developmentseed · emmanuelmathot · Apr 30, 2025 · Apr 17, 2025 · Apr 17, 2025 · Apr 18, 2025
diff --git a/.github/workflows/helm-tests.yml b/.github/workflows/helm-tests.yml
@@ -196,21 +196,29 @@ jobs:
           kubectl get ingress --all-namespaces -o jsonpath='{range .items[0]}kubectl describe ingress {.metadata.name} -n {.metadata.namespace}{end}' | sh
           kubectl get middleware.traefik.io --all-namespaces -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' --no-headers | while read -r namespace name; do kubectl describe middleware.traefik.io "$name" -n "$namespace"; done
 
-          PUBLICIP='http://'$(kubectl -n kube-system get svc traefik -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-          export VECTOR_ENDPOINT=$PUBLICIP/vector$RELEASE_NAME
-          export STAC_ENDPOINT=$PUBLICIP/stac$RELEASE_NAME
-          export RASTER_ENDPOINT=$PUBLICIP/raster$RELEASE_NAME
+          # Get the IP address of the Traefik service
+          PUBLICIP_VALUE=$(kubectl -n kube-system get svc traefik -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+          PUBLICIP=http://eoapi.local
+          export VECTOR_ENDPOINT=$PUBLICIP/vector
+          export STAC_ENDPOINT=$PUBLICIP/stac
+          export RASTER_ENDPOINT=$PUBLICIP/raster
+
+          # Add entry to /etc/hosts for eoapi.local
+          echo "Adding eoapi.local to /etc/hosts with IP: $PUBLICIP_VALUE"
+          echo "$PUBLICIP_VALUE eoapi.local" | sudo tee -a /etc/hosts
 
           echo '#################################'
           echo $VECTOR_ENDPOINT
           echo $STAC_ENDPOINT
           echo $RASTER_ENDPOINT
           echo '#################################'
 
-          pytest .github/workflows/tests/test_vector.py || kubectl logs svc/vector
-          pytest .github/workflows/tests/test_stac.py || kubectl logs svc/stac
+          # Run tests with proper failure propagation
+          set -e  # Make sure any command failure causes the script to exit with error
+          pytest .github/workflows/tests/test_vector.py || { kubectl logs svc/vector; exit 1; }
+          pytest .github/workflows/tests/test_stac.py || { kubectl logs svc/stac; exit 1; }
           # TODO: fix raster tests
-          #pytest .github/workflows/tests/test_raster.py || kubectl logs svc/raster
+          #pytest .github/workflows/tests/test_raster.py || { kubectl logs svc/raster; exit 1; }
 
       - name: error if tests failed
         if: steps.testrunner.outcome == 'failure'

diff --git a/docs/unified-ingress.md b/docs/unified-ingress.md
@@ -0,0 +1,107 @@
+# Unified Ingress Configuration
+
+This document describes the unified ingress approach implemented in the eoAPI Helm chart.
+
+## Overview
+
+eoAPI now uses a consolidated, controller-agnostic ingress configuration. This approach:
+
+- Eliminates code duplication between different ingress controller implementations
+- Provides consistent behavior across controllers
+- Simplifies testing and maintainability
+- Removes artificial restrictions on using certain ingress controllers in specific environments
+- Makes it easier to add support for additional ingress controllers in the future
+
+## Configuration
+
+The ingress configuration has been streamlined and generalized in the `values.yaml` file:
+
+```yaml
+ingress:
+  # Unified ingress configuration for both nginx and traefik
+  enabled: true
+  # ingressClassName: "nginx" or "traefik"
+  className: "nginx"
+  # Path configuration
+  pathType: "Prefix"  # Can be "Prefix" or "ImplementationSpecific" based on controller
+  pathSuffix: ""      # Add a suffix to service paths (e.g. "(/|$)(.*)" for nginx regex)
+  rootPath: ""        # Root path for doc server
+  # Host configuration
+  host: ""
+  # Custom annotations to add to the ingress
+  annotations: {}
+  # TLS configuration
+  tls:
+    enabled: false
+    secretName: eoapi-tls
+    certManager: false
+    certManagerIssuer: letsencrypt-prod
+    certManagerEmail: ""
+```
+
+## Controller-Specific Configurations
+
+### NGINX Ingress Controller
+
+For NGINX, use the following configuration:
+
+```yaml
+ingress:
+  enabled: true
+  className: "nginx"
+  pathType: "Prefix"
+  annotations:
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/enable-access-log: "true"
+```
+
+### Traefik Ingress Controller
+
+When using Traefik, the system automatically includes the Traefik middleware to strip prefixes (e.g., `/stac`, `/raster`) from requests before forwarding them to services. This is handled by the `traefik-middleware.yaml` template.
+
+For basic Traefik configuration:
+
+```yaml
+ingress:
+  enabled: true
+  className: "traefik"
+  pathType: "Prefix"
+  # When using TLS, setting host is required to avoid "No domain found" warnings
+  host: "example.domain.com"  # Required to work properly with TLS
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+```
+
+For Traefik with TLS:
+
+```yaml
+ingress:
+  enabled: true
+  className: "traefik"
+  pathType: "Prefix"
+  # Host is required when using TLS with Traefik
+  host: "example.domain.com"
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+  tls:
+    enabled: true
+    secretName: eoapi-tls
+```
+
+## Migration
+
+If you're migrating from a previous version, follow these guidelines:
+
+1. Update your values to use the new unified configuration
+2. Ensure your ingress controller-specific annotations are set correctly
+3. Set the appropriate `pathType` for your controller
+4. Test the configuration before deploying to production
+
+## Note for Traefik Users
+
+Traefik is now fully supported in all environments, including production. The previous restriction limiting Traefik to testing environments has been removed.
+
+## Document Server
+
+The document server implementation has also been unified. It now works with both NGINX and Traefik controllers using the same configuration.
diff --git a/helm-chart/eoapi/.helmignore b/helm-chart/eoapi/.helmignore
@@ -22,3 +22,5 @@
 *.tmproj
 .vscode/
 tests/
+# Ignore all README.md in all subdirectories 
+README.md
diff --git a/helm-chart/eoapi/ingress.bkup b/helm-chart/eoapi/ingress.bkup
diff --git a/helm-chart/eoapi/templates/_helpers.tpl b/helm-chart/eoapi/templates/_helpers.tpl
@@ -397,14 +397,3 @@ validate:
 {{- end -}}
 
 {{- end -}}
-
-{{/*
-validate:
-that you can only use traefik as ingress when `testing=true`
-*/}}
-{{- define "eoapi.validateTraefik" -}}
-{{- if and (not .Values.testing) (eq .Values.ingress.className "traefik") $ -}}
-  {{- fail "you cannot use traefik yet outside of testing" -}}
-{{- end -}}
-
-{{- end -}}
diff --git a/helm-chart/eoapi/templates/pgstacbootstrap/job.yaml b/helm-chart/eoapi/templates/pgstacbootstrap/job.yaml
@@ -29,7 +29,7 @@ metadata:
   annotations:
     helm.sh/hook: "post-install,post-upgrade"
     helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: "before-hook-creation,hook-succeeded"
+    helm.sh/hook-delete-policy: "before-hook-creation"
 spec:
   template:
     metadata:
@@ -97,7 +97,7 @@ metadata:
   annotations:
     helm.sh/hook: "post-install,post-upgrade"
     helm.sh/hook-weight: "-4"
-    helm.sh/hook-delete-policy: "before-hook-creation,hook-succeeded"
+    helm.sh/hook-delete-policy: "before-hook-creation"
 spec:
   template:
     metadata:

diff --git a/helm-chart/eoapi/templates/services/README.md b/helm-chart/eoapi/templates/services/README.md
@@ -0,0 +1,53 @@
+# Service-Specific Templates
+
+This directory contains service-specific templates organized to improve readability, maintainability, and flexibility.
+
+## Directory Structure
+
+```
+services/
+├── _common.tpl            # Limited common helper functions
+├── ingress.yaml           # Single shared ingress for all services
+├── raster/                # Raster service templates
+│   ├── deployment.yaml    # Deployment definition
+│   ├── service.yaml       # Service definition
+│   ├── configmap.yaml     # ConfigMap definition
+│   └── hpa.yaml           # HorizontalPodAutoscaler definition
+├── stac/                  # STAC service templates
+│   ├── deployment.yaml
+│   ├── service.yaml
+│   ├── configmap.yaml
+│   └── hpa.yaml
+├── vector/                # Vector service templates
+│   ├── deployment.yaml
+│   ├── service.yaml
+│   ├── configmap.yaml
+│   └── hpa.yaml
+└── multidim/             # Multidimensional service templates
+    ├── deployment.yaml
+    ├── service.yaml
+    ├── configmap.yaml
+    └── hpa.yaml
+```
+
+## Common Helpers
+
+The `_common.tpl` file provides limited helper functions for truly common elements:
+
+- `eoapi.mountServiceSecrets`: For mounting service secrets
+- `eoapi.commonEnvVars`: For common environment variables like SERVICE_NAME, RELEASE_NAME, GIT_SHA
+- `eoapi.pgstacInitContainers`: For init containers that wait for pgstac jobs
+
+For database environment variables, we leverage the existing `eoapi.postgresqlEnv` helper from the main `_helpers.tpl` file.
+
+## Refactoring Benefits
+
+1. **Improved Readability**: Service configurations are explicit and clearly visible
+2. **Better Maintainability**: Changes to one service don't affect others
+3. **Enhanced Flexibility**: Each service can evolve independently
+4. **Easier Debugging**: Errors are isolated to specific service files
+5. **Safer Changes**: Template modifications can be tested on individual services
+
+## Usage
+
+No changes to `values.yaml` structure were required. The chart maintains full backward compatibility with existing deployments.
diff --git a/helm-chart/eoapi/templates/services/_common.tpl b/helm-chart/eoapi/templates/services/_common.tpl
@@ -0,0 +1,58 @@
+{{/* 
+Helper function for mounting service secrets
+Only extract truly common elements that are mechanical and don't need customization
+*/}}
+{{- define "eoapi.mountServiceSecrets" -}}
+{{- $service := .service -}}
+{{- $root := .root -}}
+{{- if index $root.Values $service "settings" "envSecrets" }}
+{{- range $secret := index $root.Values $service "settings" "envSecrets" }}
+- secretRef:
+    name: {{ $secret }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Helper function for common environment variables
+*/}}
+{{- define "eoapi.commonEnvVars" -}}
+{{- $service := .service -}}
+{{- $root := .root -}}
+- name: SERVICE_NAME
+  value: {{ $service | quote }}
+- name: RELEASE_NAME
+  value: {{ $root.Release.Name | quote }}
+- name: GIT_SHA
+  value: {{ $root.Values.gitSha | quote }}
+{{- end -}}
+
+{{/*
+Helper function for common init containers to wait for pgstac jobs
+*/}}
+{{- define "eoapi.pgstacInitContainers" -}}
+{{- if .Values.pgstacBootstrap.enabled }}
+initContainers:
+- name: wait-for-pgstac-jobs
+  image: bitnami/kubectl:latest
+  command:
+  - /bin/sh
+  - -c
+  - |
+    echo "Waiting for pgstac-migrate job to complete..."
+    until kubectl get job pgstac-migrate -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}' | grep -q "True"; do
+      echo "pgstac-migrate job not complete yet, waiting..."
+      sleep 5
+    done
+    echo "pgstac-migrate job completed successfully."
+
+    {{- if .Values.pgstacBootstrap.settings.loadSamples }}
+    echo "Waiting for pgstac-load-samples job to complete..."
+    until kubectl get job pgstac-load-samples -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}' | grep -q "True"; do
+      echo "pgstac-load-samples job not complete yet, waiting..."
+      sleep 5
+    done
+    echo "pgstac-load-samples job completed successfully."
+    {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/helm-chart/eoapi/templates/services/configmap.yaml b/helm-chart/eoapi/templates/services/configmap.yaml