diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index f56c386d..137e8d76 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -5,7 +5,7 @@ description: Geo API for getting geo data type: application version: 1.26.0 -appVersion: 1.22.0 +appVersion: 1.32.0 maintainers: - name: 2gis diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index 0fb1d733..9feea54c 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -75,7 +75,7 @@ | Name | Description | Value | | ------------------ | ----------- | ------------------------- | | `image.repository` | Repository | `2gis-on-premise/pro-api` | -| `image.tag` | Tag | `1.22.0` | +| `image.tag` | Tag | `1.32.0` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### 2GIS PRO Storage configuration @@ -105,15 +105,16 @@ ### Auth configuration -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | -| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | -| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | -| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | -| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | -| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | -| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | +| Name | Description | Value | +| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | +| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | +| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | +| `auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | +| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | +| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | +| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | +| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | ### PostgreSQL settings @@ -202,10 +203,9 @@ ### 2GIS PRO API Job settings -| Name | Description | Value | -| -------------------------- | -------------------------- | --------------------- | -| `appAssetImporterName` | Data Import job name. | `asset-importer` | -| `appUserAssetImporterName` | User Data Import job name. | `user-asset-importer` | +| Name | Description | Value | +| ---------------------- | --------------------- | ---------------- | +| `appAssetImporterName` | Data Import job name. | `asset-importer` | ### 2GIS PRO Permissions API configuration @@ -218,7 +218,7 @@ | Name | Description | Value | | ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.22.0` | +| `assetImporter.tag` | Docker image tag. | `1.32.0` | | `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | | `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index d114e20d..38121023 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -33,15 +33,6 @@ {{- end -}} {{- end -}} -{{- define "pro-api.user-asset-importer-name" -}} -{{- $name := default .Values.appUserAssetImporterName -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - {{- define "pro-api.asset-preparer-name" -}} {{- $name := default .Values.appAssetPreparerName -}} {{- if contains $name .Release.Name -}} @@ -51,7 +42,6 @@ {{- end -}} {{- end -}} - {{- define "pro-api.service-account-name" -}} {{- if empty .Values.api.serviceAccountOverride }} {{- $name := default .Values.api.serviceAccount -}} diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index 54df5b65..e6582ad4 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -70,13 +70,16 @@ spec: - name: http containerPort: 8080 protocol: TCP + - name: management + containerPort: 8090 + protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -85,7 +88,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: http + port: management failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 5 @@ -94,7 +97,7 @@ spec: startupProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 20 initialDelaySeconds: 5 periodSeconds: 5 @@ -112,10 +115,8 @@ spec: value: "{{ .Values.backgroundJobs.enableUserAssetsImporter }}" - name: Import__EnableAssetsStreaming value: "{{ .Values.backgroundJobs.enableAssetsStreaming }}" - - name: Import__CommonAssetsJobName + - name: Import__AssetImporterJobName value: {{ include "pro-api.asset-importer-name" . }} - - name: Import__UserAssetsJobName - value: {{ include "pro-api.user-asset-importer-name" . }} - name: Import__ExternalLinksProxyUrl value: "{{ .Values.assetImporter.externalLinksProxyUrl }}" - name: Import__ExternalLinksAllowedHosts @@ -220,7 +221,7 @@ spec: - name: Kafka__ImportTasksTopicSettings__ReaderGroupId value: {{ $.Values.kafka.importTasksTopic.readerGroupId }} - name: Kafka__AssetDataTopicSettings__Name - value: {{ $.Values.kafka.assetDataTopic.name }} + value: {{ required "A valid .Values.kafka.assetDataTopic.name entry required" $.Values.kafka.assetDataTopic.name }} - name: Kafka__EventsTopicSettings__Name value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} - name: Kafka__EventsTopicSettings__ReaderGroupId @@ -231,6 +232,8 @@ spec: value: "{{ .Values.auth.url }}" - name: Auth__UserInfoEndpoint value: "{{ .Values.auth.userInfoEndpoint }}" + - name: Auth__WellKnownConfigEndpoint + value: "{{ .Values.auth.wellKnownConfigEndpoint }}" - name: Auth__AutoRegisterUsers value: "{{ .Values.auth.autoRegisterUsers }}" - name: Auth__TurnOffCertValidation @@ -297,3 +300,7 @@ spec: value: "{{ .Values.api.localCache.trackStatistics }}" - name: LicensingService__BaseUri value: {{ required "A valid .Values.license.url entry required" $.Values.license.url }} + {{- range $i, $s := .Values.api.openApi.servers }} + - name: OpenApi__Servers__{{$i}} + value: "{{ $s }}" + {{- end }} diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index 27e399e2..b8b74382 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -66,13 +66,16 @@ spec: - name: http containerPort: 8081 protocol: TCP + - name: management + containerPort: 8091 + protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -81,7 +84,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: http + port: management failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 @@ -90,7 +93,7 @@ spec: startupProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 diff --git a/charts/pro-api/templates/user-asset-importer.yaml b/charts/pro-api/templates/user-asset-importer.yaml deleted file mode 100755 index a861ab88..00000000 --- a/charts/pro-api/templates/user-asset-importer.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{ if .Values.userAssetImporter.enabled }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "pro-api.user-asset-importer-name" . }} -spec: - concurrencyPolicy: Forbid - schedule: "{{ .Values.assetImporter.schedule }}" - successfulJobsHistoryLimit: {{ .Values.assetImporter.successfulJobsHistoryLimit }} - suspend: true # джоба используется как шаблон для запуска обычных джоб - jobTemplate: - spec: - backoffLimit: {{ .Values.assetImporter.backoffLimit }} - template: - spec: - {{- with .Values.assetImporter.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - restartPolicy: Never - serviceAccountName: {{ include "pro-api.service-account-name" . }} - volumes: - - name: temp-volume - emptyDir: {} - containers: - - name: {{ include "pro-api.user-asset-importer-name" . }} - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.assetImporter.repository }}:{{ .Values.assetImporter.tag }} - imagePullPolicy: IfNotPresent - resources: - {{- toYaml .Values.assetImporter.resources | nindent 16 }} - volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" - name: temp-volume - env: - - name: JOB_NAME - value: {{ include "pro-api.user-asset-importer-name" . }} - - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" - - name: ENV - value: "{{ .Values.api.env }}" - - name: MODE - value: "Schedule" - - name: ASSET_TYPE - value: "user" - - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetImporter.maxParallelJobs }}" - - name: S3Settings__Url - value: {{ required "A valid .Values.dgctlStorage.host entry required" $.Values.dgctlStorage.host }} - - name: S3Settings__Secure - value: "{{ .Values.dgctlStorage.secure }}" - - name: S3Settings__Region - value: {{ .Values.dgctlStorage.region }} - - name: S3Settings__DisablePayloadSigning - value: "{{ .Values.dgctlStorage.disablePayloadSigning }}" - - name: S3Settings__AssetDataBucket - value: {{ required "A valid .Values.s3.assetsDataBucket entry required" $.Values.s3.assetsDataBucket }} - - name: S3Settings__UserAssetDataBucket - value: "{{ .Values.s3.userAssetsDataBucket }}" - - name: S3Settings__LayerDataBucket - value: "{{ .Values.s3.layerDataBucket }}" - - name: S3Settings__SnapshotBucket - value: {{ .Values.s3.snapshotBucket }} - - name: S3Settings__AccessKey - valueFrom: - secretKeyRef: - key: s3AccessKey - name: {{ include "pro-api.name" . }}-secret - - name: S3Settings__SecretKey - valueFrom: - secretKeyRef: - key: s3SecretKey - name: {{ include "pro-api.name" . }}-secret - - name: ES_HOST - value: "{{ .Values.elastic.host }}" - {{- if .Values.elastic.credentials }} - - name: ES_CREDENTIALS - valueFrom: - secretKeyRef: - key: esCredentials - name: {{ include "pro-api.name" . }}-secret - {{ end }} - - name: ES_INDEX_PREFIX - value: "{{ .Values.elastic.indexPrefix }}" - - name: API_URL - value: http://{{ include "pro-api.name" . }} - - name: IMAGE_PROXY_URL - value: "{{ .Values.assetImporter.imageProxyUrl }}" - {{ if .Values.auth.apiKey }} - - name: API_TOKEN - valueFrom: - secretKeyRef: - key: apiKey - name: {{ include "pro-api.name" . }}-secret - {{ end }} - - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" - - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" - - name: Common__SuppressImportFailure - value: "true" - - name: Navi__Url - value: {{ .Values.navi.url }} - - name: Navi__Key - valueFrom: - secretKeyRef: - key: routingApi2gisKey - name: {{ include "pro-api.name" . }}-secret - - name: TileGen__Url - value: "{{ .Values.tileGen.url }}" - - name: TileGen__UserDataTileSet - value: "{{ .Values.tileGen.userDataTileSet }}" -{{ end }} diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 9174c7c8..313e426f 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,4 +1,4 @@ -# @section Docker Registry settings +# @section Docker Registry settings # @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. @@ -121,14 +121,14 @@ vpa: image: repository: 2gis-on-premise/pro-api - tag: 1.22.0 + tag: 1.32.0 pullPolicy: IfNotPresent # @skip permissionsApiImage permissionsApiImage: repository: 2gis-on-premise/pro-permissions-api - tag: 1.22.0 + tag: 1.32.0 pullPolicy: IfNotPresent # @section 2GIS PRO Storage configuration @@ -148,7 +148,7 @@ s3: # @section 2GIS PRO API configuration -# @param api.serviceAccount Kubernetes service account +# @param api.serviceAccount Kubernetes service account # @param api.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. # @param api.tempPath Path to directory used for temp data # @param api.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service @@ -167,6 +167,8 @@ s3: # @skip Local cache settings # @skip api.localCache.enabled # @skip api.localCache.trackStatistics +# @skip Open API settings +# @skip api.openApi.servers api: serviceAccount: runner @@ -187,12 +189,15 @@ api: localCache: enabled: true trackStatistics: false + openApi: + servers: [] # @section Auth configuration # @param auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol # @param auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` # @param auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` +# @param auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` # @param auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` # @param auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` # @param auth.turnOffCertValidation Turn off certificate validation for auth.url @@ -203,6 +208,7 @@ auth: type: none url: '' userInfoEndpoint: '' + wellKnownConfigEndpoint: '' apiKey: '' permissionsApiKey: '' autoRegisterUsers: true @@ -349,11 +355,9 @@ tileGen: # @section 2GIS PRO API Job settings # @param appAssetImporterName Data Import job name. -# @param appUserAssetImporterName User Data Import job name. # @skip appAssetPreparerName appAssetImporterName: asset-importer -appUserAssetImporterName: user-asset-importer appAssetPreparerName: asset-preparer # @skip permissionsPodSettings @@ -377,7 +381,7 @@ permissionsPodSettings: memory: 256M limits: cpu: 1 - memory: 512M + memory: 1G # @section 2GIS PRO Permissions API configuration # @skip permissionsApi.host @@ -414,7 +418,7 @@ permissionsApi: assetImporter: repository: 2gis-on-premise/pro-importer - tag: 1.22.0 + tag: 1.32.0 schedule: 0 18 * * * backoffLimit: 2 successfulJobsHistoryLimit: 3 @@ -437,15 +441,11 @@ assetImporter: externalLinksAllowedHosts: '' esMetricsEnabled: false -# @skip userAssetImporter -userAssetImporter: - enabled: true - # @skip assetPreparer assetPreparer: repository: 2gis-on-premise/pro-importer - tag: 1.22.0 + tag: 1.32.0 schedule: 0 16 * * 6 backoffLimit: 2 successfulJobsHistoryLimit: 1