From 6e8c826f1189c2ca27be325d3363c830f0e106a9 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Mon, 15 Sep 2025 16:00:40 -0500 Subject: [PATCH 01/12] Add env vars for wikipedia-wikiledia --- osm-seed/templates/web/web-deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/osm-seed/templates/web/web-deployment.yaml b/osm-seed/templates/web/web-deployment.yaml index 3ac7842b..dca9eca3 100644 --- a/osm-seed/templates/web/web-deployment.yaml +++ b/osm-seed/templates/web/web-deployment.yaml @@ -174,6 +174,10 @@ spec: value: {{ .Values.web.env.OPENSTREETMAP_AUTH_ID | default "" | quote }} - name: OPENSTREETMAP_AUTH_SECRET value: {{ .Values.web.env.OPENSTREETMAP_AUTH_SECRET | default "" | quote }} + - name: WIKIPEDIA_AUTH_ID + value: {{ .Values.web.env.WIKIPEDIA_AUTH_ID | default "" | quote }} + - name: WIKIPEDIA_AUTH_SECRET + value: {{ .Values.web.env.WIKIPEDIA_AUTH_SECRET | default "" | quote }} volumeMounts: - mountPath: /dev/shm name: shared-memory From 3cd165201144728adec3053064b6886b76b42851 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Fri, 3 Oct 2025 14:47:46 -0500 Subject: [PATCH 02/12] Add configuration to support a custom ingressClassName --- osm-seed/templates/nominatim-api/nominatim-ingress.yaml | 4 ++-- osm-seed/templates/nominatim-api/nominatim-service.yaml | 2 +- osm-seed/templates/osmcha-app/ingress.yaml | 4 ++-- osm-seed/templates/osmcha-app/service.yaml | 2 +- osm-seed/templates/overpass-api/overpass-api-service.yaml | 2 +- osm-seed/templates/taginfo/taginfo-ingress.yaml | 4 ++-- osm-seed/templates/taginfo/taginfo-service.yaml | 2 +- osm-seed/templates/tasking-manager-api/tm-ingress.yaml | 4 ++-- osm-seed/templates/tasking-manager-api/tm-service.yaml | 2 +- osm-seed/templates/tiler-server/tiler-server-ingress.yaml | 4 ++-- osm-seed/templates/tiler-server/tiler-server-service.yaml | 2 +- osm-seed/templates/web/web-ingress.yaml | 4 ++-- osm-seed/templates/web/web-service.yaml | 2 +- osm-seed/values.yaml | 7 +++++++ 14 files changed, 26 insertions(+), 19 deletions(-) diff --git a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml index 410312f8..88c206d7 100644 --- a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml @@ -4,12 +4,12 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-nominatim-api annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.nominatimApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m nginx.ingress.kubernetes.io/use-regex: "true" spec: - ingressClassName: nginx + ingressClassName: {{ .Values.nominatimApi.ingressClassName }} tls: - hosts: {{- if .Values.nominatimApi.ingressDomain }} diff --git a/osm-seed/templates/nominatim-api/nominatim-service.yaml b/osm-seed/templates/nominatim-api/nominatim-service.yaml index e707bd12..e8dd898c 100644 --- a/osm-seed/templates/nominatim-api/nominatim-service.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-service.yaml @@ -15,7 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.nominatimApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer {{- else }} fake.annotation: fake diff --git a/osm-seed/templates/osmcha-app/ingress.yaml b/osm-seed/templates/osmcha-app/ingress.yaml index 387f8448..4d03eb32 100644 --- a/osm-seed/templates/osmcha-app/ingress.yaml +++ b/osm-seed/templates/osmcha-app/ingress.yaml @@ -4,11 +4,11 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-osmcha-app annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.osmchaApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m spec: - ingressClassName: nginx + ingressClassName: {{ .Values.osmchaApi.ingressClassName }} tls: - hosts: {{- if .Values.osmchaApi.ingressDomain }} diff --git a/osm-seed/templates/osmcha-app/service.yaml b/osm-seed/templates/osmcha-app/service.yaml index 985cf171..4716aa9e 100644 --- a/osm-seed/templates/osmcha-app/service.yaml +++ b/osm-seed/templates/osmcha-app/service.yaml @@ -15,7 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.osmchaApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer {{- else }} fake.annotation: fake diff --git a/osm-seed/templates/overpass-api/overpass-api-service.yaml b/osm-seed/templates/overpass-api/overpass-api-service.yaml index 558973ae..d2228efc 100644 --- a/osm-seed/templates/overpass-api/overpass-api-service.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-service.yaml @@ -15,7 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.overpassApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer {{- else }} fake.annotation: fake diff --git a/osm-seed/templates/taginfo/taginfo-ingress.yaml b/osm-seed/templates/taginfo/taginfo-ingress.yaml index c546d2c3..1f014f9e 100644 --- a/osm-seed/templates/taginfo/taginfo-ingress.yaml +++ b/osm-seed/templates/taginfo/taginfo-ingress.yaml @@ -4,11 +4,11 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-taginfo-api annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.taginfo.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m spec: - ingressClassName: nginx + ingressClassName: {{ .Values.taginfo.ingressClassName }} tls: - hosts: {{- if .Values.taginfo.ingressDomain }} diff --git a/osm-seed/templates/taginfo/taginfo-service.yaml b/osm-seed/templates/taginfo/taginfo-service.yaml index 1a6e08bb..733e4328 100644 --- a/osm-seed/templates/taginfo/taginfo-service.yaml +++ b/osm-seed/templates/taginfo/taginfo-service.yaml @@ -15,7 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.taginfo.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer {{- else }} fake.annotation: fake diff --git a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml index d8dda37c..fb2d7046 100644 --- a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml @@ -4,11 +4,11 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-tm-api annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.tmApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m spec: - ingressClassName: nginx + ingressClassName: {{ .Values.tmApi.ingressClassName }} tls: - hosts: {{- if .Values.tmApi.ingressDomain }} diff --git a/osm-seed/templates/tasking-manager-api/tm-service.yaml b/osm-seed/templates/tasking-manager-api/tm-service.yaml index 33d13b23..116fe069 100644 --- a/osm-seed/templates/tasking-manager-api/tm-service.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-service.yaml @@ -15,7 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.tmApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer {{- else }} fake.annotation: fake diff --git a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml index bf544fde..7a004fb6 100644 --- a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml @@ -4,14 +4,14 @@ kind: Ingress metadata: name: {{ .Release.Name }}-ingress-tiler-server annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.tilerServer.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" spec: - ingressClassName: nginx + ingressClassName: {{ .Values.tilerServer.ingressClassName }} tls: - hosts: {{- if .Values.tilerServer.ingressDomain }} diff --git a/osm-seed/templates/tiler-server/tiler-server-service.yaml b/osm-seed/templates/tiler-server/tiler-server-service.yaml index 963e0d69..70e5627a 100644 --- a/osm-seed/templates/tiler-server/tiler-server-service.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-service.yaml @@ -10,7 +10,7 @@ metadata: release: {{ .Release.Name }} annotations: {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.tilerServer.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer {{- end }} {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} diff --git a/osm-seed/templates/web/web-ingress.yaml b/osm-seed/templates/web/web-ingress.yaml index e45cf645..198b0163 100644 --- a/osm-seed/templates/web/web-ingress.yaml +++ b/osm-seed/templates/web/web-ingress.yaml @@ -4,14 +4,14 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.web.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200" nginx.ingress.kubernetes.io/proxy-read-timeout: "1200" nginx.ingress.kubernetes.io/proxy-send-timeout: "1200" spec: - ingressClassName: nginx + ingressClassName: {{ .Values.web.ingressClassName }} tls: - hosts: {{- if .Values.web.ingressDomain }} diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml index 341eae06..ee1602c8 100644 --- a/osm-seed/templates/web/web-service.yaml +++ b/osm-seed/templates/web/web-service.yaml @@ -18,7 +18,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.web.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer {{- else }} fake.annotation: fake diff --git a/osm-seed/values.yaml b/osm-seed/values.yaml index 08ae0923..eee376b7 100644 --- a/osm-seed/values.yaml +++ b/osm-seed/values.yaml @@ -138,6 +138,7 @@ web: tag: "" priorityClass: "high-priority" replicaCount: 1 + ingressClassName: nginx-nlb ingressDomain: www.dev.osmseed.org serviceAnnotations: {} env: @@ -563,6 +564,7 @@ tilerServer: priorityClass: "medium-priority" replicaCount: 1 serviceAnnotations: {} + ingressClassName: nginx-nlb ingressDomain: tiler2.dev.openhistoricalmap.org env: TILER_SERVER_PORT: 9090 @@ -700,6 +702,7 @@ tmApi: nodeSelector: enabled: false replicaCount: 1 + ingressClassName: nginx-nlb ingressDomain: tm-api.dev.osmseed.org serviceAnnotations: {} env: @@ -761,6 +764,7 @@ nominatimApi: priorityClass: "medium-priority" serviceAnnotations: {} replicaCount: 1 + ingressClassName: nginx-nlb ingressDomain: nominatim-api.dev.osmseed.org env: PBF_URL: http://download.geofabrik.de/europe/monaco-latest.osm.pbf @@ -819,6 +823,7 @@ overpassApi: tag: "" priorityClass: "medium-priority" serviceAnnotations: {} + ingressClassName: nginx-nlb ingressDomain: overpass-api.dev.osmseed.org env: OVERPASS_META: "yes" @@ -865,6 +870,7 @@ taginfo: tag: "" priorityClass: "medium-priority" serviceAnnotations: {} + ingressClassName: nginx-nlb ingressDomain: taginfo-dev.staging.openhistoricalmap.org env: URL_PLANET_FILE_STATE: https://planet.osm.org/pbf/state.txt @@ -996,6 +1002,7 @@ osmchaApi: image: name: "ghcr.io/osmcha/osmcha-django" tag: "61a80e897b45fb9b1a177bf433fb79bfa7fda59d" + ingressClassName: nginx-nlb ingressDomain: osmcha.dev.osmseed.org priorityClass: "medium-priority" env: From 48f14a23b4bba87f61399ae805a14e437e2ae9cd Mon Sep 17 00:00:00 2001 From: Rub21 Date: Fri, 3 Oct 2025 14:51:01 -0500 Subject: [PATCH 03/12] Add configuration to support a custom ingressClassName - overpass-api --- osm-seed/templates/overpass-api/overpass-api-ingress.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml index ccdf5ac3..c9a3c188 100644 --- a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml @@ -4,14 +4,14 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-overpass-api annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.overpassApi.ingressClassName }} cert-manager.io/cluster-issuer: letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200" nginx.ingress.kubernetes.io/proxy-read-timeout: "1200" nginx.ingress.kubernetes.io/proxy-send-timeout: "1200" spec: - ingressClassName: nginx + ingressClassName: {{ .Values.overpassApi.ingressClassName }} tls: - hosts: {{- if .Values.overpassApi.ingressDomain }} From bd1db086a6a1ed0476e66fa46af73f4e032ac56a Mon Sep 17 00:00:00 2001 From: Rub21 Date: Fri, 3 Oct 2025 15:08:19 -0500 Subject: [PATCH 04/12] Set gitsha for taginfo image --- images/taginfo/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/images/taginfo/Dockerfile b/images/taginfo/Dockerfile index e461bceb..137196b3 100644 --- a/images/taginfo/Dockerfile +++ b/images/taginfo/Dockerfile @@ -30,6 +30,7 @@ RUN apt-get update && apt-get install -y \ RUN git clone https://github.com/taginfo/taginfo-tools.git $workdir/taginfo-tools && \ cd $workdir/taginfo-tools && \ + git checkout 24412e65740752f8b962bd1cf3baf350d0672cc7 && \ git submodule update --init && \ mkdir build && cd build && \ cmake .. && make From df15c357e93dd93621d3e4fd2311752e6a59d791 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Fri, 3 Oct 2025 16:45:12 -0500 Subject: [PATCH 05/12] Rename ClusterIssuer and point to ingressClassName --- osm-seed/templates/cgimap/cgimap-service.yaml | 3 +-- osm-seed/templates/letsencrypt-issuer.yaml | 6 +++--- osm-seed/templates/nominatim-api/nominatim-ingress.yaml | 5 ++--- osm-seed/templates/nominatim-api/nominatim-service.yaml | 3 +-- osm-seed/templates/osmcha-app/ingress.yaml | 5 ++--- osm-seed/templates/osmcha-app/service.yaml | 3 +-- osm-seed/templates/overpass-api/overpass-api-ingress.yaml | 5 ++--- osm-seed/templates/overpass-api/overpass-api-service.yaml | 3 +-- osm-seed/templates/taginfo/taginfo-ingress.yaml | 5 ++--- osm-seed/templates/taginfo/taginfo-service.yaml | 3 +-- osm-seed/templates/tasking-manager-api/tm-ingress.yaml | 5 ++--- osm-seed/templates/tasking-manager-api/tm-service.yaml | 3 +-- osm-seed/templates/tiler-server/tiler-server-ingress.yaml | 5 ++--- osm-seed/templates/tiler-server/tiler-server-service.yaml | 3 +-- osm-seed/templates/web/web-ingress.yaml | 5 ++--- osm-seed/templates/web/web-service.yaml | 4 ++-- 16 files changed, 26 insertions(+), 40 deletions(-) diff --git a/osm-seed/templates/cgimap/cgimap-service.yaml b/osm-seed/templates/cgimap/cgimap-service.yaml index bed7721a..688e0fc4 100644 --- a/osm-seed/templates/cgimap/cgimap-service.yaml +++ b/osm-seed/templates/cgimap/cgimap-service.yaml @@ -15,8 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- else }} fake.annotation: fake {{- end }} diff --git a/osm-seed/templates/letsencrypt-issuer.yaml b/osm-seed/templates/letsencrypt-issuer.yaml index f9fa2aef..dd856ef9 100644 --- a/osm-seed/templates/letsencrypt-issuer.yaml +++ b/osm-seed/templates/letsencrypt-issuer.yaml @@ -2,7 +2,7 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: letsencrypt-prod-issuer + name: {{ .Release.Name }}-letsencrypt-prod-issuer spec: acme: # You must replace this email address with your own. @@ -15,12 +15,12 @@ spec: server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: # Secret resource used to store the account's private key. - name: letsencrypt-issuer-key + name: {{ .Release.Name }}-letsencrypt-issuer-key # Enable the HTTP-01 challenge provider # you prove ownership of a domain by ensuring that a particular # file is present at the domain solvers: - http01: ingress: - class: nginx + class: {{ .Values.ingressClassName }} {{- end }} \ No newline at end of file diff --git a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml index 88c206d7..138fa095 100644 --- a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml @@ -4,12 +4,11 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-nominatim-api annotations: - kubernetes.io/ingress.class: {{ .Values.nominatimApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m nginx.ingress.kubernetes.io/use-regex: "true" spec: - ingressClassName: {{ .Values.nominatimApi.ingressClassName }} + ingressClassName: {{ .Values.ingressClassName }} tls: - hosts: {{- if .Values.nominatimApi.ingressDomain }} diff --git a/osm-seed/templates/nominatim-api/nominatim-service.yaml b/osm-seed/templates/nominatim-api/nominatim-service.yaml index e8dd898c..2fb8a855 100644 --- a/osm-seed/templates/nominatim-api/nominatim-service.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-service.yaml @@ -15,8 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: {{ .Values.nominatimApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- else }} fake.annotation: fake {{- end }} diff --git a/osm-seed/templates/osmcha-app/ingress.yaml b/osm-seed/templates/osmcha-app/ingress.yaml index 4d03eb32..261550f8 100644 --- a/osm-seed/templates/osmcha-app/ingress.yaml +++ b/osm-seed/templates/osmcha-app/ingress.yaml @@ -4,11 +4,10 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-osmcha-app annotations: - kubernetes.io/ingress.class: {{ .Values.osmchaApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m spec: - ingressClassName: {{ .Values.osmchaApi.ingressClassName }} + ingressClassName: {{ .Values.ingressClassName }} tls: - hosts: {{- if .Values.osmchaApi.ingressDomain }} diff --git a/osm-seed/templates/osmcha-app/service.yaml b/osm-seed/templates/osmcha-app/service.yaml index 4716aa9e..da9441e5 100644 --- a/osm-seed/templates/osmcha-app/service.yaml +++ b/osm-seed/templates/osmcha-app/service.yaml @@ -15,8 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: {{ .Values.osmchaApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- else }} fake.annotation: fake {{- end }} diff --git a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml index c9a3c188..4a335df3 100644 --- a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml @@ -4,14 +4,13 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-overpass-api annotations: - kubernetes.io/ingress.class: {{ .Values.overpassApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200" nginx.ingress.kubernetes.io/proxy-read-timeout: "1200" nginx.ingress.kubernetes.io/proxy-send-timeout: "1200" spec: - ingressClassName: {{ .Values.overpassApi.ingressClassName }} + ingressClassName: {{ .Values.ingressClassName }} tls: - hosts: {{- if .Values.overpassApi.ingressDomain }} diff --git a/osm-seed/templates/overpass-api/overpass-api-service.yaml b/osm-seed/templates/overpass-api/overpass-api-service.yaml index d2228efc..811fc1ff 100644 --- a/osm-seed/templates/overpass-api/overpass-api-service.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-service.yaml @@ -15,8 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: {{ .Values.overpassApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- else }} fake.annotation: fake {{- end }} diff --git a/osm-seed/templates/taginfo/taginfo-ingress.yaml b/osm-seed/templates/taginfo/taginfo-ingress.yaml index 1f014f9e..2b958684 100644 --- a/osm-seed/templates/taginfo/taginfo-ingress.yaml +++ b/osm-seed/templates/taginfo/taginfo-ingress.yaml @@ -4,11 +4,10 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-taginfo-api annotations: - kubernetes.io/ingress.class: {{ .Values.taginfo.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m spec: - ingressClassName: {{ .Values.taginfo.ingressClassName }} + ingressClassName: {{ .Values.ingressClassName }} tls: - hosts: {{- if .Values.taginfo.ingressDomain }} diff --git a/osm-seed/templates/taginfo/taginfo-service.yaml b/osm-seed/templates/taginfo/taginfo-service.yaml index 733e4328..9196724a 100644 --- a/osm-seed/templates/taginfo/taginfo-service.yaml +++ b/osm-seed/templates/taginfo/taginfo-service.yaml @@ -15,8 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: {{ .Values.taginfo.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- else }} fake.annotation: fake {{- end }} diff --git a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml index fb2d7046..c2598373 100644 --- a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml @@ -4,11 +4,10 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-tm-api annotations: - kubernetes.io/ingress.class: {{ .Values.tmApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 5m spec: - ingressClassName: {{ .Values.tmApi.ingressClassName }} + ingressClassName: {{ .Values.ingressClassName }} tls: - hosts: {{- if .Values.tmApi.ingressDomain }} diff --git a/osm-seed/templates/tasking-manager-api/tm-service.yaml b/osm-seed/templates/tasking-manager-api/tm-service.yaml index 116fe069..c3e72089 100644 --- a/osm-seed/templates/tasking-manager-api/tm-service.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-service.yaml @@ -15,8 +15,7 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: {{ .Values.tmApi.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- else }} fake.annotation: fake {{- end }} diff --git a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml index 7a004fb6..2bcb0024 100644 --- a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml @@ -4,14 +4,13 @@ kind: Ingress metadata: name: {{ .Release.Name }}-ingress-tiler-server annotations: - kubernetes.io/ingress.class: {{ .Values.tilerServer.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" spec: - ingressClassName: {{ .Values.tilerServer.ingressClassName }} + ingressClassName: {{ .Values.ingressClassName }} tls: - hosts: {{- if .Values.tilerServer.ingressDomain }} diff --git a/osm-seed/templates/tiler-server/tiler-server-service.yaml b/osm-seed/templates/tiler-server/tiler-server-service.yaml index 70e5627a..204e98b7 100644 --- a/osm-seed/templates/tiler-server/tiler-server-service.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-service.yaml @@ -10,8 +10,7 @@ metadata: release: {{ .Release.Name }} annotations: {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: {{ .Values.tilerServer.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} diff --git a/osm-seed/templates/web/web-ingress.yaml b/osm-seed/templates/web/web-ingress.yaml index 198b0163..a97e4bdc 100644 --- a/osm-seed/templates/web/web-ingress.yaml +++ b/osm-seed/templates/web/web-ingress.yaml @@ -4,14 +4,13 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress annotations: - kubernetes.io/ingress.class: {{ .Values.web.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200" nginx.ingress.kubernetes.io/proxy-read-timeout: "1200" nginx.ingress.kubernetes.io/proxy-send-timeout: "1200" spec: - ingressClassName: {{ .Values.web.ingressClassName }} + ingressClassName: {{ .Values.ingressClassName }} tls: - hosts: {{- if .Values.web.ingressDomain }} diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml index ee1602c8..669875e7 100644 --- a/osm-seed/templates/web/web-service.yaml +++ b/osm-seed/templates/web/web-service.yaml @@ -18,8 +18,8 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https {{- end }} {{- if eq .Values.serviceType "ClusterIP" }} - kubernetes.io/ingress.class: {{ .Values.web.ingressClassName }} - cert-manager.io/cluster-issuer: letsencrypt-prod-issuer + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" {{- else }} fake.annotation: fake {{- end }} From fba7033319f0e276f2627bfc8274426c7636c403 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Fri, 3 Oct 2025 16:47:18 -0500 Subject: [PATCH 06/12] Set global ingressClassName value --- osm-seed/values.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/osm-seed/values.yaml b/osm-seed/values.yaml index eee376b7..7f00e2b9 100644 --- a/osm-seed/values.yaml +++ b/osm-seed/values.yaml @@ -42,6 +42,7 @@ AWS_SSL_ARN: false # serviceType: NodePort serviceType: ClusterIP createClusterIssuer: false +ingressClassName: nginx-nlb # Domain that is pointed to the clusterIP # You will need to create an A record like *.osmseed.example.com pointed to the ClusterIP # Then, the cluster configuration will setup services at their respective subdomains: @@ -138,7 +139,6 @@ web: tag: "" priorityClass: "high-priority" replicaCount: 1 - ingressClassName: nginx-nlb ingressDomain: www.dev.osmseed.org serviceAnnotations: {} env: @@ -564,7 +564,6 @@ tilerServer: priorityClass: "medium-priority" replicaCount: 1 serviceAnnotations: {} - ingressClassName: nginx-nlb ingressDomain: tiler2.dev.openhistoricalmap.org env: TILER_SERVER_PORT: 9090 @@ -702,7 +701,6 @@ tmApi: nodeSelector: enabled: false replicaCount: 1 - ingressClassName: nginx-nlb ingressDomain: tm-api.dev.osmseed.org serviceAnnotations: {} env: @@ -764,7 +762,6 @@ nominatimApi: priorityClass: "medium-priority" serviceAnnotations: {} replicaCount: 1 - ingressClassName: nginx-nlb ingressDomain: nominatim-api.dev.osmseed.org env: PBF_URL: http://download.geofabrik.de/europe/monaco-latest.osm.pbf @@ -823,7 +820,6 @@ overpassApi: tag: "" priorityClass: "medium-priority" serviceAnnotations: {} - ingressClassName: nginx-nlb ingressDomain: overpass-api.dev.osmseed.org env: OVERPASS_META: "yes" @@ -870,7 +866,6 @@ taginfo: tag: "" priorityClass: "medium-priority" serviceAnnotations: {} - ingressClassName: nginx-nlb ingressDomain: taginfo-dev.staging.openhistoricalmap.org env: URL_PLANET_FILE_STATE: https://planet.osm.org/pbf/state.txt @@ -1002,7 +997,6 @@ osmchaApi: image: name: "ghcr.io/osmcha/osmcha-django" tag: "61a80e897b45fb9b1a177bf433fb79bfa7fda59d" - ingressClassName: nginx-nlb ingressDomain: osmcha.dev.osmseed.org priorityClass: "medium-priority" env: From a351757c293eca2a9c70d3c8033fa6ccd33b78e6 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Mon, 6 Oct 2025 20:43:12 -0500 Subject: [PATCH 07/12] Support ALB for web service --- osm-seed/templates/web/web-ingress.yaml | 103 ++++++++++++++---------- osm-seed/templates/web/web-service.yaml | 48 +++++------ 2 files changed, 81 insertions(+), 70 deletions(-) diff --git a/osm-seed/templates/web/web-ingress.yaml b/osm-seed/templates/web/web-ingress.yaml index a97e4bdc..4d7b5728 100644 --- a/osm-seed/templates/web/web-ingress.yaml +++ b/osm-seed/templates/web/web-ingress.yaml @@ -2,54 +2,71 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ template "osm-seed.fullname" . }}-ingress + name: {{ .Release.Name }}-ingress-web annotations: + {{- if eq .Values.ingressClassNameType "nlb" }} + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m - nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200" - nginx.ingress.kubernetes.io/proxy-read-timeout: "1200" - nginx.ingress.kubernetes.io/proxy-send-timeout: "1200" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + {{- end }} + + {{- if eq .Values.ingressClassNameType "alb" }} + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} + alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' + alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- end }} spec: ingressClassName: {{ .Values.ingressClassName }} + {{- if eq .Values.ingressClassNameType "nlb" }} + ingressClassName: {{ .Values.ingressClassNameType }} tls: - - hosts: - {{- if .Values.web.ingressDomain }} - - {{ .Values.web.ingressDomain }} - {{- else }} - - web.{{ .Values.domain }} - {{- end }} - - api.{{ .Values.domain }} - - {{ .Values.domain }} - secretName: {{ template "osm-seed.fullname" . }}-tls-secret + - hosts: + {{- if .Values.web.ingressDomain }} + - {{ .Values.web.ingressDomain }} + {{- else }} + - web.{{ .Values.domain }} + {{- end }} + - api.{{ .Values.domain }} + - {{ .Values.domain }} + secretName: {{ .Release.Name }}-tls-secret + {{- end }} rules: - - host: {{ if .Values.web.ingressDomain }}{{ .Values.web.ingressDomain }}{{ else }}web.{{ .Values.domain }}{{ end }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "osm-seed.fullname" . }}-web - port: - number: 80 - - host: api.{{ .Values.domain }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "osm-seed.fullname" . }}-web - port: - number: 80 - - host: {{ .Values.domain }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ template "osm-seed.fullname" . }}-web - port: - number: 80 + - host: {{ if .Values.web.ingressDomain }}{{ .Values.web.ingressDomain }}{{ else }}web.{{ .Values.domain }}{{ end }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-service-web + port: + number: 80 + + - host: api.{{ .Values.domain }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-service-web + port: + number: 80 + + - host: {{ .Values.domain }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-service-web + port: + number: 80 {{- end }} diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml index 669875e7..15916df0 100644 --- a/osm-seed/templates/web/web-service.yaml +++ b/osm-seed/templates/web/web-service.yaml @@ -2,46 +2,40 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "osm-seed.fullname" . }}-web + name: {{ .Release.Name }}-service-web labels: app: {{ template "osm-seed.name" . }} component: web-service environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if eq .Values.serviceType "LoadBalancer" }} + {{- if and (eq .Values.serviceType "LoadBalancer") (eq .Values.ingressClassNameType "nlb") }} + # NLB + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} + {{- if .Values.AWS_SSL_ARN }} service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - {{- end }} - {{- if eq .Values.serviceType "ClusterIP" }} - cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - service.beta.kubernetes.io/aws-load-balancer-type: "nlb" - {{- else }} - fake.annotation: fake + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" {{- end }} - {{- with .Values.web.serviceAnnotations }} - {{- toYaml . | nindent 4 }} {{- end }} - spec: - type: {{ .Values.serviceType }} + # ALB -> should be ClusterIP; NLB -> LoadBalancer + type: {{ if eq .Values.ingressClassNameType "nlb" }}{{ default "LoadBalancer" .Values.serviceType }}{{ else }}ClusterIP{{ end }} + selector: + app: {{ template "osm-seed.name" . }} + release: {{ .Release.Name }} + run: {{ .Release.Name }}-web ports: - - port: 80 + - name: http + port: 80 targetPort: http protocol: TCP - name: http - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - - port: 443 + {{- if and (eq .Values.ingressClassNameType "nlb") .Values.AWS_SSL_ARN }} + - name: https + port: 443 targetPort: http protocol: TCP - name: https - {{- end }} - selector: - app: {{ template "osm-seed.name" . }} - release: {{ .Release.Name }} - run: {{ .Release.Name }}-web -{{- end }} \ No newline at end of file + {{- end }} +{{- end }} From debbcfee4683d3e11d74a1330aa4fc8684423044 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Tue, 7 Oct 2025 14:59:02 -0500 Subject: [PATCH 08/12] Update ingress and service config to support aws ALB --- .../nominatim-api/nominatim-ingress.yaml | 20 ++++++++- .../nominatim-api/nominatim-service.yaml | 45 +++---------------- osm-seed/templates/osmcha-app/ingress.yaml | 19 +++++++- osm-seed/templates/osmcha-app/service.yaml | 15 +++---- .../overpass-api/overpass-api-ingress.yaml | 20 +++++++-- .../overpass-api/overpass-api-service.yaml | 25 +++-------- .../templates/taginfo/taginfo-ingress.yaml | 21 ++++++++- .../templates/taginfo/taginfo-service.yaml | 15 +++---- .../tasking-manager-api/tm-ingress.yaml | 21 ++++++++- .../tasking-manager-api/tm-service.yaml | 17 +++---- .../tiler-server/tiler-server-ingress.yaml | 16 +++++++ .../tiler-server/tiler-server-service.yaml | 28 ++++-------- osm-seed/templates/web/web-ingress.yaml | 5 ++- osm-seed/templates/web/web-service.yaml | 12 +++-- 14 files changed, 156 insertions(+), 123 deletions(-) diff --git a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml index 138fa095..44771a17 100644 --- a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml @@ -4,9 +4,25 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-nominatim-api annotations: + ## NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - nginx.ingress.kubernetes.io/proxy-body-size: 5m - nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 200m + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + {{- end }} + # ALB + {{- if eq .Values.ingressClassNameType "alb" }} + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} + alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} + alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' + alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- end }} spec: ingressClassName: {{ .Values.ingressClassName }} tls: diff --git a/osm-seed/templates/nominatim-api/nominatim-service.yaml b/osm-seed/templates/nominatim-api/nominatim-service.yaml index 2fb8a855..1739e250 100644 --- a/osm-seed/templates/nominatim-api/nominatim-service.