feat: add Knative integration for notifications

- Add CloudEvents sink deployment for eoapi-notifier integration
- Configure dynamic secret name for PostgreSQL connection
- Add local development configuration with reduced resources
- Support both CI and local test environments

Author: pantierra

.github/workflows/helm-tests.yml

@@ -25,8 +25,8 @@ jobs:
       - name: Run Helm unit tests
         run: make tests
 
-  integration:
-    name: Integration Tests (K3s)
+  k3s-integration-tests:
+    name: K3s Integration Tests
     if: github.event.pull_request.head.repo.full_name == github.repository
     permissions:
       contents: 'read'
@@ -47,106 +47,85 @@ jobs:
       - name: Set release name
         run: echo "RELEASE_NAME=eoapi-$(echo "${{ github.sha }}" | cut -c1-8)" >> "$GITHUB_ENV"
 
-      - name: Deploy eoAPI
-        id: deploy
-        continue-on-error: true
+      - name: Wait for K3s to be fully ready
         run: |
-          echo "=== Starting eoAPI deployment ==="
-          export RELEASE_NAME="$RELEASE_NAME"
-          export PGO_VERSION="${{ env.PGO_VERSION }}"
-          export GITHUB_SHA="${{ github.sha }}"
-          ./scripts/deploy.sh --ci
+          echo "=== Waiting for K3s to be fully ready ==="
 
-      - name: Check deployment status
-        id: check
-        if: steps.deploy.outcome == 'success'
-        run: |
-          echo "=== Checking deployment status ==="
-          export RELEASE_NAME="$RELEASE_NAME"
-          ./scripts/test.sh check-deployment --debug
+          # Wait for core K3s components to be ready
+          echo "Waiting for kube-system pods to be ready..."
+          kubectl wait --for=condition=Ready pod -l k8s-app=kube-dns -n kube-system --timeout=300s
+          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=traefik -n kube-system --timeout=300s
 
-      - name: Debug pgstac jobs if deployment failed
-        if: steps.deploy.outcome == 'failure'
-        continue-on-error: true
-        run: |
-          echo "=== Debugging pgstac job failures ==="
-
-          # Check pgstac-migrate job
-          echo "===== pgstac-migrate Job Status ====="
-          kubectl get jobs -l app.kubernetes.io/name=pgstac-migrate -o wide || echo "No pgstac-migrate jobs found"
-
-          MIGRATE_PODS=$(kubectl get pods -l app.kubernetes.io/name=pgstac-migrate -o jsonpath='{.items[*].metadata.name}' 2>/dev/null)
-          if [ -n "$MIGRATE_PODS" ]; then
-            for POD in $MIGRATE_PODS; do
-              echo "--- Logs from migrate pod $POD ---"
-              kubectl logs "$POD" --tail=100 || true
-              echo "--- Description of migrate pod $POD ---"
-              kubectl describe pod "$POD"
-            done
-          fi
-
-          # Check pgstac-load-samples job
-          echo "===== pgstac-load-samples Job Status ====="
-          kubectl get jobs -l app.kubernetes.io/name=pgstac-load-samples -o wide || echo "No pgstac-load-samples jobs found"
-
-          SAMPLES_PODS=$(kubectl get pods -l app.kubernetes.io/name=pgstac-load-samples -o jsonpath='{.items[*].metadata.name}' 2>/dev/null)
-          if [ -n "$SAMPLES_PODS" ]; then
-            for POD in $SAMPLES_PODS; do
-              echo "--- Logs from samples pod $POD ---"
-              kubectl logs "$POD" --tail=100 || true
-              echo "--- Description of samples pod $POD ---"
-              kubectl describe pod "$POD"
-            done
-          fi
+          # Wait for API server to be fully responsive
+          echo "Checking API server responsiveness..."
+          kubectl get nodes
+          kubectl get pods --all-namespaces
 
-          # Check database status
-          echo "===== Database Pod Status ====="
-          kubectl get pods -l postgres-operator.crunchydata.com/cluster -o wide
-          kubectl get postgrescluster -o wide
+          # Give K3s a moment to initialize all CRDs
+          echo "Waiting for K3s initialization to complete..."
+          sleep 10
 
-          # Check ConfigMaps
-          echo "===== Relevant ConfigMaps ====="
-          kubectl get configmaps | grep -E "initdb|pgstac" || echo "No relevant configmaps found"
+          echo "✅ K3s is ready"
 
-          # Check for any related events
-          echo "===== Related Kubernetes Events ====="
-          kubectl get events | grep -E "pgstac|initdb" || echo "No relevant events found"
 
