Skip to content

Add initContainers to wait for db and it's bootstrap. #194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 1, 2025
Merged

Add initContainers to wait for db and it's bootstrap. #194

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2403fff
Added initContainers to wait for db and it's bootstrap.
pantierra Apr 1, 2025
652e84b
Consolidated service-accounts.
pantierra Apr 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions .github/workflows/helm-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,6 @@ jobs:
helm dependency build eoapi

helm install $RELEASE_NAME \
--namespace default \
-f ./eoapi/values.yaml \
-f ./eoapi/test-k3s-unittest-values.yaml \
./eoapi
Expand All @@ -100,7 +99,6 @@ jobs:
timeout-minutes: 10
continue-on-error: true
run: |
kubectl config set-context --current --namespace=default
while [[ -z "$(kubectl get pod | grep "^raster-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /.*/healthz" | head -n 1)" ]]; do
echo "still waiting for raster service to start..."
sleep 1
Expand Down Expand Up @@ -136,7 +134,6 @@ jobs:
kubectl get ingress --all-namespaces -o jsonpath='{range .items[0]}kubectl describe ingress {.metadata.name} -n {.metadata.namespace}{end}' | sh
kubectl get middleware.traefik.io --all-namespaces -o custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' --no-headers | while read -r namespace name; do kubectl describe middleware.traefik.io "$name" -n "$namespace"; done

kubectl config set-context --current --namespace=default
PUBLICIP='http://'$(kubectl -n kube-system get svc traefik -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
export VECTOR_ENDPOINT=$PUBLICIP/vector$RELEASE_NAME
export STAC_ENDPOINT=$PUBLICIP/stac$RELEASE_NAME
Expand Down
6 changes: 6 additions & 0 deletions helm-chart/eoapi/initdb-data/pgstac-setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
#! /usr/bin/env python3

# This script is used to setup the pgstac database.
# It is run as a job in the pgstacbootstrap pod.
# It is important that this script and all of its steps are idempotent.

import os
import psycopg
from psycopg import sql
Expand Down
9 changes: 9 additions & 0 deletions helm-chart/eoapi/templates/pgstacboostrap/job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,15 @@ spec:
app: pgstacbootstrap
spec:
restartPolicy: Never
initContainers:
- name: wait-for-db
image: busybox
command:
{{ if .Values.testing }}
['sh', '-c', 'until nc -z {{ $.Release.Name }}-pgbouncer 5432; do echo waiting for db; sleep 10; done;']
{{ else }}
['sh', '-c', 'until nc -z eoapi-pgbouncer 5432; do echo waiting for db; sleep 10; done;']
{{ end }}
containers:
- name: pgstacbootstrap
image: {{ .Values.pgstacBootstrap.image.name }}:{{ .Values.pgstacBootstrap.image.tag }}
Expand Down
16 changes: 16 additions & 0 deletions helm-chart/eoapi/templates/services/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,22 @@ spec:
labels:
app: {{ $serviceName }}-{{ $.Release.Name }}
spec:
serviceAccountName: eoapi-sa-{{ $.Release.Name }}
{{- if eq $serviceName "stac" }}
Copy link
Member

@batpad batpad Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I worry a bit about these conditionals - if we start having more conditionals for each service, this seems like it could get ugly real quick. This is definitely fine for now, but this is something I'd think about and revisit as soon as we have even another conditional for a specific service.

Copy link
Contributor Author

@pantierra pantierra Apr 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Totally agree. This was one (unrelated) attempt to reduce conditionals: #161

initContainers:
- name: wait-for-pgstacbootstrap
image: bitnami/kubectl:latest
command:
- /bin/sh
- -c
- |
echo "Waiting for pgstacbootstrap job to complete..."
while ! kubectl -n {{ $.Release.Namespace }} wait --for=condition=complete job/pgstacbootstrap --timeout=5s; do
echo "pgstacbootstrap job not completed yet. Checking again in 10 seconds..."
sleep 10
done
echo "pgstacbootstrap job completed successfully"
{{- end }}
containers:
- image: {{ index $v "image" "name" }}:{{ index $v "image" "tag" }}
name: {{ $serviceName }}
Expand Down
35 changes: 35 additions & 0 deletions helm-chart/eoapi/templates/services/rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
{{- if .Values.apiServices }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: eoapi-sa-{{ $.Release.Name }}
labels:
app: eoapi-{{ $.Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: eoapi-role-{{ $.Release.Name }}
labels:
app: eoapi-{{ $.Release.Name }}
rules:
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: eoapi-rolebinding-{{ $.Release.Name }}
labels:
app: eoapi-{{ $.Release.Name }}
subjects:
- kind: ServiceAccount
name: eoapi-sa-{{ $.Release.Name }}
namespace: {{ $.Release.Namespace }}
roleRef:
kind: Role
name: eoapi-role-{{ $.Release.Name }}
apiGroup: rbac.authorization.k8s.io
{{- end }}