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-service.yaml @@ -9,50 +9,27 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https + # NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" {{- end }} + # ClusterIP {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - {{- else }} - fake.annotation: fake - {{- end }} - {{- with .Values.nominatimApi.serviceAnnotations }} - {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.nominatimApi.enabled .Values.nominatimApi.externalService.enabled }} - # External service (no selector) - ports: - - name: http - port: 80 - targetPort: {{ .Values.nominatimApi.externalService.port | default "80" }} - protocol: TCP - {{- else }} - # Internal service type: {{ .Values.serviceType }} ports: - port: 80 protocol: TCP name: http targetPort: api - # - port: 5432 - # protocol: TCP - # name: postgres - # targetPort: postgres - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - - port: 443 - protocol: TCP - name: https - targetPort: apache - {{- end }} selector: app: {{ template "osm-seed.name" . }} release: {{ .Release.Name }} run: {{ .Release.Name }}-nominatim - {{- end }} {{- end }} --- {{- if and .Values.nominatimApi.enabled .Values.nominatimUI.enabled }} @@ -66,15 +43,6 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} spec: - {{- if and .Values.nominatimUI.enabled .Values.nominatimUI.externalService.enabled }} - # External service (no selector) - ports: - - name: http - port: 80 - targetPort: {{ .Values.nominatimUI.externalService.port | default "80" }} - protocol: TCP - {{- else }} - # Internal service type: ClusterIP ports: - port: 80 @@ -85,5 +53,4 @@ spec: app: {{ template "osm-seed.name" . }} release: {{ .Release.Name }} run: {{ .Release.Name }}-nominatim - {{- end }} {{- end }} \ No newline at end of file diff --git a/osm-seed/templates/osmcha-app/ingress.yaml b/osm-seed/templates/osmcha-app/ingress.yaml index 261550f8..61ad561a 100644 --- a/osm-seed/templates/osmcha-app/ingress.yaml +++ b/osm-seed/templates/osmcha-app/ingress.yaml @@ -4,8 +4,25 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-osmcha-app annotations: + ## NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - nginx.ingress.kubernetes.io/proxy-body-size: 5m + nginx.ingress.kubernetes.io/proxy-body-size: 200m + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + {{- end }} + # ALB + {{- if eq .Values.ingressClassNameType "alb" }} + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} + alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} + alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' + alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- end }} spec: ingressClassName: {{ .Values.ingressClassName }} tls: diff --git a/osm-seed/templates/osmcha-app/service.yaml b/osm-seed/templates/osmcha-app/service.yaml index da9441e5..1568c26c 100644 --- a/osm-seed/templates/osmcha-app/service.yaml +++ b/osm-seed/templates/osmcha-app/service.yaml @@ -9,18 +9,15 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https + # NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" {{- end }} + # ClusterIP {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - {{- else }} - fake.annotation: fake - {{- end }} - {{- with .Values.osmchaApi.serviceAnnotations }} - {{- toYaml . | nindent 4 }} {{- end }} spec: type: {{ .Values.serviceType }} diff --git a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml index 4a335df3..d623d52c 100644 --- a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml @@ -4,11 +4,25 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-overpass-api annotations: + ## NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m - nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200" - nginx.ingress.kubernetes.io/proxy-read-timeout: "1200" - nginx.ingress.kubernetes.io/proxy-send-timeout: "1200" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + {{- end }} + # ALB + {{- if eq .Values.ingressClassNameType "alb" }} + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} + alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} + alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' + alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- end }} spec: ingressClassName: {{ .Values.ingressClassName }} tls: diff --git a/osm-seed/templates/overpass-api/overpass-api-service.yaml b/osm-seed/templates/overpass-api/overpass-api-service.yaml index 811fc1ff..37c829be 100644 --- a/osm-seed/templates/overpass-api/overpass-api-service.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-service.yaml @@ -9,29 +9,17 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https + # NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" {{- end }} + # ClusterIP {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - {{- else }} - fake.annotation: fake - {{- end }} - {{- with .Values.overpassApi.serviceAnnotations }} - {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.overpassApi.enabled .Values.overpassApi.externalService.enabled }} - # External service (no selector) - ports: - - name: http - port: 80 - targetPort: {{ .Values.overpassApi.externalService.port | default "80" }} - protocol: TCP - {{- else }} - # Internal service type: {{ .Values.serviceType }} ports: - port: 80 @@ -48,5 +36,4 @@ spec: app: {{ template "osm-seed.name" . }} release: {{ .Release.Name }} run: {{ .Release.Name }}-overpass-api - {{- end }} {{- end }} diff --git a/osm-seed/templates/taginfo/taginfo-ingress.yaml b/osm-seed/templates/taginfo/taginfo-ingress.yaml index 2b958684..38eb1728 100644 --- a/osm-seed/templates/taginfo/taginfo-ingress.yaml +++ b/osm-seed/templates/taginfo/taginfo-ingress.yaml @@ -4,10 +4,28 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-taginfo-api annotations: + ## NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - nginx.ingress.kubernetes.io/proxy-body-size: 5m + nginx.ingress.kubernetes.io/proxy-body-size: 200m + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + {{- end }} + # ALB + {{- if eq .Values.ingressClassNameType "alb" }} + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} + alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} + alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' + alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- end }} spec: ingressClassName: {{ .Values.ingressClassName }} + {{- if eq .Values.ingressClassNameType "nlb" }} tls: - hosts: {{- if .Values.taginfo.ingressDomain }} @@ -16,6 +34,7 @@ spec: - taginfo.{{ .Values.domain }} {{- end }} secretName: {{ template "osm-seed.fullname" . }}-secret-taginfo + {{- end }} rules: - host: {{ if .Values.taginfo.ingressDomain }}{{ .Values.taginfo.ingressDomain }}{{ else }}taginfo.{{ .Values.domain }}{{ end }} http: diff --git a/osm-seed/templates/taginfo/taginfo-service.yaml b/osm-seed/templates/taginfo/taginfo-service.yaml index 9196724a..f955ba3a 100644 --- a/osm-seed/templates/taginfo/taginfo-service.yaml +++ b/osm-seed/templates/taginfo/taginfo-service.yaml @@ -9,18 +9,15 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https + # NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" {{- end }} + # ClusterIP {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - {{- else }} - fake.annotation: fake - {{- end }} - {{- with .Values.taginfo.serviceAnnotations }} - {{- toYaml . | nindent 4 }} {{- end }} spec: type: {{ .Values.serviceType }} diff --git a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml index c2598373..a0a7ed93 100644 --- a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml @@ -4,10 +4,28 @@ kind: Ingress metadata: name: {{ template "osm-seed.fullname" . }}-ingress-tm-api annotations: + ## NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - nginx.ingress.kubernetes.io/proxy-body-size: 5m + nginx.ingress.kubernetes.io/proxy-body-size: 200m + nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + {{- end }} + # ALB + {{- if eq .Values.ingressClassNameType "alb" }} + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} + alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} + alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' + alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- end }} spec: ingressClassName: {{ .Values.ingressClassName }} + {{- if eq .Values.ingressClassNameType "nlb" }} tls: - hosts: {{- if .Values.tmApi.ingressDomain }} @@ -16,6 +34,7 @@ spec: - tm-api.{{ .Values.domain }} {{- end }} secretName: {{ template "osm-seed.fullname" . }}-secret-tm-api + {{- end }} rules: - host: {{ if .Values.tmApi.ingressDomain }}{{ .Values.tmApi.ingressDomain }}{{ else }}tm-api.{{ .Values.domain }}{{ end }} http: diff --git a/osm-seed/templates/tasking-manager-api/tm-service.yaml b/osm-seed/templates/tasking-manager-api/tm-service.yaml index c3e72089..23530f1d 100644 --- a/osm-seed/templates/tasking-manager-api/tm-service.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-service.yaml @@ -9,21 +9,18 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https + # NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" {{- end }} + # ClusterIP {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - {{- else }} - fake.annotation: fake - {{- end }} - {{- with .Values.tmApi.serviceAnnotations }} - {{- toYaml . | nindent 4 }} {{- end }} spec: - type: {{ .Values.serviceType }} + type: {{ if eq .Values.ingressClassNameType "nlb" }}{{ default "LoadBalancer" .Values.serviceType }}{{ else }}ClusterIP{{ end }} ports: - port: 80 targetPort: http diff --git a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml index 2bcb0024..d086d00a 100644 --- a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml @@ -4,13 +4,28 @@ kind: Ingress metadata: name: {{ .Release.Name }}-ingress-tiler-server annotations: + ## NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer nginx.ingress.kubernetes.io/proxy-body-size: 200m nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + {{- end }} + # ALB + {{- if eq .Values.ingressClassNameType "alb" }} + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} + alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} + alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' + alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- end }} spec: ingressClassName: {{ .Values.ingressClassName }} + {{- if eq .Values.ingressClassNameType "nlb" }} tls: - hosts: {{- if .Values.tilerServer.ingressDomain }} @@ -19,6 +34,7 @@ spec: - tiler.{{ .Values.domain }} {{- end }} secretName: {{ .Release.Name }}-secret-tiler-server + {{- end }} rules: - host: {{ if .Values.tilerServer.ingressDomain }}{{ .Values.tilerServer.ingressDomain }}{{ else }}tiler.{{ .Values.domain }}{{ end }} http: diff --git a/osm-seed/templates/tiler-server/tiler-server-service.yaml b/osm-seed/templates/tiler-server/tiler-server-service.yaml index 204e98b7..064db9b2 100644 --- a/osm-seed/templates/tiler-server/tiler-server-service.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-service.yaml @@ -9,29 +9,18 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: + # NLB + {{- if eq .Values.ingressClassNameType "nlb" }} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" + {{- end }} + # ClusterIP {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "600" - {{- end }} - {{- with .Values.tilerServer.serviceAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} spec: - # This is a workaround for the issue with the external service - {{- if and .Values.tilerServer.enabled .Values.tilerServer.externalService.enabled }} - ports: - - name: http - port: 80 - targetPort: {{ .Values.tilerServer.externalService.port | default "9090" }} - protocol: TCP - {{- else }} - # This is the default service, atached to the deployment - type: {{ default "ClusterIP" .Values.serviceType }} + type: {{ .Values.serviceType }} ports: - name: http port: 80 @@ -45,5 +34,4 @@ spec: app: {{ template "osm-seed.name" . }} release: {{ .Release.Name }} run: {{ .Release.Name }}-tiler-server # This is working for deployment and not for statefulset , make sure you use "s3" to storage the vtiles - {{- end }} {{- end }} diff --git a/osm-seed/templates/web/web-ingress.yaml b/osm-seed/templates/web/web-ingress.yaml index 4d7b5728..31e29b10 100644 --- a/osm-seed/templates/web/web-ingress.yaml +++ b/osm-seed/templates/web/web-ingress.yaml @@ -4,6 +4,7 @@ kind: Ingress metadata: name: {{ .Release.Name }}-ingress-web annotations: + ## NLB {{- if eq .Values.ingressClassNameType "nlb" }} kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer @@ -12,9 +13,10 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" {{- end }} - + # ALB {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' @@ -24,7 +26,6 @@ metadata: spec: ingressClassName: {{ .Values.ingressClassName }} {{- if eq .Values.ingressClassNameType "nlb" }} - ingressClassName: {{ .Values.ingressClassNameType }} tls: - hosts: {{- if .Values.web.ingressDomain }} diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml index 15916df0..6a0f9c85 100644 --- a/osm-seed/templates/web/web-service.yaml +++ b/osm-seed/templates/web/web-service.yaml @@ -9,20 +9,18 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if and (eq .Values.serviceType "LoadBalancer") (eq .Values.ingressClassNameType "nlb") }} # NLB + {{- if eq .Values.ingressClassNameType "nlb" }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- if .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" {{- end }} + # ClusterIP + {{- if eq .Values.serviceType "ClusterIP" }} + cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} spec: - # ALB -> should be ClusterIP; NLB -> LoadBalancer - type: {{ if eq .Values.ingressClassNameType "nlb" }}{{ default "LoadBalancer" .Values.serviceType }}{{ else }}ClusterIP{{ end }} + type: {{ .Values.serviceType }} selector: app: {{ template "osm-seed.name" . }} release: {{ .Release.Name }} From 3609a4be276272b22e7dcb9b3a074ed545f35d68 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Tue, 7 Oct 2025 15:10:00 -0500 Subject: [PATCH 09/12] Set annotations for ingress --- osm-seed/templates/nominatim-api/nominatim-ingress.yaml | 4 ++-- osm-seed/templates/osmcha-app/ingress.yaml | 4 ++-- osm-seed/templates/overpass-api/overpass-api-ingress.yaml | 4 ++-- osm-seed/templates/taginfo/taginfo-ingress.yaml | 4 ++-- osm-seed/templates/tasking-manager-api/tm-ingress.yaml | 4 ++-- osm-seed/templates/tiler-server/tiler-server-ingress.yaml | 4 ++-- osm-seed/templates/web/web-ingress.yaml | 4 ++-- osm-seed/values.yaml | 7 ++++++- 8 files changed, 20 insertions(+), 15 deletions(-) diff --git a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml index 44771a17..c65bfb4b 100644 --- a/osm-seed/templates/nominatim-api/nominatim-ingress.