Added initContainers to wait for db and it's bootstrap.

Author: pantierra

helm-chart/eoapi/initdb-data/pgstac-setup.py

@@ -1,3 +1,9 @@
+#! /usr/bin/env python3
+
+# This script is used to setup the pgstac database.
+# It is run as a job in the pgstacbootstrap pod.
+# It is important that this script and all of its steps are idempotent.
+
 import os
 import psycopg
 from psycopg import sql

helm-chart/eoapi/templates/pgstacboostrap/job.yaml

@@ -13,6 +13,11 @@ spec:
         app: pgstacbootstrap
     spec:
       restartPolicy: Never
+      initContainers:
+        - name: wait-for-db
+          image: busybox
+          command:
+            ['sh', '-c', 'until nc -z eoapi-pgbouncer 5432; do echo waiting for db; sleep 10; done;']
       containers:
         - name: pgstacbootstrap
           image: {{ .Values.pgstacBootstrap.image.name }}:{{ .Values.pgstacBootstrap.image.tag }}

helm-chart/eoapi/templates/services/deployment.yaml

@@ -29,6 +29,22 @@ spec:
       labels:
         app: {{ $serviceName }}-{{ $.Release.Name }}
     spec:
+      serviceAccountName: {{ $serviceName }}-sa-{{ $.Release.Name }}
+      {{- if eq $serviceName "stac" }}
+      initContainers:
+      - name: wait-for-pgstacbootstrap
+        image: bitnami/kubectl:latest
+        command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Waiting for pgstacbootstrap job to complete..."
+          while ! kubectl -n {{ $.Release.Namespace }} wait --for=condition=complete job/pgstacbootstrap --timeout=5s; do
+            echo "pgstacbootstrap job not completed yet. Checking again in 10 seconds..."
+            sleep 10
+          done
+          echo "pgstacbootstrap job completed successfully"
+      {{- end }}
       containers:
       - image: {{ index $v "image" "name" }}:{{ index $v "image" "tag" }}
         name: {{ $serviceName }}

helm-chart/eoapi/templates/services/rbac.yaml

@@ -0,0 +1,39 @@
+{{- range $serviceName, $v := .Values -}}
+{{- if has $serviceName $.Values.apiServices }}
+{{- if index $v "enabled" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $serviceName }}-sa-{{ $.Release.Name }}
+  labels:
+    app: {{ $serviceName }}-{{ $.Release.Name }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ $serviceName }}-role-{{ $.Release.Name }}
+  labels:
+    app: {{ $serviceName }}-{{ $.Release.Name }}
+rules:
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ $serviceName }}-rolebinding-{{ $.Release.Name }}
+  labels:
+    app: {{ $serviceName }}-{{ $.Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ $serviceName }}-sa-{{ $.Release.Name }}
+  namespace: {{ $.Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ $serviceName }}-role-{{ $.Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}
+{{- end }}