Merge pull request #1647 from NCEAS/feature-1623-add-ingress

Feature 1623 add ingress
NCEAS · Jun 23, 2023 · 2bd46e2 · 2bd46e2
2 parents c0a85fe + d00cfdd
commit 2bd46e2
Show file tree

Hide file tree

Showing 5 changed files with 92 additions and 34 deletions.
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
@@ -31,14 +31,13 @@ if [[ $1 = "catalina.sh" ]]; then
     apply_context.py "$METACAT_DIR"/WEB-INF/web.xml metacat "${METACAT_APP_CONTEXT}"
 
     # Show KNB skin if nothing else configured.
-    # TODO: deploy metacatui separately, or make this work with props config later
     mkdir "${TC_HOME}"/webapps/config
     {
         echo "MetacatUI.AppConfig = {"
         echo "  theme: \"knb\","
         echo "  root: \"/metacatui\","
         echo "  metacatContext: \"/${METACAT_APP_CONTEXT}\","
-        echo "  baseUrl: \"http://localhost:8080\""
+        echo "  baseUrl: \"http://$METACAT_EXTERNAL_HOSTNAME:$METACAT_EXTERNAL_PORT\""
         echo "}"
     } > "${TC_HOME}"/webapps/config/config.js
 

diff --git a/helm/config/metacat-site.properties b/helm/config/metacat-site.properties
@@ -15,12 +15,6 @@
 {{ $key }}={{ $value }}
 {{- end }}
 
-# TODO - required, not yet templatized #############################################################
-# Could any move permanently to metacat.properties as over-writeable defaults?
-
-database.adapter=edu.ucsb.nceas.dbadapter.PostgresqlAdapter
-database.driver=org.postgresql.Driver
-
 ####################################################################################################
 ##  specific to (and constant for) k8s deployments  ################################################
 ####################################################################################################

diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml
@@ -1,6 +1,11 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "metacat.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
+{{- $svcPort := 0 -}}
+{{- range .Values.service.ports }}
+  {{- if eq .name "metacat-svc-web" }}
+    {{- $svcPort = .port }}
+  {{- end }}
+{{- end }}
 {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
   {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
   {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
@@ -49,11 +54,11 @@ spec:
             backend:
               {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
               service:
-                name: {{ $fullName }}
+                name: {{ $fullName }}-headless-svc
                 port:
                   number: {{ $svcPort }}
               {{- else }}
-              serviceName: {{ $fullName }}
+              serviceName: {{ $fullName }}-headless-svc
               servicePort: {{ $svcPort }}
               {{- end }}
           {{- end }}

diff --git a/helm/templates/statefulset.yaml b/helm/templates/statefulset.yaml
@@ -35,8 +35,6 @@ spec:
           ports:
             - containerPort: 8080
               name: metacat-web
-            - containerPort: 8009
-              name: apache-connect
             - containerPort: 5701
               name: hazelcast
           resources:
@@ -50,21 +48,28 @@ spec:
               mountPath: /var/metacat
               readOnly: false
           env:
+            - name: METACAT_IS_RUNNING_IN_A_CONTAINER
+              value: "true"
             - name: METACAT_DEBUG
               value: {{ ternary "true" "false" .Values.image.debug | quote }}
             - name: METACAT_ADMINISTRATOR_USERNAME
               value: {{ index .Values.metacat "administrator.username" }}
+            - name: METACAT_EXTERNAL_HOSTNAME
+              value: {{ .Values.global.externalHostname }}
+            - name: METACAT_EXTERNAL_PORT
+              {{- $metacatHttpPort := index .Values.metacat "server.httpPort" }}
+              value: {{ ternary "80" $metacatHttpPort ( .Values.ingress.enabled ) | quote }}
           envFrom:
             - secretRef:
                 name: {{ .Release.Name }}-secrets
           livenessProbe:
             httpGet:
-              path: /{{ index .Values.metacat "application.context" }}/
-              port: metacat-web
+              path: {{ .Values.livenessProbe.httpGet.path }}
+              port: {{ .Values.livenessProbe.httpGet.port | quote }}
           readinessProbe:
             httpGet:
-              path: /{{ index .Values.metacat "application.context" }}/
-              port: metacat-web
+              path: {{ .Values.readinessProbe.httpGet.path }}
+              port: {{ .Values.readinessProbe.httpGet.port | quote }}
       volumes:
       - name: {{ .Release.Name }}-config-volume
         configMap:

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -1,6 +1,11 @@
 ## Default values for metacat.
 ## This is a YAML-formatted file.
 ##
+global:
+  #storageClass: csi-rbd-sc
+  #solrPort: &global-solr-port 8983
+  externalHostname: &global-external-hostname localhost
+
 ## The metacat section can contain any properties that will override those in
 ## metacat-site.properties and metacat.properties. The properties that have been pre-populated
 ## in this section comprise the minimum set of values needed to run the app and the test suite on
@@ -56,7 +61,7 @@ metacat:
   server.httpSSLPort: 8443
   ## @param metacat.server.name
   ##
-  server.name: metacat.example.com
+  server.name: *global-external-hostname
   ## @param metacat.solr.baseURL
   # host.docker.internal is equivalent to "localhost"
   solr.baseURL: http://host.docker.internal:8983/solr
@@ -78,11 +83,6 @@ image:
   debug: false
 
 imagePullSecrets: []
-
-global:
-  #TODO
-  #storageClass: csi-rbd-sc
-  #solrPort: &global-solr-port 8983
 
 serviceAccount:
   # Specifies whether a service account should be created
@@ -108,27 +108,82 @@ securityContext: {}
   #   drop:
   #   - ALL
 
+livenessProbe:
+  httpGet:
+    path: /metacat/
+    port: metacat-web
+readinessProbe:
+  httpGet:
+    path: /metacat/  # d1/mn/v2/query/solr/q=id:*
+    port: metacat-web
+
 service:
   type: ClusterIP     # Headless ClusterIP required for StatefulSet
   ports:
   - port: 8080
-    name: metacat-web
-  - port: 8009
-    name: apache-connect
+    # the ingress will direct metacat traffic to the port named "metacat-svc-web"
+    name: metacat-svc-web
   - port: 5701
     name: hazelcast
 
 ingress:
-  #TODO
-  enabled: false
-  className: ""
-  annotations: {}
+  enabled: true
+  ## @param className
+  ## (e.g. className: "nginx") - depends on the available classes in your cluster; inspect using:
+  ##     $ kc get ingressclasses
+  ## For Rancher Desktop,  className: "traefik"
+  ##
+  className: "traefik"
+  ## @param hosts
+  ## For each `- host:` entry, provide the hostname that is mapped via DNS to point to the IP
+  ## address of this ingress, and mappings for the paths on that host. For example:
+  ##   hosts:
+  ##     - host: api.test.dataone.org
+  ##       paths:
+  ##         - path: "/quality"
+  ##           pathType: Prefix
+  ##
+  ##     where `pathType` determines the interpretation of the Path matching:
+  ##         Exact: Matches the URL path exactly.
+  ##         Prefix: Requires URL to begin with the pattern, not including substrings
+  ##                 (e.g. /foo/bar matches /foo/bar/baz, but does not match /foo/barbaz).
+  ##
+  ## NOTE:   All paths will be mapped to the .service.ports entry that has `name: metacat-svc-web`
+  ##
+  hosts:
+    - host: *global-external-hostname
+      paths:  ## TODO
+        - path: "/metacat"
+          pathType: Prefix
+        - path: "/metacat/admin"
+          pathType: Prefix
+        - path: "/metacat/d1"
+          pathType: Prefix
+        # uncomment the following if you want metacatui to be exposed (default knb skin), and
+        # access via /metacatui/  (note we need "/" exposed for access to the config.js file)
+#        - path: "/metacatui"
+#          pathType: Prefix
+        - path: "/"
+          pathType: Prefix
+## example
+#  annotations:
+#    nginx.ingress.kubernetes.io/enable-cors: "true"
+#    nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, OPTIONS"
+#    nginx.ingress.kubernetes.io/cors-allow-origin: '$http_origin'
+#    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+#    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  annotations: { }
+## example
+#  tls:
+#    - hosts:
+#        - api.test.dataone.org
+#      secretName: ingress-nginx-tls-cert
   tls: []
-
+
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with limited
+# resources, such as Minikube.
 resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with limited
-  # resources, such as Minikube.
 
 autoscaling:
   enabled: false