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-ingress.yaml @@ -17,8 +17,8 @@ metadata: {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} - alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} - alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" alb.ingress.kubernetes.io/ssl-redirect: '443' diff --git a/osm-seed/templates/osmcha-app/ingress.yaml b/osm-seed/templates/osmcha-app/ingress.yaml index 61ad561a..ae32c440 100644 --- a/osm-seed/templates/osmcha-app/ingress.yaml +++ b/osm-seed/templates/osmcha-app/ingress.yaml @@ -17,8 +17,8 @@ metadata: {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} - alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} - alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" alb.ingress.kubernetes.io/ssl-redirect: '443' diff --git a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml index d623d52c..7bb6f8dd 100644 --- a/osm-seed/templates/overpass-api/overpass-api-ingress.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-ingress.yaml @@ -17,8 +17,8 @@ metadata: {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} - alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} - alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" alb.ingress.kubernetes.io/ssl-redirect: '443' diff --git a/osm-seed/templates/taginfo/taginfo-ingress.yaml b/osm-seed/templates/taginfo/taginfo-ingress.yaml index 38eb1728..a9aa70f8 100644 --- a/osm-seed/templates/taginfo/taginfo-ingress.yaml +++ b/osm-seed/templates/taginfo/taginfo-ingress.yaml @@ -17,8 +17,8 @@ metadata: {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} - alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} - alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" alb.ingress.kubernetes.io/ssl-redirect: '443' diff --git a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml index a0a7ed93..82a44ad4 100644 --- a/osm-seed/templates/tasking-manager-api/tm-ingress.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-ingress.yaml @@ -17,8 +17,8 @@ metadata: {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} - alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} - alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" alb.ingress.kubernetes.io/ssl-redirect: '443' diff --git a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml index d086d00a..7bc066cb 100644 --- a/osm-seed/templates/tiler-server/tiler-server-ingress.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-ingress.yaml @@ -17,8 +17,8 @@ metadata: {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} - alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} - alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" alb.ingress.kubernetes.io/ssl-redirect: '443' diff --git a/osm-seed/templates/web/web-ingress.yaml b/osm-seed/templates/web/web-ingress.yaml index 31e29b10..77f9b810 100644 --- a/osm-seed/templates/web/web-ingress.yaml +++ b/osm-seed/templates/web/web-ingress.yaml @@ -17,8 +17,8 @@ metadata: {{- if eq .Values.ingressClassNameType "alb" }} kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/group.name: {{ .Release.Name }} - alb.ingress.kubernetes.io/scheme: {{ .Values.alb.scheme | default "internet-facing" }} - alb.ingress.kubernetes.io/target-type: {{ .Values.alb.targetType | default "ip" }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" alb.ingress.kubernetes.io/listen-ports: '{{ .Values.alb.listenPorts | default "[{\"HTTP\":80},{\"HTTPS\":443}]" }}' alb.ingress.kubernetes.io/certificate-arn: "{{ .Values.alb.certificateArn }}" alb.ingress.kubernetes.io/ssl-redirect: '443' diff --git a/osm-seed/values.yaml b/osm-seed/values.yaml index 7f00e2b9..6d41c018 100644 --- a/osm-seed/values.yaml +++ b/osm-seed/values.yaml @@ -42,7 +42,12 @@ AWS_SSL_ARN: false # serviceType: NodePort serviceType: ClusterIP createClusterIssuer: false -ingressClassName: nginx-nlb +## ALB configuration +ingressClassNameType: "alb" #Type can be alb or nlb +ingressClassName: alb #nginx, nginx-nlb, alb +alb: + certificateArn: "arn:aws:acm:us-east-1:618380242247:certificate/498e3dc0-843b-4c98-8d41-861775806e86" + # Domain that is pointed to the clusterIP # You will need to create an A record like *.osmseed.example.com pointed to the ClusterIP # Then, the cluster configuration will setup services at their respective subdomains: From 053aa13477b27007ea1ca1219676363530706ee7 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Tue, 7 Oct 2025 16:39:21 -0500 Subject: [PATCH 10/12] Use ClusterIssuer only if it is NLB --- osm-seed/templates/letsencrypt-issuer.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/osm-seed/templates/letsencrypt-issuer.yaml b/osm-seed/templates/letsencrypt-issuer.yaml index dd856ef9..d1858474 100644 --- a/osm-seed/templates/letsencrypt-issuer.yaml +++ b/osm-seed/templates/letsencrypt-issuer.yaml @@ -1,4 +1,4 @@ -{{- if and (eq .Values.serviceType "ClusterIP") (eq .Values.createClusterIssuer true) }} +{{- if and (eq .Values.serviceType "ClusterIP") (eq .Values.ingressClassNameType "elb") }} apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: From ab9b3c21cf65f8685b59256944df8f21bebd7619 Mon Sep 17 00:00:00 2001 From: Rub21 Date: Tue, 7 Oct 2025 17:52:21 -0500 Subject: [PATCH 11/12] Update configs --- osm-seed/templates/cgimap/cgimap-service.yaml | 16 +++++----------- .../nominatim-api/nominatim-service.yaml | 5 +---- osm-seed/templates/osmcha-app/service.yaml | 5 +---- .../overpass-api/overpass-api-service.yaml | 5 +---- osm-seed/templates/taginfo/taginfo-service.yaml | 5 +---- .../tasking-manager-api/tm-service.yaml | 5 +---- .../tiler-server/tiler-server-service.yaml | 5 +---- osm-seed/templates/web/web-service.yaml | 6 ++---- 8 files changed, 13 insertions(+), 39 deletions(-) diff --git a/osm-seed/templates/cgimap/cgimap-service.yaml b/osm-seed/templates/cgimap/cgimap-service.yaml index 688e0fc4..512f599b 100644 --- a/osm-seed/templates/cgimap/cgimap-service.yaml +++ b/osm-seed/templates/cgimap/cgimap-service.yaml @@ -9,18 +9,12 @@ metadata: environment: {{ .Values.environment }} release: {{ .Release.Name }} annotations: - {{- if and (eq .Values.serviceType "LoadBalancer") .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.AWS_SSL_ARN }} - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https - {{- end }} - {{- if eq .Values.serviceType "ClusterIP" }} + # NLB + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} + service.beta.kubernetes.io/aws-load-balancer-type: "nlb" + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" + service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer - {{- else }} - fake.annotation: fake - {{- end }} - {{- with .Values.cgimap.serviceAnnotations }} - {{- toYaml . | nindent 4 }} {{- end }} spec: type: {{ .Values.serviceType }} diff --git a/osm-seed/templates/nominatim-api/nominatim-service.yaml b/osm-seed/templates/nominatim-api/nominatim-service.yaml index 1739e250..d3f320f9 100644 --- a/osm-seed/templates/nominatim-api/nominatim-service.