-          # Check notification system status
-          echo "===== Notification System Status ====="
-          kubectl get deployments -l app.kubernetes.io/name=eoapi-notifier -o wide || echo "No eoapi-notifier deployment found"
-          kubectl get ksvc -l app.kubernetes.io/component=cloudevents-sink -o wide || echo "No Knative CloudEvents sink found"
+      - name: Wait for Traefik to be ready
+        run: |
+          echo "=== Waiting for Traefik to be ready ==="
+
+          # Wait for Traefik pods to be ready first
+          echo "Waiting for Traefik controller to be ready..."
+          kubectl wait --for=condition=Ready pod -l app.kubernetes.io/name=traefik -n kube-system --timeout=300s
+
+          # Wait for essential Traefik CRDs to be available
+          echo "Checking for Traefik CRDs..."
+          timeout=300
+          counter=0
+          required_crds=("middlewares.traefik.io" "ingressroutes.traefik.io")
+
+          for crd in "${required_crds[@]}"; do
+            echo "Checking for CRD: $crd"
+            counter=0
+            while [ $counter -lt $timeout ]; do
+              if kubectl get crd "$crd" &>/dev/null; then
+                echo "✅ $crd is available"
+                break
+              fi
+              echo "⏳ Waiting for $crd... ($counter/$timeout)"
+              sleep 3
+              counter=$((counter + 3))
+            done
+
+            if [ $counter -ge $timeout ]; then
+              echo "❌ Timeout waiting for $crd"
+              echo "Available Traefik CRDs:"
+              kubectl get crd | grep traefik || echo "No Traefik CRDs found"
+              echo "All CRDs:"
+              kubectl get crd
+              exit 1
+            fi
+          done
+
+          echo "✅ All required Traefik CRDs are ready"
 
-          exit 1
+      - name: Deploy eoAPI
+        id: deploy
+        run: |
+          echo "=== Starting eoAPI deployment ==="
+          export RELEASE_NAME="$RELEASE_NAME"
+          export PGO_VERSION="${{ env.PGO_VERSION }}"
+          export GITHUB_SHA="${{ github.sha }}"
+          ./scripts/deploy.sh --ci
 
       - name: Run integration tests
-        if: steps.deploy.outcome == 'success'
         run: |
           echo "=== Running integration tests ==="
           export RELEASE_NAME="$RELEASE_NAME"
           ./scripts/test.sh integration --debug
 
-      - name: Debug deployment status
-        if: always()
+      - name: Debug failed deployment
+        if: failure()
         run: |
-          echo "=== Final Deployment Status ==="
-          kubectl get pods -o wide
-          kubectl get jobs -o wide
-          kubectl get services -o wide
-          kubectl get ingress
-
-          # Check notification system final status
-          echo "=== Notification System Final Status ==="
-          kubectl get deployments -l app.kubernetes.io/name=eoapi-notifier -o wide || echo "No eoapi-notifier deployment"
-          kubectl get pods -l app.kubernetes.io/name=eoapi-notifier -o wide || echo "No eoapi-notifier pods"
-          kubectl get ksvc -l app.kubernetes.io/component=cloudevents-sink -o wide || echo "No Knative CloudEvents sink"
-          kubectl get pods -l serving.knative.dev/service -o wide || echo "No Knative CloudEvents sink pods"
-
-          # Show notification logs if they exist
-          echo "=== eoapi-notifier Logs ==="
-          kubectl logs -l app.kubernetes.io/name=eoapi-notifier --tail=20 || echo "No eoapi-notifier logs"
-          echo "=== Knative CloudEvents Sink Logs ==="
-          kubectl logs -l serving.knative.dev/service --tail=20 || echo "No Knative CloudEvents sink logs"
+          ./scripts/debug-deployment.sh
 
 
       - name: Cleanup

.gitignore

@@ -5,3 +5,5 @@ charts/config.yaml
 charts/eoapi/charts/*.tgz
 config_ingress.yaml
 __pycache__
+
+CLAUDE.md

CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- Added knative in CI to test eoapi-notifier.
+
 ## [0.7.12] - 2025-10-17
 
 - Bumped eoapi-notifier dependency version to 0.0.7

charts/eoapi/Chart.yaml

@@ -54,6 +54,10 @@ dependencies:
     repository: "https://devseed.com/eoapi-k8s/"
     condition: postgrescluster.enabled
   - name: eoapi-notifier
-    version: 0.0.7
+    version: 0.0.8
     repository: "oci://ghcr.io/developmentseed/charts"
     condition: eoapi-notifier.enabled
+  - name: knative-operator
+    version: 1.19.4
+    repository: https://knative.github.io/operator
+    condition: knative.enabled

