From 956fbe12cd19ca87d6e5c315374c3edda0f73138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9C=D0=BE=D0=BB=D0=BE=D1=87=D0=BD=D0=B8=D0=BA=D0=BE?= =?UTF-8?q?=D0=B2=20=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9?= Date: Thu, 8 Aug 2024 15:22:43 +0700 Subject: [PATCH] =?UTF-8?q?=D0=BE=D0=B1=D0=BD=D0=BE=D0=B2=D0=B8=D0=BB?= =?UTF-8?q?=D0=B8=20PRO=20API=20=D0=B4=D0=BE=20=D0=B2=D0=B5=D1=80=D1=81?= =?UTF-8?q?=D0=B8=D0=B8=201.32.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/pro-api/Chart.yaml | 2 +- charts/pro-api/README.md | 30 +++++++++---------- charts/pro-api/templates/_helpers.tpl | 10 ------- charts/pro-api/templates/deployment.yaml | 21 ++++++++----- .../templates/permissions-api-deployment.yaml | 9 ++++-- charts/pro-api/values.yaml | 26 ++++++++-------- 6 files changed, 49 insertions(+), 49 deletions(-) diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index f56c386d..137e8d76 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -5,7 +5,7 @@ description: Geo API for getting geo data type: application version: 1.26.0 -appVersion: 1.22.0 +appVersion: 1.32.0 maintainers: - name: 2gis diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index 0fb1d733..9feea54c 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -75,7 +75,7 @@ | Name | Description | Value | | ------------------ | ----------- | ------------------------- | | `image.repository` | Repository | `2gis-on-premise/pro-api` | -| `image.tag` | Tag | `1.22.0` | +| `image.tag` | Tag | `1.32.0` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### 2GIS PRO Storage configuration @@ -105,15 +105,16 @@ ### Auth configuration -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | -| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | -| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | -| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | -| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | -| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | -| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | +| Name | Description | Value | +| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | +| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | +| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | +| `auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | +| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | +| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | +| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | +| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | ### PostgreSQL settings @@ -202,10 +203,9 @@ ### 2GIS PRO API Job settings -| Name | Description | Value | -| -------------------------- | -------------------------- | --------------------- | -| `appAssetImporterName` | Data Import job name. | `asset-importer` | -| `appUserAssetImporterName` | User Data Import job name. | `user-asset-importer` | +| Name | Description | Value | +| ---------------------- | --------------------- | ---------------- | +| `appAssetImporterName` | Data Import job name. | `asset-importer` | ### 2GIS PRO Permissions API configuration @@ -218,7 +218,7 @@ | Name | Description | Value | | ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.22.0` | +| `assetImporter.tag` | Docker image tag. | `1.32.0` | | `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | | `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index d114e20d..38121023 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -33,15 +33,6 @@ {{- end -}} {{- end -}} -{{- define "pro-api.user-asset-importer-name" -}} -{{- $name := default .Values.appUserAssetImporterName -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - {{- define "pro-api.asset-preparer-name" -}} {{- $name := default .Values.appAssetPreparerName -}} {{- if contains $name .Release.Name -}} @@ -51,7 +42,6 @@ {{- end -}} {{- end -}} - {{- define "pro-api.service-account-name" -}} {{- if empty .Values.api.serviceAccountOverride }} {{- $name := default .Values.api.serviceAccount -}} diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index 54df5b65..e6582ad4 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -70,13 +70,16 @@ spec: - name: http containerPort: 8080 protocol: TCP + - name: management + containerPort: 8090 + protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -85,7 +88,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: http + port: management failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 5 @@ -94,7 +97,7 @@ spec: startupProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 20 initialDelaySeconds: 5 periodSeconds: 5 @@ -112,10 +115,8 @@ spec: value: "{{ .Values.backgroundJobs.enableUserAssetsImporter }}" - name: Import__EnableAssetsStreaming value: "{{ .Values.backgroundJobs.enableAssetsStreaming }}" - - name: Import__CommonAssetsJobName + - name: Import__AssetImporterJobName value: {{ include "pro-api.asset-importer-name" . }} - - name: Import__UserAssetsJobName - value: {{ include "pro-api.user-asset-importer-name" . }} - name: Import__ExternalLinksProxyUrl value: "{{ .Values.assetImporter.externalLinksProxyUrl }}" - name: Import__ExternalLinksAllowedHosts @@ -220,7 +221,7 @@ spec: - name: Kafka__ImportTasksTopicSettings__ReaderGroupId value: {{ $.Values.kafka.importTasksTopic.readerGroupId }} - name: Kafka__AssetDataTopicSettings__Name - value: {{ $.Values.kafka.assetDataTopic.name }} + value: {{ required "A valid .Values.kafka.assetDataTopic.name entry required" $.Values.kafka.assetDataTopic.name }} - name: Kafka__EventsTopicSettings__Name value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} - name: Kafka__EventsTopicSettings__ReaderGroupId @@ -231,6 +232,8 @@ spec: value: "{{ .Values.auth.url }}" - name: Auth__UserInfoEndpoint value: "{{ .Values.auth.userInfoEndpoint }}" + - name: Auth__WellKnownConfigEndpoint + value: "{{ .Values.auth.wellKnownConfigEndpoint }}" - name: Auth__AutoRegisterUsers value: "{{ .Values.auth.autoRegisterUsers }}" - name: Auth__TurnOffCertValidation @@ -297,3 +300,7 @@ spec: value: "{{ .Values.api.localCache.trackStatistics }}" - name: LicensingService__BaseUri value: {{ required "A valid .Values.license.url entry required" $.Values.license.url }} + {{- range $i, $s := .Values.api.openApi.servers }} + - name: OpenApi__Servers__{{$i}} + value: "{{ $s }}" + {{- end }} diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index 27e399e2..b8b74382 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -66,13 +66,16 @@ spec: - name: http containerPort: 8081 protocol: TCP + - name: management + containerPort: 8091 + protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -81,7 +84,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: http + port: management failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 @@ -90,7 +93,7 @@ spec: startupProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 9174c7c8..313e426f 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,4 +1,4 @@ -# @section Docker Registry settings +# @section Docker Registry settings # @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. @@ -121,14 +121,14 @@ vpa: image: repository: 2gis-on-premise/pro-api - tag: 1.22.0 + tag: 1.32.0 pullPolicy: IfNotPresent # @skip permissionsApiImage permissionsApiImage: repository: 2gis-on-premise/pro-permissions-api - tag: 1.22.0 + tag: 1.32.0 pullPolicy: IfNotPresent # @section 2GIS PRO Storage configuration @@ -148,7 +148,7 @@ s3: # @section 2GIS PRO API configuration -# @param api.serviceAccount Kubernetes service account +# @param api.serviceAccount Kubernetes service account # @param api.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. # @param api.tempPath Path to directory used for temp data # @param api.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service @@ -167,6 +167,8 @@ s3: # @skip Local cache settings # @skip api.localCache.enabled # @skip api.localCache.trackStatistics +# @skip Open API settings +# @skip api.openApi.servers api: serviceAccount: runner @@ -187,12 +189,15 @@ api: localCache: enabled: true trackStatistics: false + openApi: + servers: [] # @section Auth configuration # @param auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol # @param auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` # @param auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` +# @param auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` # @param auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` # @param auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` # @param auth.turnOffCertValidation Turn off certificate validation for auth.url @@ -203,6 +208,7 @@ auth: type: none url: '' userInfoEndpoint: '' + wellKnownConfigEndpoint: '' apiKey: '' permissionsApiKey: '' autoRegisterUsers: true @@ -349,11 +355,9 @@ tileGen: # @section 2GIS PRO API Job settings # @param appAssetImporterName Data Import job name. -# @param appUserAssetImporterName User Data Import job name. # @skip appAssetPreparerName appAssetImporterName: asset-importer -appUserAssetImporterName: user-asset-importer appAssetPreparerName: asset-preparer # @skip permissionsPodSettings @@ -377,7 +381,7 @@ permissionsPodSettings: memory: 256M limits: cpu: 1 - memory: 512M + memory: 1G # @section 2GIS PRO Permissions API configuration # @skip permissionsApi.host @@ -414,7 +418,7 @@ permissionsApi: assetImporter: repository: 2gis-on-premise/pro-importer - tag: 1.22.0 + tag: 1.32.0 schedule: 0 18 * * * backoffLimit: 2 successfulJobsHistoryLimit: 3 @@ -437,15 +441,11 @@ assetImporter: externalLinksAllowedHosts: '' esMetricsEnabled: false -# @skip userAssetImporter -userAssetImporter: - enabled: true - # @skip assetPreparer assetPreparer: repository: 2gis-on-premise/pro-importer - tag: 1.22.0 + tag: 1.32.0 schedule: 0 16 * * 6 backoffLimit: 2 successfulJobsHistoryLimit: 1