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-service.yaml @@ -10,13 +10,10 @@ metadata: release: {{ .Release.Name }} annotations: # NLB - {{- if eq .Values.ingressClassNameType "nlb" }} + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - # ClusterIP - {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} spec: diff --git a/osm-seed/templates/osmcha-app/service.yaml b/osm-seed/templates/osmcha-app/service.yaml index 1568c26c..25d93a68 100644 --- a/osm-seed/templates/osmcha-app/service.yaml +++ b/osm-seed/templates/osmcha-app/service.yaml @@ -10,13 +10,10 @@ metadata: release: {{ .Release.Name }} annotations: # NLB - {{- if eq .Values.ingressClassNameType "nlb" }} + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - # ClusterIP - {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} spec: diff --git a/osm-seed/templates/overpass-api/overpass-api-service.yaml b/osm-seed/templates/overpass-api/overpass-api-service.yaml index 37c829be..47ec242b 100644 --- a/osm-seed/templates/overpass-api/overpass-api-service.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-service.yaml @@ -10,13 +10,10 @@ metadata: release: {{ .Release.Name }} annotations: # NLB - {{- if eq .Values.ingressClassNameType "nlb" }} + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - # ClusterIP - {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} spec: diff --git a/osm-seed/templates/taginfo/taginfo-service.yaml b/osm-seed/templates/taginfo/taginfo-service.yaml index f955ba3a..b5a69d54 100644 --- a/osm-seed/templates/taginfo/taginfo-service.yaml +++ b/osm-seed/templates/taginfo/taginfo-service.yaml @@ -10,13 +10,10 @@ metadata: release: {{ .Release.Name }} annotations: # NLB - {{- if eq .Values.ingressClassNameType "nlb" }} + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - # ClusterIP - {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} spec: diff --git a/osm-seed/templates/tasking-manager-api/tm-service.yaml b/osm-seed/templates/tasking-manager-api/tm-service.yaml index 23530f1d..869c8bb2 100644 --- a/osm-seed/templates/tasking-manager-api/tm-service.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-service.yaml @@ -10,13 +10,10 @@ metadata: release: {{ .Release.Name }} annotations: # NLB - {{- if eq .Values.ingressClassNameType "nlb" }} + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - # ClusterIP - {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} spec: diff --git a/osm-seed/templates/tiler-server/tiler-server-service.yaml b/osm-seed/templates/tiler-server/tiler-server-service.yaml index 064db9b2..8be1024e 100644 --- a/osm-seed/templates/tiler-server/tiler-server-service.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-service.yaml @@ -10,13 +10,10 @@ metadata: release: {{ .Release.Name }} annotations: # NLB - {{- if eq .Values.ingressClassNameType "nlb" }} + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - # ClusterIP - {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} spec: diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml index 6a0f9c85..7221e5e7 100644 --- a/osm-seed/templates/web/web-service.yaml +++ b/osm-seed/templates/web/web-service.yaml @@ -10,15 +10,13 @@ metadata: release: {{ .Release.Name }} annotations: # NLB - {{- if eq .Values.ingressClassNameType "nlb" }} + {{- if and (eq .Values.ingressClassNameType "nlb" ) (eq .Values.serviceType "ClusterIP") }} service.beta.kubernetes.io/aws-load-balancer-type: "nlb" service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" - {{- end }} - # ClusterIP - {{- if eq .Values.serviceType "ClusterIP" }} cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} + spec: type: {{ .Values.serviceType }} selector: From 697bb28fe664d55a6f194255ee134a257327450e Mon Sep 17 00:00:00 2001 From: Rub21 Date: Wed, 8 Oct 2025 11:45:01 -0500 Subject: [PATCH 12/12] Add healthcheck-path for services - alb --- osm-seed/templates/nominatim-api/nominatim-service.yaml | 4 ++++ osm-seed/templates/overpass-api/overpass-api-service.yaml | 4 ++++ osm-seed/templates/taginfo/taginfo-service.yaml | 4 ++++ osm-seed/templates/tasking-manager-api/tm-service.yaml | 4 ++++ osm-seed/templates/tiler-server/tiler-server-service.yaml | 5 +++++ osm-seed/templates/web/web-service.yaml | 4 ++++ 6 files changed, 25 insertions(+) diff --git a/osm-seed/templates/nominatim-api/nominatim-service.yaml b/osm-seed/templates/nominatim-api/nominatim-service.yaml index d3f320f9..11da7234 100644 --- a/osm-seed/templates/nominatim-api/nominatim-service.yaml +++ b/osm-seed/templates/nominatim-api/nominatim-service.yaml @@ -16,6 +16,10 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} + + {{- if and (eq .Values.ingressClassNameType "alb" ) (eq .Values.serviceType "ClusterIP") }} + alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.nominatimApi.healthCheckPath | default "/" }} + {{- end }} spec: type: {{ .Values.serviceType }} ports: diff --git a/osm-seed/templates/overpass-api/overpass-api-service.yaml b/osm-seed/templates/overpass-api/overpass-api-service.yaml index 47ec242b..6a09f917 100644 --- a/osm-seed/templates/overpass-api/overpass-api-service.yaml +++ b/osm-seed/templates/overpass-api/overpass-api-service.yaml @@ -16,6 +16,10 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} + + {{- if and (eq .Values.ingressClassNameType "alb" ) (eq .Values.serviceType "ClusterIP") }} + alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.overpassApi.healthCheckPath | default "/" }} + {{- end }} spec: type: {{ .Values.serviceType }} ports: diff --git a/osm-seed/templates/taginfo/taginfo-service.yaml b/osm-seed/templates/taginfo/taginfo-service.yaml index b5a69d54..c02395e5 100644 --- a/osm-seed/templates/taginfo/taginfo-service.yaml +++ b/osm-seed/templates/taginfo/taginfo-service.yaml @@ -16,6 +16,10 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} + + {{- if and (eq .Values.ingressClassNameType "alb" ) (eq .Values.serviceType "ClusterIP") }} + alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.taginfo.healthCheckPath | default "/" }} + {{- end }} spec: type: {{ .Values.serviceType }} ports: diff --git a/osm-seed/templates/tasking-manager-api/tm-service.yaml b/osm-seed/templates/tasking-manager-api/tm-service.yaml index 869c8bb2..b5860436 100644 --- a/osm-seed/templates/tasking-manager-api/tm-service.yaml +++ b/osm-seed/templates/tasking-manager-api/tm-service.yaml @@ -16,6 +16,10 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} + + {{- if and (eq .Values.ingressClassNameType "alb" ) (eq .Values.serviceType "ClusterIP") }} + alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.tmApi.healthCheckPath | default "/api/docs" }} + {{- end }} spec: type: {{ if eq .Values.ingressClassNameType "nlb" }}{{ default "LoadBalancer" .Values.serviceType }}{{ else }}ClusterIP{{ end }} ports: diff --git a/osm-seed/templates/tiler-server/tiler-server-service.yaml b/osm-seed/templates/tiler-server/tiler-server-service.yaml index 8be1024e..33aa34f6 100644 --- a/osm-seed/templates/tiler-server/tiler-server-service.yaml +++ b/osm-seed/templates/tiler-server/tiler-server-service.yaml @@ -16,6 +16,11 @@ metadata: service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300" cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} + + {{- if and (eq .Values.ingressClassNameType "alb" ) (eq .Values.serviceType "ClusterIP") }} + alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.tilerServer.healthCheckPath | default "/" }} + {{- end }} + spec: type: {{ .Values.serviceType }} ports: diff --git a/osm-seed/templates/web/web-service.yaml b/osm-seed/templates/web/web-service.yaml index 7221e5e7..8edc4554 100644 --- a/osm-seed/templates/web/web-service.yaml +++ b/osm-seed/templates/web/web-service.yaml @@ -17,6 +17,10 @@ metadata: cert-manager.io/cluster-issuer: {{ .Release.Name }}-letsencrypt-prod-issuer {{- end }} + {{- if and (eq .Values.ingressClassNameType "alb" ) (eq .Values.serviceType "ClusterIP") }} + alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.web.healthCheckPath | default "/" }} + {{- end }} + spec: type: {{ .Values.serviceType }} selector: