diff --git a/helm-chart/eoapi/templates/services/deployment.yaml b/helm-chart/eoapi/templates/services/deployment.yaml index 8b138153..893d9d3d 100644 --- a/helm-chart/eoapi/templates/services/deployment.yaml +++ b/helm-chart/eoapi/templates/services/deployment.yaml @@ -27,6 +27,20 @@ spec: containers: - image: {{ index $v "image" "name" }}:{{ index $v "image" "tag" }} name: {{ $serviceName }} + {{- if (and ($.Values.ingress.className) (eq $.Values.ingress.className "nginx")) }} + command: + - "uvicorn" + {{ if (eq $serviceName "vector") }} + - "tipg.main:app" + {{- else if (eq $serviceName "raster") }} + - "titiler.pgstac.main:app" + {{- else if (eq $serviceName "stac") }} + - "stac_fastapi.pgstac.app:app" + {{- end }} + - "--host=$(HOST)" + - "--port=$(PORT)" + - "--root-path=/{{ $serviceName }}" + {{- end }}{{/* needed for proxies and path rewrites on NLB */}} ports: - containerPort: {{ $.Values.service.port }} resources: diff --git a/helm-chart/eoapi/templates/services/ingress.yaml b/helm-chart/eoapi/templates/services/ingress-alb.yaml similarity index 72% rename from helm-chart/eoapi/templates/services/ingress.yaml rename to helm-chart/eoapi/templates/services/ingress-alb.yaml index 22a818a2..85e638ad 100644 --- a/helm-chart/eoapi/templates/services/ingress.yaml +++ b/helm-chart/eoapi/templates/services/ingress-alb.yaml @@ -1,7 +1,7 @@ {{- range $serviceName, $v := .Values -}} {{- if (or (eq $serviceName "raster") (eq $serviceName "stac") (eq $serviceName "vector")) }} {{- if index $v "enabled" }} -{{- if (eq $.Values.service.port_type "NodePort") }} +{{- if (eq $.Values.ingress.className "alb") }} {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 {{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} @@ -12,13 +12,13 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ $serviceName }} - {{- with $.Values.ingress.annotations }} + # AWS EKS: + # https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/ + # GCP GKE: + # https://cloud.google.com/kubernetes-engine/docs/concepts/ingress annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if $.Values.ingress.enable_shared_ingress }} - alb.ingress.kubernetes.io/group.name: shared-ingress - {{- end }} + alb.ingress.kubernetes.io/target-type: instance + alb.ingress.kubernetes.io/scheme: internet-facing spec: {{- if (and ($.Values.ingress.className) (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} ingressClassName: {{ $.Values.ingress.className }} @@ -27,18 +27,14 @@ spec: - http: paths: - pathType: Prefix - {{- if $.Values.ingress.enable_shared_ingress }} - path: "/{{ $serviceName }}" - {{ else }} path: "/" - {{- end }} backend: service: name: {{ $serviceName }} port: number: {{ $.Values.service.port }} --- -{{/* END: if .Values.service.port_type */}} +{{/* END: if .Values.ingress.className "alb" */}} {{- end }} {{/* END: if index $v "enabled" */}} {{- end }} diff --git a/helm-chart/eoapi/templates/services/ingress-nginx.yaml b/helm-chart/eoapi/templates/services/ingress-nginx.yaml new file mode 100644 index 00000000..3ad33a83 --- /dev/null +++ b/helm-chart/eoapi/templates/services/ingress-nginx.yaml @@ -0,0 +1,38 @@ +{{- if (eq .Values.ingress.className "nginx") }} +{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: nginx-service-ingress-shared + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/enable-cors: "true" +spec: + {{- if (and (.Values.ingress.className) (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + rules: + - http: + paths: + {{- range $serviceName, $v := .Values }} + {{- if (or (eq $serviceName "raster") (eq $serviceName "stac") (eq $serviceName "vector")) }} + {{- if index $v "enabled" }} + - pathType: Prefix + path: "/{{ $serviceName }}(/|$)(.*)" + backend: + service: + name: {{ $serviceName }} + port: + number: {{ $.Values.service.port }} + {{- end }}{{/* END: if index $v "enabled" */}} + {{- end }}{{/* END: if (or (eq $serviceName "raster") (eq $serviceName "stac") (eq $serviceName "vector")) */}} + {{- end }}{{/* END: range $serviceName, $v := .Values*/}} +--- +{{/* END: if .Values.ingress.className "alb" */}} +{{- end }} \ No newline at end of file diff --git a/helm-chart/eoapi/templates/services/manifest.yaml b/helm-chart/eoapi/templates/services/manifest.yaml deleted file mode 100644 index 14ecb3eb..00000000 --- a/helm-chart/eoapi/templates/services/manifest.yaml +++ /dev/null @@ -1,116 +0,0 @@ -{{- range $serviceName, $v := .Values -}} -{{- if (or (eq $serviceName "raster") (eq $serviceName "stac") (eq $serviceName "vector")) }} -{{- if index $v "enabled" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $serviceName }}-envvar-configmap -data: - {{- range $envKey, $envValue := index $v "settings" "envVars" }} - {{ upper $envKey }}: "{{ $envValue }}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: {{ $serviceName }} - gitsha: {{ $.Values.gitSha }} - name: {{ $serviceName }} -spec: - progressDeadlineSeconds: 600 - revisionHistoryLimit: 5 - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 50% - maxUnavailable: 0 - selector: - matchLabels: - app: {{ $serviceName }} - template: - metadata: - labels: - app: {{ $serviceName }} - spec: - containers: - - image: {{ index $v "image" "name" }}:{{ index $v "image" "tag" }} - name: {{ $serviceName }} - ports: - - containerPort: {{ $.Values.service.port }} - resources: - limits: - cpu: {{ index $v "settings" "resources" "limits" "cpu" }} - memory: {{ index $v "settings" "resources" "limits" "memory" }} - requests: - cpu: {{ index $v "settings" "resources" "requests" "cpu" }} - memory: {{ index $v "settings" "resources" "requests" "memory" }} - envFrom: - # NOTE: there's no reason we need to use a `ConfigMap` or `Secret` here to get os env vars into the pod. - # we could just template them out here immediately with `value: $_` but this allows us - # to store them in k8s intermediately and change them and then bounce deploys if needed - - secretRef: - name: pgstac-secrets - - configMapRef: - name: {{ $serviceName }}-envvar-configmap ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: {{ $serviceName }} - name: {{ $serviceName }} -spec: - type: {{ $.Values.service.port_type }} - ports: - - name: '{{ $.Values.service.port }}' - port: {{ $.Values.service.port }} - targetPort: {{ $.Values.service.port }} - selector: - app: {{ $serviceName }} ---- -{{- if (eq $.Values.service.port_type "NodePort") }} -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $.Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $serviceName }} - {{- with $.Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- if $.Values.ingress.enable_shared_ingress }} - alb.ingress.kubernetes.io/group.name: shared-ingress - {{- end }} -spec: - {{- if (and ($.Values.ingress.className) (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion)) }} - ingressClassName: {{ $.Values.ingress.className }} - {{- end }} - rules: - - http: - paths: - - pathType: Prefix - {{- if $.Values.ingress.enable_shared_ingress }} - path: "/{{ $serviceName }}" - {{ else }} - path: "/" - {{- end }} - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $.Values.service.port }} ---- -{{/* END: if .Values.service.port_type */}} -{{- end }} -{{/* END: if index $v "enabled" */}} -{{- end }} -{{/* END: if (or (eq $serviceName "raster") (eq $serviceName "stac") (eq $serviceName "vector")) */}} -{{- end }} -{{/* END: range $serviceName, $v := .Values*/}} -{{- end }} diff --git a/helm-chart/eoapi/templates/services/service.yaml b/helm-chart/eoapi/templates/services/service.yaml index 5f105562..c6cddae8 100644 --- a/helm-chart/eoapi/templates/services/service.yaml +++ b/helm-chart/eoapi/templates/services/service.yaml @@ -8,7 +8,11 @@ metadata: app: {{ $serviceName }} name: {{ $serviceName }} spec: - type: {{ $.Values.service.port_type }} + {{- if (and ($.Values.ingress.className) (eq $.Values.ingress.className "alb")) }} + type: "NodePort" + {{- else if (and ($.Values.ingress.className) (eq $.Values.ingress.className "nginx")) }} + type: "ClusterIP" + {{- end }} ports: - name: '{{ $.Values.service.port }}' port: {{ $.Values.service.port }} diff --git a/helm-chart/eoapi/tests/config_tests.yaml b/helm-chart/eoapi/tests/config_tests.yaml index 71863c01..253b2972 100644 --- a/helm-chart/eoapi/tests/config_tests.yaml +++ b/helm-chart/eoapi/tests/config_tests.yaml @@ -42,5 +42,5 @@ tests: path: metadata.name pattern: ^stac-envvar-configmap$ - equal: - path: data.TITILER_ENDPOINT - value: "raster:8080" + path: data.WEB_CONCURRENCY + value: "10" diff --git a/helm-chart/eoapi/tests/ingress_tests.yaml b/helm-chart/eoapi/tests/ingress_tests_alb.yaml similarity index 67% rename from helm-chart/eoapi/tests/ingress_tests.yaml rename to helm-chart/eoapi/tests/ingress_tests_alb.yaml index ec898ace..7b582d50 100644 --- a/helm-chart/eoapi/tests/ingress_tests.yaml +++ b/helm-chart/eoapi/tests/ingress_tests_alb.yaml @@ -1,9 +1,10 @@ suite: service defaults ingress templates: - - templates/services/ingress.yaml + - templates/services/ingress-alb.yaml tests: - it: "vector ingress defaults" set: + ingress.className: "alb" raster.enabled: false stac.enabled: false vector.enabled: true @@ -23,6 +24,7 @@ tests: value: "alb" - it: "raster ingress defaults" set: + ingress.className: "alb" raster.enabled: true stac.enabled: false vector.enabled: false @@ -42,6 +44,7 @@ tests: value: "alb" - it: "stac ingress defaults" set: + ingress.className: "alb" raster.enabled: false stac.enabled: true vector.enabled: false @@ -59,28 +62,3 @@ tests: - equal: path: spec.ingressClassName value: "alb" - - it: "vector enabled_shared_ingress override" - set: - raster.enabled: false - stac.enabled: false - vector.enabled: true - ingress.enable_shared_ingress: true - asserts: - - isKind: - of: Ingress - - matchRegex: - path: metadata.name - pattern: ^vector$ - - equal: - path: metadata.annotations - value: - alb.ingress.kubernetes.io/group.name: shared-ingress - alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/target-type: instance - - equal: - path: spec.rules[0].http.paths[0].path - value: "/vector" - - equal: - path: spec.ingressClassName - value: "alb" - diff --git a/helm-chart/eoapi/tests/ingress_tests_nginx.yaml b/helm-chart/eoapi/tests/ingress_tests_nginx.yaml new file mode 100644 index 00000000..0d88f61f --- /dev/null +++ b/helm-chart/eoapi/tests/ingress_tests_nginx.yaml @@ -0,0 +1,67 @@ +suite: service defaults ingress +templates: + - templates/services/ingress-nginx.yaml +tests: + - it: "vector ingress defaults" + set: + ingress.className: "nginx" + raster.enabled: false + stac.enabled: false + vector.enabled: true + asserts: + - isKind: + of: Ingress + - matchRegex: + path: spec.rules[0].http.paths[0].path + pattern: ^/vector\(\/\|\$\)\(\.\*\)$ + - equal: + path: metadata.annotations + value: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/enable-cors: "true" + - equal: + path: spec.ingressClassName + value: "nginx" + - it: "raster ingress defaults" + set: + ingress.className: "nginx" + raster.enabled: true + stac.enabled: false + vector.enabled: false + asserts: + - isKind: + of: Ingress + - matchRegex: + path: spec.rules[0].http.paths[0].path + pattern: ^/raster\(\/\|\$\)\(\.\*\)$ + - equal: + path: metadata.annotations + value: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/enable-cors: "true" + - equal: + path: spec.ingressClassName + value: "nginx" + - it: "stac ingress defaults" + set: + ingress.className: "nginx" + raster.enabled: false + stac.enabled: true + vector.enabled: false + asserts: + - isKind: + of: Ingress + - matchRegex: + path: spec.rules[0].http.paths[0].path + pattern: ^/stac\(\/\|\$\)\(\.\*\)$ + - equal: + path: metadata.annotations + value: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/enable-cors: "true" + - equal: + path: spec.ingressClassName + value: "nginx" diff --git a/helm-chart/eoapi/values.schema.json b/helm-chart/eoapi/values.schema.json index a875e906..84315db1 100644 --- a/helm-chart/eoapi/values.schema.json +++ b/helm-chart/eoapi/values.schema.json @@ -58,17 +58,24 @@ "service": { "type": "object", "required": [ - "port", - "port_type" + "port" ], "properties": { "port": { "type": "integer", "pattern": "^[0-9]{4}$" - }, - "port_type": { + } + } + }, + "ingress": { + "type": "object", + "required": [ + "className" + ], + "properties": { + "className": { "type": "string", - "pattern": "^(NodePort|LoadBalancer)$" + "pattern": "^(alb|nginx)$" } } }, diff --git a/helm-chart/eoapi/values.yaml b/helm-chart/eoapi/values.yaml index f896a4cb..7bcea3cd 100644 --- a/helm-chart/eoapi/values.yaml +++ b/helm-chart/eoapi/values.yaml @@ -31,11 +31,10 @@ comment: > --set db.settings.secrets.POSTGRES_PASSWORD=$POSTGRES_PASSWORD \ db: - # environment options: "rds" || "k8s" environment: "k8s" enabled: true # toggle to true if you want the db test fixtures loaded - enable_data_fixtures: false + enable_data_fixtures: true settings: resources: requests: @@ -60,27 +59,17 @@ gitSha: "" service: port: 8080 - # port_type: "NodePort" || "LoadBalancer" - # NodePort: will create an Ingress and ALB - # LoadBalancer: will create an NLB - port_type: "NodePort" ingress: - className: "alb" - # AWS EKS: - # https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/ - # GCP GKE: - # https://cloud.google.com/kubernetes-engine/docs/concepts/ingress - enable_shared_ingress: false - annotations: - alb.ingress.kubernetes.io/target-type: instance - alb.ingress.kubernetes.io/scheme: internet-facing + # `ingress.className: "alb"` will create a `kind:Service` with `spec.port:'NodePort'` and ALBs for each service + # `ingress.className: "nginx"` will create a `kind:Service` with a `spec.port:ClusterIP` and a single NLB and path rewrites + className: "nginx" raster: enabled: true image: - name: ghcr.io/developmentseed/eoapi-raster - tag: latest + name: ghcr.io/stac-utils/titiler-pgstac + tag: uvicorn-latest settings: timeout: 10 # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -116,8 +105,8 @@ raster: stac: enabled: true image: - name: ghcr.io/developmentseed/eoapi-stac - tag: latest + name: ghcr.io/stac-utils/stac-fastapi-pgstac + tag: 2.4.9 settings: timeout: 10 # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -136,17 +125,12 @@ stac: PORT: "8080" # https://www.uvicorn.org/settings/#production WEB_CONCURRENCY: "10" - ############# - # titiler - ############## - # https://github.com/developmentseed/eoAPI/issues/16 - TITILER_ENDPOINT: "raster:8080" vector: enabled: true image: - name: ghcr.io/developmentseed/eoapi-vector - tag: latest + name: ghcr.io/developmentseed/tipg + tag: uvicorn-latest settings: timeout: 10 # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/