charts/eoapi/templates/cloudevents-sink.yaml

@@ -0,0 +1,45 @@
+{{- $hasCloudEventsOutput := false }}
+{{- range (index .Values "eoapi-notifier").outputs }}
+{{- if eq .type "cloudevents" }}
+{{- $hasCloudEventsOutput = true }}
+{{- end }}
+{{- end }}
+{{- if and (index .Values "eoapi-notifier").enabled .Values.knative.enabled .Values.knative.cloudEventsSink.enabled $hasCloudEventsOutput }}
+---
+apiVersion: serving.knative.dev/v1
+kind: Service
+metadata:
+  name: eoapi-cloudevents-sink
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "eoapi.labels" . | nindent 4 }}
+    app.kubernetes.io/component: cloudevents-sink
+  annotations:
+    helm.sh/hook: "post-install,post-upgrade"
+    helm.sh/hook-weight: "10"
+    helm.sh/hook-delete-policy: "before-hook-creation"
+spec:
+  template:
+    metadata:
+      annotations:
+        autoscaling.knative.dev/minScale: "1"
+        autoscaling.knative.dev/maxScale: "1"
+      labels:
+        {{- include "eoapi.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: cloudevents-sink
+    spec:
+      containers:
+      - name: cloudevents-sink
+        image: {{ .Values.knative.cloudEventsSink.image }}
+        ports:
+        - containerPort: 8080
+        env:
+        - name: TARGET
+          value: "CloudEvents Sink"
+        - name: PORT
+          value: "8080"
+        - name: LOG_LEVEL
+          value: "info"
+        resources:
+          {{- toYaml .Values.knative.cloudEventsSink.resources | nindent 10 }}
+{{- end }}

charts/eoapi/templates/knative-init.yaml

@@ -0,0 +1,92 @@
+{{- if .Values.knative.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-knative-init
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "eoapi.labels" . | nindent 4 }}
+    app.kubernetes.io/component: knative-init
+  annotations:
+    helm.sh/hook: "post-install,post-upgrade"
+    helm.sh/hook-weight: "1"
+    helm.sh/hook-delete-policy: "before-hook-creation,hook-succeeded"
+spec:
+  template:
+    metadata:
+      name: {{ .Release.Name }}-knative-init
+      labels:
+        {{- include "eoapi.labels" . | nindent 8 }}
+        app.kubernetes.io/component: knative-init
+    spec:
+      restartPolicy: Never
+      serviceAccountName: {{ include "eoapi.serviceAccountName" . }}
+      containers:
+      - name: knative-init
+        image: bitnami/kubectl:latest
+        imagePullPolicy: IfNotPresent
+        command:
+        - /bin/bash
+        - -c
+        - |
+          set -e
+          echo "=== Knative Initialization ==="
+
+          # Wait for knative-operator to be ready
+          echo "Waiting for knative-operator..."
+          kubectl rollout status deployment/knative-operator -n default --timeout={{ .Values.knative.initTimeout | default "600s" }}
+
+          # Create namespaces
+          kubectl create namespace knative-serving --dry-run=client -o yaml | kubectl apply -f -
+          kubectl create namespace knative-eventing --dry-run=client -o yaml | kubectl apply -f -
+
+          # Create KnativeServing
+          cat <<EOF | kubectl apply -f -
+          apiVersion: operator.knative.dev/v1beta1
+          kind: KnativeServing
+          metadata:
+            name: knative-serving
+            namespace: knative-serving
+          spec:
+            version: {{ .Values.knative.version | quote }}
+          EOF
+
+          if [ $? -eq 0 ]; then
+            echo "✅ KnativeServing created successfully"
+          else
+            echo "❌ Failed to create KnativeServing. Checking operator status..."
+            kubectl get pods -n default -l name=knative-operator
+            exit 1
+          fi
+
+          # Create KnativeEventing
+          cat <<EOF | kubectl apply -f -
+          apiVersion: operator.knative.dev/v1beta1
+          kind: KnativeEventing
+          metadata:
+            name: knative-eventing
+            namespace: knative-eventing
+          spec:
+            version: {{ .Values.knative.version | quote }}
+          EOF
+
+          if [ $? -eq 0 ]; then
+            echo "✅ KnativeEventing created successfully"
+          else
+            echo "❌ Failed to create KnativeEventing. Checking operator status..."
+            kubectl get pods -n default -l name=knative-operator
+            exit 1
+          fi
+
+          echo "✅ Knative CRs created. Operator will install CRDs."
+
+        resources:
+          requests:
+            cpu: 25m
+            memory: 32Mi
+          limits:
+            cpu: 50m
+            memory: 64Mi
+  backoffLimit: 3
+  activeDeadlineSeconds: 600
+{{- end }}

charts/eoapi/templates/services/rbac.yaml

@@ -10,6 +10,44 @@ rules:
   resources: ["jobs"]
   verbs: ["get", "list", "watch"]
 ---
+{{- if .Values.knative.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: eoapi-cluster-role-{{ $.Release.Name }}
+  labels:
+    app: eoapi-{{ $.Release.Name }}
+rules:
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["pods", "namespaces"]
+  verbs: ["get", "list", "create"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  verbs: ["get", "list"]
+- apiGroups: ["operator.knative.dev"]
+  resources: ["knativeservings", "knativeeventings"]
+  verbs: ["get", "list", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: eoapi-cluster-rolebinding-{{ $.Release.Name }}
+  labels:
+    app: eoapi-{{ $.Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "eoapi.serviceAccountName" . }}
+  namespace: {{ $.Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: eoapi-cluster-role-{{ $.Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
+---
+{{- end }}
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata: