          {{- if and $.Values.stac.enabled (or (not (hasKey $.Values.stac "ingress")) $.Values.stac.ingress.enabled) }}
-          - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ $.Values.stac.ingress.path }}{{ if eq $.Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
-            backend:
-              service:
-                {{- if index $.Values "stac-auth-proxy" "enabled" }}
-                name: {{ $.Release.Name }}-stac-auth-proxy
-                {{- else }}
-                name: {{ $.Release.Name }}-stac
-                {{- end }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
+
 
           {{- if and $.Values.vector.enabled (or (not (hasKey $.Values.vector "ingress")) $.Values.vector.ingress.enabled) }}
           - pathType: {{ if eq $.Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
@@ -114,19 +102,7 @@ spec:
                   number: {{ .Values.service.port }}
           {{- end }}
 
-          {{- if and .Values.stac.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }}
-          - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}
-            path: {{ .Values.stac.ingress.path }}{{ if eq .Values.ingress.className "nginx" }}(/|$)(.*){{ end }}
-            backend:
-              service:
-                {{- if index .Values "stac-auth-proxy" "enabled" }}
-                name: {{ .Release.Name }}-stac-auth-proxy
-                {{- else }}
-                name: {{ .Release.Name }}-stac
-                {{- end }}
-                port:
-                  number: {{ .Values.service.port }}
-          {{- end }}
+
 
           {{- if and .Values.vector.enabled (or (not (hasKey .Values.vector "ingress")) .Values.vector.ingress.enabled) }}
           - pathType: {{ if eq .Values.ingress.className "nginx" }}ImplementationSpecific{{ else }}Prefix{{ end }}

charts/eoapi/templates/networking/traefik-middleware.yaml

@@ -1,5 +1,5 @@
 {{- if and .Values.ingress.enabled (eq .Values.ingress.className "traefik") }}
-apiVersion: traefik.io/v1alpha1
+apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
   name: {{ .Release.Name }}-strip-prefix-middleware

charts/eoapi/tests/ingress_tests.yaml

@@ -1,6 +1,6 @@
 suite: unified ingress tests
 templates:
-  - templates/services/ingress.yaml
+  - templates/networking/ingress.yaml
 tests:
   - it: "vector ingress with nginx controller"
     set:
@@ -56,7 +56,7 @@ tests:
           path: metadata.annotations
           value:
             traefik.ingress.kubernetes.io/router.entrypoints: web
-            traefik.ingress.kubernetes.io/router.middlewares: NAMESPACE-RELEASE-NAME-strip-prefix-middleware@kubernetescrd
+            traefik.ingress.kubernetes.io/router.middlewares: RELEASE-NAME-strip-prefix-middleware@kubernetescrd
       - equal:
           path: spec.ingressClassName
           value: "traefik"
@@ -150,7 +150,7 @@ tests:
           path: metadata.annotations
           value:
             traefik.ingress.kubernetes.io/router.entrypoints: web
-            traefik.ingress.kubernetes.io/router.middlewares: NAMESPACE-RELEASE-NAME-strip-prefix-middleware@kubernetescrd
+            traefik.ingress.kubernetes.io/router.middlewares: RELEASE-NAME-strip-prefix-middleware@kubernetescrd
 
   - it: "multiple hosts with nginx controller"
     set:

charts/eoapi/tests/stac-auth-proxy-ingress_test.yaml

@@ -1,6 +1,6 @@
 suite: test stac-auth-proxy ingress routing
 templates:
-  - networking/ingress.yaml
+  - networking/ingress-stac.yaml
 
 tests:
   - it: should route ingress to stac-auth-proxy when enabled
@@ -23,7 +23,7 @@ tests:
                 name: RELEASE-NAME-stac-auth-proxy
                 port:
                   number: 8080
-        template: networking/ingress.yaml
+        template: networking/ingress-stac.yaml
 
   - it: should route ingress directly to stac when auth-proxy is disabled
     set:
@@ -45,20 +45,17 @@ tests:
                 name: RELEASE-NAME-stac
                 port:
                   number: 8080
-        template: networking/ingress.yaml
+        template: networking/ingress-stac.yaml
 
-  - it: should not create stac routes when stac is disabled
+  - it: should not create stac ingress when stac is disabled
     set:
       ingress.enabled: true
       stac.enabled: false
       stac-auth-proxy.enabled: true
     asserts:
-      - notContains:
-          path: spec.rules[0].http.paths
-          any: true
-          content:
-            path: /stac(/|$)(.*)
-        template: networking/ingress.yaml
+      - hasDocuments:
+          count: 0
+        template: networking/ingress-stac.yaml
 
   - it: should route correctly with experimental profile
     values:
@@ -76,4 +73,4 @@ tests:
                 name: RELEASE-NAME-stac-auth-proxy
                 port:
                   number: 8080
-        template: networking/ingress.yaml
+        template: networking/ingress-stac.yaml