diff --git a/docs/stac-auth-proxy.md b/docs/stac-auth-proxy.md new file mode 100644 index 00000000..f0fd9602 --- /dev/null +++ b/docs/stac-auth-proxy.md @@ -0,0 +1,127 @@ +# STAC Auth Proxy Integration with EOAPI-K8S + +## Solution Overview + +We have implemented support for STAC Auth Proxy integration with EOAPI-K8S through service-specific ingress control. This feature allows the STAC service to be accessible only internally while other services remain externally available. + +## Implementation Details + +### 1. Service-Specific Ingress Control + +Each service can now independently control its ingress settings via the values.yaml configuration: + +```yaml +stac: + enabled: true + ingress: + enabled: false # Disable external ingress for STAC only + +# Other services remain externally accessible +raster: + enabled: true + ingress: + enabled: true +``` + +### 2. Template Changes + +The ingress template now checks service-specific settings: + +```yaml +{{- if and .Values.stac.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }} +- pathType: {{ .Values.ingress.pathType }} + path: /stac{{ .Values.ingress.pathSuffix }} + backend: + service: + name: stac + port: + number: {{ .Values.service.port }} +{{- end }} +``` + +This ensures: +- Service paths are only included if the service and its ingress are enabled +- Backward compatibility is maintained (ingress enabled by default) +- Clean separation of service configurations + +## Deployment Guide + +### 1. Configure EOAPI-K8S + +```yaml +# values.yaml for eoapi-k8s +stac: + enabled: true + ingress: + enabled: false # No external ingress for STAC + +# Other services remain externally accessible +raster: + enabled: true +vector: + enabled: true +multidim: + enabled: true +``` + +### 2. Deploy STAC Auth Proxy + +Deploy the stac-auth-proxy Helm chart in the same namespace: + +```yaml +# values.yaml for stac-auth-proxy +backend: + service: stac # Internal K8s service name + port: 8080 # Service port + +auth: + # Configure authentication settings + provider: oauth2 + # ... other auth settings +``` + +### 3. Network Flow + +```mermaid +graph LR + A[External Request] --> B[STAC Auth Proxy] + B -->|Authentication| C[Internal STAC Service] + D[External Request] -->|Direct Access| E[Raster/Vector/Other Services] +``` + +## Testing + +Verify the configuration: + +```bash +# Check that STAC paths are excluded +helm template eoapi --set stac.ingress.enabled=false,stac.enabled=true -f values.yaml + +# Verify other services remain accessible +kubectl get ingress +kubectl get services +``` + +Expected behavior: +- STAC service accessible only within the cluster +- Other services (raster, vector, etc.) accessible via their ingress paths +- Auth proxy successfully routing authenticated requests to STAC + +## Troubleshooting + +1. **STAC Service Not Accessible Internally** + - Verify service is running: `kubectl get services` + - Check service port matches auth proxy configuration + - Verify network policies allow proxy-to-STAC communication + +2. **Other Services Affected** + - Confirm ingress configuration for other services + - Check ingress controller logs + - Verify service-specific settings in values.yaml + +## Additional Notes + +- The solution leverages Kubernetes service discovery for internal communication +- No changes required to the STAC service itself +- Zero downtime deployment possible +- Existing deployments without auth proxy remain compatible diff --git a/helm-chart/eoapi/.helmignore b/helm-chart/eoapi/.helmignore index faeb926b..682a5c37 100644 --- a/helm-chart/eoapi/.helmignore +++ b/helm-chart/eoapi/.helmignore @@ -22,3 +22,5 @@ *.tmproj .vscode/ tests/ +# Ignore all README.md in all subdirectories +README.md diff --git a/helm-chart/eoapi/templates/services/README.md b/helm-chart/eoapi/templates/services/README.md new file mode 100644 index 00000000..2d8cce11 --- /dev/null +++ b/helm-chart/eoapi/templates/services/README.md @@ -0,0 +1,45 @@ +# Service-Specific Templates + +This directory contains service-specific templates organized to improve readability, maintainability, and flexibility. + +## Directory Structure + +``` +services/ +├── _common.tpl # Limited common helper functions +├── ingress.yaml # Single shared ingress for all services +├── raster/ # Raster service templates +│ ├── deployment.yaml # Deployment definition +│ ├── service.yaml # Service definition +│ ├── configmap.yaml # ConfigMap definition +│ └── hpa.yaml # HorizontalPodAutoscaler definition +├── stac/ # STAC service templates +│ ├── deployment.yaml +│ ├── service.yaml +│ ├── configmap.yaml +│ └── hpa.yaml +├── vector/ # Vector service templates +│ ├── deployment.yaml +│ ├── service.yaml +│ ├── configmap.yaml +│ └── hpa.yaml +└── multidim/ # Multidimensional service templates + ├── deployment.yaml + ├── service.yaml + ├── configmap.yaml + └── hpa.yaml +``` + +## Common Helpers + +The `_common.tpl` file provides limited helper functions for truly common elements: + +- `eoapi.mountServiceSecrets`: For mounting service secrets +- `eoapi.commonEnvVars`: For common environment variables like SERVICE_NAME, RELEASE_NAME, GIT_SHA +- `eoapi.pgstacInitContainers`: For init containers that wait for pgstac jobs + +For database environment variables, we leverage the existing `eoapi.postgresqlEnv` helper from the main `_helpers.tpl` file. + +## Usage + +No changes to `values.yaml` structure were required. The chart maintains full backward compatibility with existing deployments. diff --git a/helm-chart/eoapi/templates/services/_common.tpl b/helm-chart/eoapi/templates/services/_common.tpl new file mode 100644 index 00000000..3c7f5e0d --- /dev/null +++ b/helm-chart/eoapi/templates/services/_common.tpl @@ -0,0 +1,58 @@ +{{/* +Helper function for mounting service secrets +Only extract truly common elements that are mechanical and don't need customization +*/}} +{{- define "eoapi.mountServiceSecrets" -}} +{{- $service := .service -}} +{{- $root := .root -}} +{{- if index $root.Values $service "settings" "envSecrets" }} +{{- range $secret := index $root.Values $service "settings" "envSecrets" }} +- secretRef: + name: {{ $secret }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Helper function for common environment variables +*/}} +{{- define "eoapi.commonEnvVars" -}} +{{- $service := .service -}} +{{- $root := .root -}} +- name: SERVICE_NAME + value: {{ $service | quote }} +- name: RELEASE_NAME + value: {{ $root.Release.Name | quote }} +- name: GIT_SHA + value: {{ $root.Values.gitSha | quote }} +{{- end -}} + +{{/* +Helper function for common init containers to wait for pgstac jobs +*/}} +{{- define "eoapi.pgstacInitContainers" -}} +{{- if .Values.pgstacBootstrap.enabled }} +initContainers: +- name: wait-for-pgstac-jobs + image: bitnami/kubectl:latest + command: + - /bin/sh + - -c + - | + echo "Waiting for pgstac-migrate job to complete..." + until kubectl get job pgstac-migrate -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}' | grep -q "True"; do + echo "pgstac-migrate job not complete yet, waiting..." + sleep 5 + done + echo "pgstac-migrate job completed successfully." + + {{- if .Values.pgstacBootstrap.settings.loadSamples }} + echo "Waiting for pgstac-load-samples job to complete..." + until kubectl get job pgstac-load-samples -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}' | grep -q "True"; do + echo "pgstac-load-samples job not complete yet, waiting..." + sleep 5 + done + echo "pgstac-load-samples job completed successfully." + {{- end }} +{{- end }} +{{- end -}} diff --git a/helm-chart/eoapi/templates/services/configmap.yaml b/helm-chart/eoapi/templates/services/configmap.yaml deleted file mode 100644 index 284d493d..00000000 --- a/helm-chart/eoapi/templates/services/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- range $serviceName, $v := .Values -}} -{{- if has $serviceName $.Values.apiServices }} -{{- if index $v "enabled" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $serviceName }}-envvar-configmap-{{ $.Release.Name }} -data: - {{- range $envKey, $envValue := index $v "settings" "envVars" }} - {{ upper $envKey }}: {{ $envValue | quote }} - {{- end }} ---- -{{/* END: if index $v "enabled" */}} -{{- end }} -{{/* END: if has $serviceName $.Values.apiServices */}} -{{- end }} -{{/* END: range $serviceName, $v := .Values*/}} -{{- end }} diff --git a/helm-chart/eoapi/templates/services/deployment.yaml b/helm-chart/eoapi/templates/services/deployment.yaml deleted file mode 100644 index 47f7c684..00000000 --- a/helm-chart/eoapi/templates/services/deployment.yaml +++ /dev/null @@ -1,142 +0,0 @@ -{{- include "eoapi.validatePostgresql" . }} -{{- range $serviceName, $v := .Values -}} -{{- if has $serviceName $.Values.apiServices }} -{{- if index $v "enabled" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: {{ $serviceName }}-{{ $.Release.Name }} - gitsha: {{ $.Values.gitSha }} - name: {{ $serviceName }}-{{ $.Release.Name }} - {{- if index $v "annotations" }} - annotations: - {{- with index $v "annotations" }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} -spec: - progressDeadlineSeconds: 600 - revisionHistoryLimit: 5 - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 50% - maxUnavailable: 0 - selector: - matchLabels: - app: {{ $serviceName }}-{{ $.Release.Name }} - template: - metadata: - labels: - app: {{ $serviceName }}-{{ $.Release.Name }} - {{- with index $v "settings" "labels" }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if $.Values.pgstacBootstrap.enabled }} - initContainers: - - name: wait-for-pgstac-jobs - image: bitnami/kubectl:latest - command: - - /bin/sh - - -c - - | - echo "Waiting for pgstac-migrate job to complete..." - until kubectl get job pgstac-migrate -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}' | grep -q "True"; do - echo "pgstac-migrate job not complete yet, waiting..." - sleep 5 - done - echo "pgstac-migrate job completed successfully." - - {{- if $.Values.pgstacBootstrap.settings.loadSamples }} - echo "Waiting for pgstac-load-samples job to complete..." - until kubectl get job pgstac-load-samples -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}' | grep -q "True"; do - echo "pgstac-load-samples job not complete yet, waiting..." - sleep 5 - done - echo "pgstac-load-samples job completed successfully." - {{- end }} - {{- end }} - containers: - - image: {{ index $v "image" "name" }}:{{ index $v "image" "tag" }} - name: {{ $serviceName }} - command: - {{- toYaml (index $v "command") | nindent 10 }} - {{- if (and ($.Values.ingress.className) (or (eq $.Values.ingress.className "nginx") (eq $.Values.ingress.className "traefik"))) }} - - "--proxy-headers" # Needed when using reverse proxy - - "--forwarded-allow-ips=*" # Needed when using reverse proxy - - "--root-path=/{{ $serviceName }}" - {{- end }}{{/* needed for proxies and path rewrites on NLB */}} - livenessProbe: - tcpSocket: - port: {{ $.Values.service.port }} - failureThreshold: 3 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - httpGet: - {{- if (eq $serviceName "stac") }} - path: /_mgmt/ping - {{- else }} - path: /healthz - {{- end }} - port: {{ $.Values.service.port }} - failureThreshold: 3 - periodSeconds: 15 - successThreshold: 1 - startupProbe: - httpGet: - {{- if (eq $serviceName "stac") }} - path: /_mgmt/ping - {{- else }} - path: /healthz - {{- end }} - port: {{ $.Values.service.port }} - # check every sec for 1 minute - periodSeconds: 1 - failureThreshold: 60 - successThreshold: 1 - ports: - - containerPort: {{ $.Values.service.port }} - resources: - {{- toYaml (index $v "settings" "resources") | nindent 10 }} - env: - {{- include "eoapi.postgresqlEnv" $ | nindent 12 }} - envFrom: - # NOTE: there's no reason we need to use a `ConfigMap` or `Secret` here to get os env vars into the pod. - # we could just template them out here immediately with `value: $_` but this allows us - # to store them in k8s intermediately and change them and then bounce deploys if needed - - configMapRef: - name: {{ $serviceName }}-envvar-configmap-{{ $.Release.Name }} - {{- if index $v "settings" "envSecrets" }} - {{- range $secret := index $v "settings" "envSecrets" }} - - secretRef: - name: {{ $secret }} - {{- end }} - {{- end }} - {{- with index $v "settings" "extraVolumeMounts" }} - volumeMounts: - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - {{- with index $v "settings" "extraVolumes" }} - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "eoapi.serviceAccountName" $ }} - {{- with index $v "settings" "affinity" }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with index $v "settings" "tolerations" }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} ---- -{{/* END: if index $v "enabled" */}} -{{- end }} -{{/* END: if has $serviceName $.Values.apiServices */}} -{{- end }} -{{/* END: range $serviceName, $v := .Values*/}} -{{- end }} diff --git a/helm-chart/eoapi/templates/services/hpa.yaml b/helm-chart/eoapi/templates/services/hpa.yaml deleted file mode 100644 index db74d1ee..00000000 --- a/helm-chart/eoapi/templates/services/hpa.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- include "eoapi.validateAutoscaleRules" . -}} -{{- range $serviceName, $v := .Values -}} -{{- if has $serviceName $.Values.apiServices }} -{{- if index $v "autoscaling" "enabled" }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: hpa-{{ $serviceName }}-{{ $.Release.Name }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ $serviceName }}-{{ $.Release.Name }} - minReplicas: {{ index $v "autoscaling" "minReplicas" }} - maxReplicas: {{ index $v "autoscaling" "maxReplicas" }} - behavior: - {{- toYaml (index $v "autoscaling" "behavior") | nindent 4 }} - metrics: - {{- if or (eq (index $v "autoscaling" "type") "cpu") (eq (index $v "autoscaling" "type") "both") }} - # NOTE: 'Resource' are default metrics using k8s metrics-server - # SEE: ../../../docs/autoscaling.md - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ index $v "autoscaling" "targets" "cpu" }} - {{- end }} - {{- if or (eq (index $v "autoscaling" "type") "requestRate") (eq (index $v "autoscaling" "type") "both") }} - # NOTE: 'Object' are custom metrics using third-party plugins such as prometheus + prometheus-adapter - # SEE: ../../../docs/autoscaling.md - - type: Object - object: - metric: - name: nginx_ingress_controller_requests_rate_{{ $serviceName }}_{{ $.Release.Name }} - describedObject: - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: nginx-service-ingress-shared-{{ $.Release.Name }} - target: - type: AverageValue - averageValue: {{ index $v "autoscaling" "targets" "requestRate" }} - {{- end }} ---- -{{/* END: if index $v "autoscaling" "enabled" */}} -{{- end }} -{{/* END: if has $serviceName $.Values.apiServices */}} -{{- end }} -{{/* END: range $serviceName, $v := .Values*/}} -{{- end }} diff --git a/helm-chart/eoapi/templates/services/ingress.yaml b/helm-chart/eoapi/templates/services/ingress.yaml index e6c81562..759ebd17 100644 --- a/helm-chart/eoapi/templates/services/ingress.yaml +++ b/helm-chart/eoapi/templates/services/ingress.yaml @@ -8,9 +8,9 @@ apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: - name: service-ingress-shared-{{ .Release.Name }} + name: eoapi-ingress-{{ .Release.Name }} labels: - app: sharedingress + app: eoapi-{{ .Release.Name }} annotations: {{- if .Values.ingress.annotations }} {{ toYaml .Values.ingress.annotations | indent 4 }} @@ -33,25 +33,52 @@ spec: {{- end }} http: paths: - {{- range $serviceName, $v := .Values }} - {{- if has $serviceName $.Values.apiServices }} - {{- if (index $v "enabled") }} - - pathType: {{ $.Values.ingress.pathType | default "Prefix" }} - path: "/{{ $serviceName }}{{ $.Values.ingress.pathSuffix | default "" }}" + {{- if and .Values.raster.enabled (or (not (hasKey .Values.raster "ingress")) .Values.raster.ingress.enabled) }} + - pathType: {{ .Values.ingress.pathType }} + path: /raster{{ .Values.ingress.pathSuffix }} backend: service: - name: {{ $serviceName }} + name: raster port: - number: {{ $.Values.service.port }} + number: {{ .Values.service.port }} {{- end }} + + {{- if and .Values.stac.enabled (or (not (hasKey .Values.stac "ingress")) .Values.stac.ingress.enabled) }} + - pathType: {{ .Values.ingress.pathType }} + path: /stac{{ .Values.ingress.pathSuffix }} + backend: + service: + name: stac + port: + number: {{ .Values.service.port }} {{- end }} + + {{- if and .Values.vector.enabled (or (not (hasKey .Values.vector "ingress")) .Values.vector.ingress.enabled) }} + - pathType: {{ .Values.ingress.pathType }} + path: /vector{{ .Values.ingress.pathSuffix }} + backend: + service: + name: vector + port: + number: {{ .Values.service.port }} + {{- end }} + + {{- if and .Values.multidim.enabled (or (not (hasKey .Values.multidim "ingress")) .Values.multidim.ingress.enabled) }} + - pathType: {{ .Values.ingress.pathType }} + path: /multidim{{ .Values.ingress.pathSuffix }} + backend: + service: + name: multidim + port: + number: {{ .Values.service.port }} {{- end }} - {{- if and (not $.Values.testing) (.Values.docServer.enabled) }} + + {{- if .Values.docServer.enabled }} - pathType: {{ $.Values.ingress.pathType | default "Prefix" }} path: "/{{ $.Values.ingress.rootPath | default "" }}" backend: service: - name: doc-server-{{ $.Release.Name }} + name: eoapi-doc-server port: number: 80 {{- end }} diff --git a/helm-chart/eoapi/templates/services/multidim/configmap.yaml b/helm-chart/eoapi/templates/services/multidim/configmap.yaml new file mode 100644 index 00000000..9e308c0f --- /dev/null +++ b/helm-chart/eoapi/templates/services/multidim/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.multidim.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: multidim-envvar-configmap-{{ .Release.Name }} +data: + {{- range $envKey, $envValue := .Values.multidim.settings.envVars }} + {{ upper $envKey }}: {{ $envValue | quote }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/multidim/deployment.yaml b/helm-chart/eoapi/templates/services/multidim/deployment.yaml new file mode 100644 index 00000000..0cf7ae36 --- /dev/null +++ b/helm-chart/eoapi/templates/services/multidim/deployment.yaml @@ -0,0 +1,98 @@ +{{- if .Values.multidim.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: multidim-{{ .Release.Name }} + gitsha: {{ .Values.gitSha }} + name: multidim-{{ .Release.Name }} + {{- if .Values.multidim.annotations }} + annotations: + {{- with .Values.multidim.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 50% + maxUnavailable: 0 + selector: + matchLabels: + app: multidim-{{ .Release.Name }} + template: + metadata: + labels: + app: multidim-{{ .Release.Name }} + {{- with .Values.multidim.settings.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "eoapi.pgstacInitContainers" . | nindent 6 }} + containers: + - image: {{ .Values.multidim.image.name }}:{{ .Values.multidim.image.tag }} + name: multidim + command: + {{- toYaml .Values.multidim.command | nindent 10 }} + {{- if (and (.Values.ingress.className) (or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik"))) }} + - "--proxy-headers" + - "--forwarded-allow-ips=*" + - "--root-path=/multidim" + {{- end }}{{/* needed for proxies and path rewrites on NLB */}} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + startupProbe: + httpGet: + path: /healthz + port: {{ .Values.service.port }} + # check every sec for 1 minute + periodSeconds: 1 + failureThreshold: 60 + successThreshold: 1 + ports: + - containerPort: {{ .Values.service.port }} + resources: + {{- toYaml .Values.multidim.settings.resources | nindent 10 }} + env: + {{- include "eoapi.postgresqlEnv" . | nindent 10 }} + {{- include "eoapi.commonEnvVars" (dict "service" "multidim" "root" .) | nindent 10 }} + envFrom: + - configMapRef: + name: multidim-envvar-configmap-{{ .Release.Name }} + {{- if .Values.multidim.settings.extraEnvFrom }} + {{- toYaml .Values.multidim.settings.extraEnvFrom | nindent 10 }} + {{- end }} + {{- include "eoapi.mountServiceSecrets" (dict "service" "multidim" "root" .) | nindent 10 }} + {{- with .Values.multidim.settings.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + {{- with .Values.multidim.settings.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "eoapi.serviceAccountName" . }} + {{- with .Values.multidim.settings.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.multidim.settings.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/multidim/hpa.yaml b/helm-chart/eoapi/templates/services/multidim/hpa.yaml new file mode 100644 index 00000000..062898f9 --- /dev/null +++ b/helm-chart/eoapi/templates/services/multidim/hpa.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.multidim.enabled .Values.multidim.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: multidim-hpa-{{ .Release.Name }} + labels: + app: multidim-{{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: multidim-{{ .Release.Name }} + minReplicas: {{ .Values.multidim.autoscaling.minReplicas }} + maxReplicas: {{ .Values.multidim.autoscaling.maxReplicas }} + behavior: + {{- with .Values.multidim.autoscaling.behavior }} + scaleDown: + stabilizationWindowSeconds: {{ .scaleDown.stabilizationWindowSeconds }} + scaleUp: + stabilizationWindowSeconds: {{ .scaleUp.stabilizationWindowSeconds }} + {{- end }} + metrics: + {{- if eq .Values.multidim.autoscaling.type "cpu" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.multidim.autoscaling.targets.cpu }} + {{- else if eq .Values.multidim.autoscaling.type "requestRate" }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.multidim.autoscaling.targets.requestRate }} + {{- else if eq .Values.multidim.autoscaling.type "both" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.multidim.autoscaling.targets.cpu }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.multidim.autoscaling.targets.requestRate }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/multidim/service.yaml b/helm-chart/eoapi/templates/services/multidim/service.yaml new file mode 100644 index 00000000..d345223d --- /dev/null +++ b/helm-chart/eoapi/templates/services/multidim/service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.multidim.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: multidim + labels: + app: multidim-{{ .Release.Name }} +spec: + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + selector: + app: multidim-{{ .Release.Name }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/raster/configmap.yaml b/helm-chart/eoapi/templates/services/raster/configmap.yaml new file mode 100644 index 00000000..fa36b143 --- /dev/null +++ b/helm-chart/eoapi/templates/services/raster/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.raster.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: raster-envvar-configmap-{{ .Release.Name }} +data: + {{- range $envKey, $envValue := .Values.raster.settings.envVars }} + {{ upper $envKey }}: {{ $envValue | quote }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/raster/deployment.yaml b/helm-chart/eoapi/templates/services/raster/deployment.yaml new file mode 100644 index 00000000..5b1c6922 --- /dev/null +++ b/helm-chart/eoapi/templates/services/raster/deployment.yaml @@ -0,0 +1,98 @@ +{{- if .Values.raster.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: raster-{{ .Release.Name }} + gitsha: {{ .Values.gitSha }} + name: raster-{{ .Release.Name }} + {{- if .Values.raster.annotations }} + annotations: + {{- with .Values.raster.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 50% + maxUnavailable: 0 + selector: + matchLabels: + app: raster-{{ .Release.Name }} + template: + metadata: + labels: + app: raster-{{ .Release.Name }} + {{- with .Values.raster.settings.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "eoapi.pgstacInitContainers" . | nindent 6 }} + containers: + - image: {{ .Values.raster.image.name }}:{{ .Values.raster.image.tag }} + name: raster + command: + {{- toYaml .Values.raster.command | nindent 10 }} + {{- if (and (.Values.ingress.className) (or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik"))) }} + - "--proxy-headers" + - "--forwarded-allow-ips=*" + - "--root-path=/raster" + {{- end }}{{/* needed for proxies and path rewrites on NLB */}} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + startupProbe: + httpGet: + path: /healthz + port: {{ .Values.service.port }} + # check every sec for 1 minute + periodSeconds: 1 + failureThreshold: 60 + successThreshold: 1 + ports: + - containerPort: {{ .Values.service.port }} + resources: + {{- toYaml .Values.raster.settings.resources | nindent 10 }} + env: + {{- include "eoapi.postgresqlEnv" . | nindent 10 }} + {{- include "eoapi.commonEnvVars" (dict "service" "raster" "root" .) | nindent 10 }} + envFrom: + - configMapRef: + name: raster-envvar-configmap-{{ .Release.Name }} + {{- if .Values.raster.settings.extraEnvFrom }} + {{- toYaml .Values.raster.settings.extraEnvFrom | nindent 10 }} + {{- end }} + {{- include "eoapi.mountServiceSecrets" (dict "service" "raster" "root" .) | nindent 10 }} + {{- with .Values.raster.settings.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + {{- with .Values.raster.settings.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "eoapi.serviceAccountName" . }} + {{- with .Values.raster.settings.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.raster.settings.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/raster/hpa.yaml b/helm-chart/eoapi/templates/services/raster/hpa.yaml new file mode 100644 index 00000000..64901d75 --- /dev/null +++ b/helm-chart/eoapi/templates/services/raster/hpa.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.raster.enabled .Values.raster.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: raster-hpa-{{ .Release.Name }} + labels: + app: raster-{{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: raster-{{ .Release.Name }} + minReplicas: {{ .Values.raster.autoscaling.minReplicas }} + maxReplicas: {{ .Values.raster.autoscaling.maxReplicas }} + behavior: + {{- with .Values.raster.autoscaling.behavior }} + scaleDown: + stabilizationWindowSeconds: {{ .scaleDown.stabilizationWindowSeconds }} + scaleUp: + stabilizationWindowSeconds: {{ .scaleUp.stabilizationWindowSeconds }} + {{- end }} + metrics: + {{- if eq .Values.raster.autoscaling.type "cpu" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.raster.autoscaling.targets.cpu }} + {{- else if eq .Values.raster.autoscaling.type "requestRate" }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.raster.autoscaling.targets.requestRate }} + {{- else if eq .Values.raster.autoscaling.type "both" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.raster.autoscaling.targets.cpu }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.raster.autoscaling.targets.requestRate }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/raster/service.yaml b/helm-chart/eoapi/templates/services/raster/service.yaml new file mode 100644 index 00000000..1f939e14 --- /dev/null +++ b/helm-chart/eoapi/templates/services/raster/service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.raster.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: raster + labels: + app: raster-{{ .Release.Name }} +spec: + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + selector: + app: raster-{{ .Release.Name }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/service.yaml b/helm-chart/eoapi/templates/services/service.yaml deleted file mode 100644 index cd8ea3e6..00000000 --- a/helm-chart/eoapi/templates/services/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- range $serviceName, $v := .Values -}} -{{- if has $serviceName $.Values.apiServices }} -{{- if index $v "enabled" }} -apiVersion: v1 -kind: Service -metadata: - labels: - app: {{ $serviceName }} - name: {{ $serviceName }} -spec: - {{- if (and ($.Values.ingress.className) (eq $.Values.ingress.className "nginx")) }} - type: "ClusterIP" - {{- else }} - type: "NodePort" - {{- end }} - ports: - - name: '{{ $.Values.service.port }}' - port: {{ $.Values.service.port }} - targetPort: {{ $.Values.service.port }} - selector: - app: {{ $serviceName }}-{{ $.Release.Name }} ---- -{{/* END: if index $v "enabled" */}} -{{- end }} -{{/* END: if has $serviceName $.Values.externalServices */}} -{{- end }} -{{/* END: range $serviceName, $v := .Values*/}} -{{- end }} diff --git a/helm-chart/eoapi/templates/services/stac/configmap.yaml b/helm-chart/eoapi/templates/services/stac/configmap.yaml new file mode 100644 index 00000000..21a471ad --- /dev/null +++ b/helm-chart/eoapi/templates/services/stac/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.stac.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: stac-envvar-configmap-{{ .Release.Name }} +data: + {{- range $envKey, $envValue := .Values.stac.settings.envVars }} + {{ upper $envKey }}: {{ $envValue | quote }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/stac/deployment.yaml b/helm-chart/eoapi/templates/services/stac/deployment.yaml new file mode 100644 index 00000000..6443694d --- /dev/null +++ b/helm-chart/eoapi/templates/services/stac/deployment.yaml @@ -0,0 +1,98 @@ +{{- if .Values.stac.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: stac-{{ .Release.Name }} + gitsha: {{ .Values.gitSha }} + name: stac-{{ .Release.Name }} + {{- if .Values.stac.annotations }} + annotations: + {{- with .Values.stac.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 50% + maxUnavailable: 0 + selector: + matchLabels: + app: stac-{{ .Release.Name }} + template: + metadata: + labels: + app: stac-{{ .Release.Name }} + {{- with .Values.stac.settings.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "eoapi.pgstacInitContainers" . | nindent 6 }} + containers: + - image: {{ .Values.stac.image.name }}:{{ .Values.stac.image.tag }} + name: stac + command: + {{- toYaml .Values.stac.command | nindent 10 }} + {{- if (and (.Values.ingress.className) (or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik"))) }} + - "--proxy-headers" + - "--forwarded-allow-ips=*" + - "--root-path=/stac" + {{- end }}{{/* needed for proxies and path rewrites on NLB */}} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /_mgmt/ping + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + startupProbe: + httpGet: + path: /_mgmt/ping + port: {{ .Values.service.port }} + # check every sec for 1 minute + periodSeconds: 1 + failureThreshold: 60 + successThreshold: 1 + ports: + - containerPort: {{ .Values.service.port }} + resources: + {{- toYaml .Values.stac.settings.resources | nindent 10 }} + env: + {{- include "eoapi.postgresqlEnv" . | nindent 10 }} + {{- include "eoapi.commonEnvVars" (dict "service" "stac" "root" .) | nindent 10 }} + envFrom: + - configMapRef: + name: stac-envvar-configmap-{{ .Release.Name }} + {{- if .Values.stac.settings.extraEnvFrom }} + {{- toYaml .Values.stac.settings.extraEnvFrom | nindent 10 }} + {{- end }} + {{- include "eoapi.mountServiceSecrets" (dict "service" "stac" "root" .) | nindent 10 }} + {{- with .Values.stac.settings.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + {{- with .Values.stac.settings.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "eoapi.serviceAccountName" . }} + {{- with .Values.stac.settings.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.stac.settings.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/stac/hpa.yaml b/helm-chart/eoapi/templates/services/stac/hpa.yaml new file mode 100644 index 00000000..a328e40c --- /dev/null +++ b/helm-chart/eoapi/templates/services/stac/hpa.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.stac.enabled .Values.stac.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: stac-hpa-{{ .Release.Name }} + labels: + app: stac-{{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: stac-{{ .Release.Name }} + minReplicas: {{ .Values.stac.autoscaling.minReplicas }} + maxReplicas: {{ .Values.stac.autoscaling.maxReplicas }} + behavior: + {{- with .Values.stac.autoscaling.behavior }} + scaleDown: + stabilizationWindowSeconds: {{ .scaleDown.stabilizationWindowSeconds }} + scaleUp: + stabilizationWindowSeconds: {{ .scaleUp.stabilizationWindowSeconds }} + {{- end }} + metrics: + {{- if eq .Values.stac.autoscaling.type "cpu" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.stac.autoscaling.targets.cpu }} + {{- else if eq .Values.stac.autoscaling.type "requestRate" }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.stac.autoscaling.targets.requestRate }} + {{- else if eq .Values.stac.autoscaling.type "both" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.stac.autoscaling.targets.cpu }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.stac.autoscaling.targets.requestRate }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/stac/service.yaml b/helm-chart/eoapi/templates/services/stac/service.yaml new file mode 100644 index 00000000..a5d2c99c --- /dev/null +++ b/helm-chart/eoapi/templates/services/stac/service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.stac.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: stac + labels: + app: stac-{{ .Release.Name }} +spec: + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + selector: + app: stac-{{ .Release.Name }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/traefik-middleware.yaml b/helm-chart/eoapi/templates/services/traefik-middleware.yaml index 7bdcf7d7..2e252cce 100644 --- a/helm-chart/eoapi/templates/services/traefik-middleware.yaml +++ b/helm-chart/eoapi/templates/services/traefik-middleware.yaml @@ -2,16 +2,21 @@ apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: - name: strip-prefix-middleware-{{ $.Release.Name }} - namespace: {{ $.Release.Namespace }} + name: strip-prefix-middleware-{{ .Release.Name }} + namespace: {{ .Release.Namespace }} spec: stripPrefix: prefixes: - {{- range $serviceName, $v := .Values }} - {{- if has $serviceName $.Values.apiServices }} - {{- if (index $v "enabled") }} - - /{{ $serviceName }} + {{- if .Values.raster.enabled }} + - /raster {{- end }} + {{- if .Values.stac.enabled }} + - /stac {{- end }} + {{- if .Values.vector.enabled }} + - /vector + {{- end }} + {{- if .Values.multidim.enabled }} + - /multidim {{- end }} {{- end }} diff --git a/helm-chart/eoapi/templates/services/vector/configmap.yaml b/helm-chart/eoapi/templates/services/vector/configmap.yaml new file mode 100644 index 00000000..c479054f --- /dev/null +++ b/helm-chart/eoapi/templates/services/vector/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.vector.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-envvar-configmap-{{ .Release.Name }} +data: + {{- range $envKey, $envValue := .Values.vector.settings.envVars }} + {{ upper $envKey }}: {{ $envValue | quote }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/vector/deployment.yaml b/helm-chart/eoapi/templates/services/vector/deployment.yaml new file mode 100644 index 00000000..bf22a897 --- /dev/null +++ b/helm-chart/eoapi/templates/services/vector/deployment.yaml @@ -0,0 +1,98 @@ +{{- if .Values.vector.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: vector-{{ .Release.Name }} + gitsha: {{ .Values.gitSha }} + name: vector-{{ .Release.Name }} + {{- if .Values.vector.annotations }} + annotations: + {{- with .Values.vector.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + progressDeadlineSeconds: 600 + revisionHistoryLimit: 5 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 50% + maxUnavailable: 0 + selector: + matchLabels: + app: vector-{{ .Release.Name }} + template: + metadata: + labels: + app: vector-{{ .Release.Name }} + {{- with .Values.vector.settings.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- include "eoapi.pgstacInitContainers" . | nindent 6 }} + containers: + - image: {{ .Values.vector.image.name }}:{{ .Values.vector.image.tag }} + name: vector + command: + {{- toYaml .Values.vector.command | nindent 10 }} + {{- if (and (.Values.ingress.className) (or (eq .Values.ingress.className "nginx") (eq .Values.ingress.className "traefik"))) }} + - "--proxy-headers" + - "--forwarded-allow-ips=*" + - "--root-path=/vector" + {{- end }}{{/* needed for proxies and path rewrites on NLB */}} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.port }} + failureThreshold: 3 + periodSeconds: 15 + successThreshold: 1 + startupProbe: + httpGet: + path: /healthz + port: {{ .Values.service.port }} + # check every sec for 1 minute + periodSeconds: 1 + failureThreshold: 60 + successThreshold: 1 + ports: + - containerPort: {{ .Values.service.port }} + resources: + {{- toYaml .Values.vector.settings.resources | nindent 10 }} + env: + {{- include "eoapi.postgresqlEnv" . | nindent 10 }} + {{- include "eoapi.commonEnvVars" (dict "service" "vector" "root" .) | nindent 10 }} + envFrom: + - configMapRef: + name: vector-envvar-configmap-{{ .Release.Name }} + {{- if .Values.vector.settings.extraEnvFrom }} + {{- toYaml .Values.vector.settings.extraEnvFrom | nindent 10 }} + {{- end }} + {{- include "eoapi.mountServiceSecrets" (dict "service" "vector" "root" .) | nindent 10 }} + {{- with .Values.vector.settings.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + {{- with .Values.vector.settings.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "eoapi.serviceAccountName" . }} + {{- with .Values.vector.settings.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.vector.settings.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/vector/hpa.yaml b/helm-chart/eoapi/templates/services/vector/hpa.yaml new file mode 100644 index 00000000..e66ba550 --- /dev/null +++ b/helm-chart/eoapi/templates/services/vector/hpa.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.vector.enabled .Values.vector.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: vector-hpa-{{ .Release.Name }} + labels: + app: vector-{{ .Release.Name }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: vector-{{ .Release.Name }} + minReplicas: {{ .Values.vector.autoscaling.minReplicas }} + maxReplicas: {{ .Values.vector.autoscaling.maxReplicas }} + behavior: + {{- with .Values.vector.autoscaling.behavior }} + scaleDown: + stabilizationWindowSeconds: {{ .scaleDown.stabilizationWindowSeconds }} + scaleUp: + stabilizationWindowSeconds: {{ .scaleUp.stabilizationWindowSeconds }} + {{- end }} + metrics: + {{- if eq .Values.vector.autoscaling.type "cpu" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vector.autoscaling.targets.cpu }} + {{- else if eq .Values.vector.autoscaling.type "requestRate" }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.vector.autoscaling.targets.requestRate }} + {{- else if eq .Values.vector.autoscaling.type "both" }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.vector.autoscaling.targets.cpu }} + - type: Pods + pods: + metric: + name: nginx_ingress_controller_requests + target: + type: AverageValue + averageValue: {{ .Values.vector.autoscaling.targets.requestRate }} + {{- end }} +{{- end }} diff --git a/helm-chart/eoapi/templates/services/vector/service.yaml b/helm-chart/eoapi/templates/services/vector/service.yaml new file mode 100644 index 00000000..d06fa37b --- /dev/null +++ b/helm-chart/eoapi/templates/services/vector/service.yaml @@ -0,0 +1,14 @@ +{{- if .Values.vector.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: vector + labels: + app: vector-{{ .Release.Name }} +spec: + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + selector: + app: vector-{{ .Release.Name }} +{{- end }} diff --git a/helm-chart/eoapi/tests/config_tests.yaml b/helm-chart/eoapi/tests/config_tests.yaml index e403ed3b..bb9b18c9 100644 --- a/helm-chart/eoapi/tests/config_tests.yaml +++ b/helm-chart/eoapi/tests/config_tests.yaml @@ -1,64 +1,5 @@ -suite: service defaults configmap -templates: - - templates/services/configmap.yaml -tests: - - it: "vector configmap defaults" - set: - raster.enabled: false - stac.enabled: false - vector.enabled: true - multidim.enabled: false - asserts: - - isKind: - of: ConfigMap - - matchRegex: - path: metadata.name - pattern: ^vector-envvar-configmap-RELEASE-NAME$ - - equal: - path: data.TIPG_CATALOG_TTL - value: "300" - - it: "raster configmap defaults" - set: - raster.enabled: true - stac.enabled: false - vector.enabled: false - multidim.enabled: false - asserts: - - isKind: - of: ConfigMap - - matchRegex: - path: metadata.name - pattern: ^raster-envvar-configmap-RELEASE-NAME$ - - equal: - path: data.GDAL_HTTP_MULTIPLEX - value: "YES" - - it: "stac configmap defaults" - set: - raster.enabled: false - stac.enabled: true - vector.enabled: false - multidim.enabled: false - asserts: - - isKind: - of: ConfigMap - - matchRegex: - path: metadata.name - pattern: ^stac-envvar-configmap-RELEASE-NAME$ - - equal: - path: data.WEB_CONCURRENCY - value: "5" - - it: "multidim configmap defaults" - set: - raster.enabled: false - stac.enabled: false - vector.enabled: false - multidim.enabled: true - asserts: - - isKind: - of: ConfigMap - - matchRegex: - path: metadata.name - pattern: ^multidim-envvar-configmap-RELEASE-NAME$ - - equal: - path: data.GDAL_HTTP_MULTIPLEX - value: "YES" +# This file is kept for backward compatibility but tests have been moved to service-specific test files: +# - raster_tests.yaml +# - stac_tests.yaml +# - vector_tests.yaml +# - multidim_tests.yaml diff --git a/helm-chart/eoapi/tests/deploy_tests.yaml b/helm-chart/eoapi/tests/deploy_tests.yaml index 41323441..bb9b18c9 100644 --- a/helm-chart/eoapi/tests/deploy_tests.yaml +++ b/helm-chart/eoapi/tests/deploy_tests.yaml @@ -1,124 +1,5 @@ -suite: service defaults deployment -templates: - - templates/services/deployment.yaml -tests: - - it: "vector deploy defaults" - set: - raster.enabled: false - stac.enabled: false - vector.enabled: true - multidim.enabled: false - asserts: - - isKind: - of: Deployment - - matchRegex: - path: metadata.name - pattern: ^vector-RELEASE-NAME$ - - equal: - path: spec.strategy.type - value: "RollingUpdate" - - equal: - path: spec.template.spec.containers[0].resources.limits.cpu - value: "768m" - - equal: - path: spec.template.spec.containers[0].resources.requests.cpu - value: "256m" - - equal: - path: spec.template.spec.containers[0].resources.limits.memory - value: "1024Mi" - - equal: - path: spec.template.spec.containers[0].resources.requests.memory - value: "256Mi" - - equal: - path: metadata.labels.gitsha - value: "ABC123" - - it: "raster deploy defaults" - set: - raster.enabled: true - stac.enabled: false - vector.enabled: false - multidim.enabled: false - asserts: - - isKind: - of: Deployment - - matchRegex: - path: metadata.name - pattern: ^raster-RELEASE-NAME$ - - equal: - path: spec.strategy.type - value: "RollingUpdate" - - equal: - path: spec.template.spec.containers[0].resources.limits.cpu - value: "768m" - - equal: - path: spec.template.spec.containers[0].resources.requests.cpu - value: "256m" - - equal: - path: spec.template.spec.containers[0].resources.limits.memory - value: "4096Mi" - - equal: - path: spec.template.spec.containers[0].resources.requests.memory - value: "3072Mi" - - equal: - path: metadata.labels.gitsha - value: "ABC123" - - it: "stac deploy defaults" - set: - raster.enabled: false - stac.enabled: true - vector.enabled: false - multidim.enabled: false - asserts: - - isKind: - of: Deployment - - matchRegex: - path: metadata.name - pattern: ^stac-RELEASE-NAME$ - - equal: - path: spec.strategy.type - value: "RollingUpdate" - - equal: - path: spec.template.spec.containers[0].resources.limits.cpu - value: "768m" - - equal: - path: spec.template.spec.containers[0].resources.requests.cpu - value: "256m" - - equal: - path: spec.template.spec.containers[0].resources.limits.memory - value: "1024Mi" - - equal: - path: spec.template.spec.containers[0].resources.requests.memory - value: "1024Mi" - - equal: - path: metadata.labels.gitsha - value: "ABC123" - - it: "multidim deploy defaults" - set: - raster.enabled: false - stac.enabled: false - vector.enabled: false - multidim.enabled: true - asserts: - - isKind: - of: Deployment - - matchRegex: - path: metadata.name - pattern: ^multidim-RELEASE-NAME$ - - equal: - path: spec.strategy.type - value: "RollingUpdate" - - equal: - path: spec.template.spec.containers[0].resources.limits.cpu - value: "768m" - - equal: - path: spec.template.spec.containers[0].resources.requests.cpu - value: "256m" - - equal: - path: spec.template.spec.containers[0].resources.limits.memory - value: "4096Mi" - - equal: - path: spec.template.spec.containers[0].resources.requests.memory - value: "3072Mi" - - equal: - path: metadata.labels.gitsha - value: "ABC123" +# This file is kept for backward compatibility but tests have been moved to service-specific test files: +# - raster_tests.yaml +# - stac_tests.yaml +# - vector_tests.yaml +# - multidim_tests.yaml diff --git a/helm-chart/eoapi/tests/hpa_tests.yaml b/helm-chart/eoapi/tests/hpa_tests.yaml index 0629bcaa..c4a911b0 100644 --- a/helm-chart/eoapi/tests/hpa_tests.yaml +++ b/helm-chart/eoapi/tests/hpa_tests.yaml @@ -1,16 +1,2 @@ -suite: autoscaling feedback when className is not nginx -templates: - - templates/services/hpa.yaml -tests: - - it: "vector hpa fail for requestRate" - set: - raster.enabled: false - stac.enabled: false - vector.enabled: true - ingress.className: "testing123" - vector.autoscaling.enabled: true - vector.autoscaling.type: "requestRate" - asserts: - - failedTemplate: - errorMessage: When using an 'ingress.className' other than 'nginx' you cannot enable autoscaling by 'requestRate' at this time b/c it's solely an nginx metric - +# This file is kept for backward compatibility but tests have been moved to service-specific test files: +# - vector_tests.yaml (for HPA tests) diff --git a/helm-chart/eoapi/tests/ingress_tests.yaml b/helm-chart/eoapi/tests/ingress_tests.yaml index 60ca07b9..32341db6 100644 --- a/helm-chart/eoapi/tests/ingress_tests.yaml +++ b/helm-chart/eoapi/tests/ingress_tests.yaml @@ -91,4 +91,4 @@ tests: value: "/" - equal: path: spec.rules[0].http.paths[1].backend.service.name - value: doc-server-RELEASE-NAME + value: eoapi-doc-server diff --git a/helm-chart/eoapi/tests/multidim_tests.yaml b/helm-chart/eoapi/tests/multidim_tests.yaml new file mode 100644 index 00000000..9d75d38e --- /dev/null +++ b/helm-chart/eoapi/tests/multidim_tests.yaml @@ -0,0 +1,56 @@ +suite: multidim service tests +templates: + - templates/services/multidim/deployment.yaml + - templates/services/multidim/configmap.yaml + - templates/services/multidim/service.yaml + - templates/services/multidim/hpa.yaml +tests: + - it: "multidim deployment defaults" + set: + raster.enabled: false + stac.enabled: false + vector.enabled: false + multidim.enabled: true + gitSha: "ABC123" + template: templates/services/multidim/deployment.yaml + asserts: + - isKind: + of: Deployment + - matchRegex: + path: metadata.name + pattern: ^multidim-RELEASE-NAME$ + - equal: + path: spec.strategy.type + value: "RollingUpdate" + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: "768m" + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "256m" + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: "4096Mi" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: "3072Mi" + - equal: + path: metadata.labels.gitsha + value: "ABC123" + + - it: "multidim configmap defaults" + set: + raster.enabled: false + stac.enabled: false + vector.enabled: false + multidim.enabled: true + template: templates/services/multidim/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - matchRegex: + path: metadata.name + pattern: ^multidim-envvar-configmap-RELEASE-NAME$ + - equal: + path: data.GDAL_HTTP_MULTIPLEX + value: "YES" diff --git a/helm-chart/eoapi/tests/raster_tests.yaml b/helm-chart/eoapi/tests/raster_tests.yaml new file mode 100644 index 00000000..f3a4fe8d --- /dev/null +++ b/helm-chart/eoapi/tests/raster_tests.yaml @@ -0,0 +1,56 @@ +suite: raster service tests +templates: + - templates/services/raster/deployment.yaml + - templates/services/raster/configmap.yaml + - templates/services/raster/service.yaml + - templates/services/raster/hpa.yaml +tests: + - it: "raster deployment defaults" + set: + raster.enabled: true + stac.enabled: false + vector.enabled: false + multidim.enabled: false + gitSha: "ABC123" + template: templates/services/raster/deployment.yaml + asserts: + - isKind: + of: Deployment + - matchRegex: + path: metadata.name + pattern: ^raster-RELEASE-NAME$ + - equal: + path: spec.strategy.type + value: "RollingUpdate" + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: "768m" + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "256m" + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: "4096Mi" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: "3072Mi" + - equal: + path: metadata.labels.gitsha + value: "ABC123" + + - it: "raster configmap defaults" + set: + raster.enabled: true + stac.enabled: false + vector.enabled: false + multidim.enabled: false + template: templates/services/raster/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - matchRegex: + path: metadata.name + pattern: ^raster-envvar-configmap-RELEASE-NAME$ + - equal: + path: data.GDAL_HTTP_MULTIPLEX + value: "YES" diff --git a/helm-chart/eoapi/tests/stac_tests.yaml b/helm-chart/eoapi/tests/stac_tests.yaml new file mode 100644 index 00000000..a67a72d5 --- /dev/null +++ b/helm-chart/eoapi/tests/stac_tests.yaml @@ -0,0 +1,56 @@ +suite: stac service tests +templates: + - templates/services/stac/deployment.yaml + - templates/services/stac/configmap.yaml + - templates/services/stac/service.yaml + - templates/services/stac/hpa.yaml +tests: + - it: "stac deployment defaults" + set: + raster.enabled: false + stac.enabled: true + vector.enabled: false + multidim.enabled: false + gitSha: "ABC123" + template: templates/services/stac/deployment.yaml + asserts: + - isKind: + of: Deployment + - matchRegex: + path: metadata.name + pattern: ^stac-RELEASE-NAME$ + - equal: + path: spec.strategy.type + value: "RollingUpdate" + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: "768m" + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "256m" + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: "1024Mi" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: "1024Mi" + - equal: + path: metadata.labels.gitsha + value: "ABC123" + + - it: "stac configmap defaults" + set: + raster.enabled: false + stac.enabled: true + vector.enabled: false + multidim.enabled: false + template: templates/services/stac/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - matchRegex: + path: metadata.name + pattern: ^stac-envvar-configmap-RELEASE-NAME$ + - equal: + path: data.WEB_CONCURRENCY + value: "5" diff --git a/helm-chart/eoapi/tests/vector_tests.yaml b/helm-chart/eoapi/tests/vector_tests.yaml new file mode 100644 index 00000000..a895cc1c --- /dev/null +++ b/helm-chart/eoapi/tests/vector_tests.yaml @@ -0,0 +1,57 @@ +suite: vector service tests +templates: + - templates/services/vector/deployment.yaml + - templates/services/vector/configmap.yaml + - templates/services/vector/service.yaml + - templates/services/vector/hpa.yaml +tests: + - it: "vector deployment defaults" + set: + raster.enabled: false + stac.enabled: false + vector.enabled: true + multidim.enabled: false + gitSha: "ABC123" + template: templates/services/vector/deployment.yaml + asserts: + - isKind: + of: Deployment + - matchRegex: + path: metadata.name + pattern: ^vector-RELEASE-NAME$ + - equal: + path: spec.strategy.type + value: "RollingUpdate" + - equal: + path: spec.template.spec.containers[0].resources.limits.cpu + value: "768m" + - equal: + path: spec.template.spec.containers[0].resources.requests.cpu + value: "256m" + - equal: + path: spec.template.spec.containers[0].resources.limits.memory + value: "1024Mi" + - equal: + path: spec.template.spec.containers[0].resources.requests.memory + value: "256Mi" + - equal: + path: metadata.labels.gitsha + value: "ABC123" + + - it: "vector configmap defaults" + set: + raster.enabled: false + stac.enabled: false + vector.enabled: true + multidim.enabled: false + template: templates/services/vector/configmap.yaml + asserts: + - isKind: + of: ConfigMap + - matchRegex: + path: metadata.name + pattern: ^vector-envvar-configmap-RELEASE-NAME$ + - equal: + path: data.TIPG_CATALOG_TTL + value: "300" + diff --git a/helm-chart/eoapi/values.yaml b/helm-chart/eoapi/values.yaml index d905f92f..277a52a7 100644 --- a/helm-chart/eoapi/values.yaml +++ b/helm-chart/eoapi/values.yaml @@ -198,6 +198,8 @@ apiServices: raster: enabled: true + ingress: + enabled: true # Control ingress specifically for raster service autoscaling: # NOTE: to have autoscaling working you'll need to install the `eoapi-support` chart # see ../../../docs/autoscaling.md for more information @@ -264,11 +266,11 @@ raster: PORT: "8080" # https://www.uvicorn.org/settings/#production WEB_CONCURRENCY: "5" - # Additional environment variables - extraEnvVars: {} multidim: enabled: false # disabled by default + ingress: + enabled: true # Control ingress specifically for multidim service autoscaling: # NOTE: to have autoscaling working you'll need to install the `eoapi-support` chart # see ../../../docs/autoscaling.md for more information @@ -335,11 +337,11 @@ multidim: PORT: "8080" # https://www.uvicorn.org/settings/#production WEB_CONCURRENCY: "5" - # Additional environment variables - extraEnvVars: {} stac: enabled: true + ingress: + enabled: true # Control ingress specifically for stac service autoscaling: # NOTE: to have autoscaling working you'll need to install the `eoapi-support` chart # see ../../../docs/autoscaling.md for more information @@ -397,6 +399,8 @@ stac: vector: enabled: true + ingress: + enabled: true # Control ingress specifically for vector service autoscaling: # NOTE: to have autoscaling working you'll need to install the `eoapi-support` chart # see ../../../docs/autoscaling.md for more information @@ -456,8 +460,6 @@ vector: PORT: "8080" # https://www.uvicorn.org/settings/#production WEB_CONCURRENCY: "5" - # Additional environment variables - extraEnvVars: {} docServer: enabled: true