Merge pull request #175 from IFRCGo/develop

Skip some translation fields

Author: szabozoltan69

.github/workflows/git.yml

@@ -0,0 +1,11 @@
+name: Lint commits
+
+on: [pull_request]
+
+jobs:
+  lint:
+    name: Commit Lint
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@main
+    - uses: toggle-corp/commit-lint@main

applications/argocd/production/applications/cacheppuccino.yaml

@@ -0,0 +1,44 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cacheppuccino
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ghcr.io/ifrcgo
+    chart: cacheppuccino-helm
+    targetRevision: 0.1.0-c1bdee99
+    helm:
+      valueFiles:
+        - values/go-deploy.yaml
+        - values/production.yaml
+      valuesObject:
+        fullnameOverride: ifrcgo-cacheppuccino
+        ingress:
+          className: nginx
+          host: cacheppuccino.ifrc.org
+          tls:
+            secretName: cacheppuccino-helm-secret-cert
+        sqlite:
+          pvc:
+            size: 512Mi
+        serviceAccount:
+          annotations:
+            azure.workload.identity/client-id: "e2cb56dd-1c99-45cb-89f1-92b2b1b30984"
+        secretsStoreCsiDriver:
+          parameters:
+            clientID: "e2cb56dd-1c99-45cb-89f1-92b2b1b30984"
+            keyvaultName: "cacheppuccino-production"
+            tenantId: "a2b53be5-734e-4e6c-ab0d-d184f60fd917"
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cacheppuccino
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

applications/argocd/production/applications/montandon-eoapi/application.yaml

@@ -8,25 +8,48 @@ metadata:
 spec:
   project: default
   sources:
+
   - repoURL: https://devseed.com/eoapi-k8s/
     chart: eoapi
-    targetRevision: 0.10.0
+    targetRevision: 0.11.2
     helm:
+      valueFiles:
+        - values/argocd.yaml
       valuesObject:
-        ingress:
+        postgrescluster:
+          # Using azure databae
+          enabled: false
+        vector:
           enabled: false
-          # host: "montandon-eoapi.ifrc.org"
-          # tls:
-          #   enabled: true
-          #   secretName: montandon-eoapi-helm-secret-cert
-          # annotations:
-          #   # increase the max body size to 100MB
-          #   nginx.ingress.kubernetes.io/proxy-body-size: "100m"
-          #   nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-          #   nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
-          #   nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
         raster:
           enabled: false
+        ingress:
+          # Using stac-auth-proxy
+          enabled: false
+
+        serviceAccount:
+          create: true
+          automount: true
+          annotations:
+            azure.workload.identity/client-id : "8bf208ec-d73c-42d1-a4a9-817d2936a883"
+          labels:
+            azure.workload.identity/use: "true"
+
+        postgresql:
+          type: "external-secret"
+          external:
+            existingSecret:
+              # Defined here: internal/montandon-eoapi-spc.yaml
+              name: pgstac-secrets-montandon-eoapi
+              keys:
+                username: "DB_USER"
+                password: "DB_PASSWORD"
+                # Optional: if these are provided in the secret
+                # Note: These values override external.host, external.port and external.database if defined
+                host: "DB_HOST"
+                database: "DB_NAME"
+                port: "DB_PORT"
+
         stac:
           image:
             tag: 6.1.2
@@ -59,86 +82,60 @@ spec:
                 mountPath: /mnt/secrets-store
                 readOnly: true
             extraVolumes:
+              # Not required for eoAPI, but secrets-store.csi.k8s.io needs at least one pod to mount SecretProviderClass to sync Azure Key Vault with the Kubernetes secret pgstac-secrets-montandon-eoapi
               - name: azure-keyvault-secrets
                 csi:
                   driver: secrets-store.csi.k8s.io
                   readOnly: true
                   volumeAttributes:
                     secretProviderClass: azure-secret-provider-montandon-eoapi
-        vector:
-          enabled: false
 
-        serviceAccount:
-          create: true
-          automount: true
-          annotations:
-            azure.workload.identity/client-id : "8bf208ec-d73c-42d1-a4a9-817d2936a883"
-          labels:
-            azure.workload.identity/use: "true"
-
-        # pgstacBootstrap:
-        #   enabled: true
-        #   settings:
-        #     annotations:
-        #       argocd.argoproj.io/hook: Sync
-        #     # labels:
-        #     #   azure.workload.identity/use: "true"
-        #     # extraVolumes:
-        #     #   - name: azure-keyvault-secrets
-        #     #     csi:
-        #     #       driver: secrets-store.csi.k8s.io
-        #     #       readOnly: true
-        #     #       volumeAttributes:
-        #     #         secretProviderClass: azure-secret-provider-montandon-eoapi
-        #     queryables:
-        #       # configMap
-        #       - name: "stac-queryables.json"
-        #         configMapRef:
-        #           name: montandon-eoapi-stac-queryables
-        #           key: stac_queryables.json
-        #         indexFields: ["monty:hazard_codes", "monty:country_codes", "roles"]
-        #         deleteMissing: true
-        postgresql:
-          type: "external-secret"
-          external:
-            existingSecret:
-              name: pgstac-secrets-montandon-eoapi
-              keys:
-                username: "DB_USER"
-                password: "DB_PASSWORD"
-                # Optional: if these are provided in the secret
-                # Note: These values override external.host, external.port and external.database if defined
-                host: "DB_HOST"
-                database: "DB_NAME"
-                port: "DB_PORT"
+        pgstacBootstrap:
+          enabled: true
+          settings:
+            loadSamples: false
+            queryables:
+              - name: "stac_queryables.json"
+                indexFields: ["monty:hazard_codes","monty:country_codes","roles"]
+                deleteMissing: true
+                configMapRef:
+                  name: montandon-eoapi-stac-queryables
+                  key: stac_queryables.json
 
-        postgrescluster:
-          enabled: false
-          # instances:
-          # - name: eoapi
-          #   replicas: 1
-          #   dataVolumeClaimSpec:
-          #     accessModes:
-          #     - "ReadWriteOnce"
-          #     resources:
-          #       requests:
-          #         storage: "600Gi"
-          #         cpu: "1024m"
-          #         memory: "3048Mi"
   - path: applications/argocd/production/applications/montandon-eoapi/internal/
     targetRevision: develop
     repoURL: https://github.com/IFRCGo/go-deploy.git
+    helm:
+      valuesObject:
+        azure:
+          clientID: 8bf208ec-d73c-42d1-a4a9-817d2936a883
+          secretProviderClass:
+            enabled: true
+            keyvaultName: montandon-eoapi-producti
+
   - repoURL: https://github.com/developmentseed/stac-auth-proxy.git
-    targetRevision: v0.9.2
+    targetRevision: v1.0.3
     path: helm/
     helm:
       valuesObject:
+        # HealthCheck endpoints - https://github.com/developmentseed/stac-auth-proxy/pull/143
+        startupProbe:
+          httpGet:
+            path: /stac/healthz
+        livenessProbe:
+          httpGet:
+            path: /stac/healthz
+        readinessProbe:
+          httpGet:
+            path: /stac/healthz
         env:
           UPSTREAM_URL: "http://montandon-eoapi-stac:8080"
           # UPSTREAM_URL: "https://montandon-eoapi.ifrc.org/stac"
           OIDC_DISCOVERY_URL: "https://goadmin.ifrc.org/o/.well-known/openid-configuration"
           OVERRIDE_HOST: "0"
           ROOT_PATH: "/stac"
+          COLLECTIONS_FILTER_CLS: stac_auth_proxy.montandon_filters:CollectionsFilter
+          ITEMS_FILTER_CLS: stac_auth_proxy.montandon_filters:ItemsFilter
         ingress:
           enabled: "true"
           host: "montandon-eoapi.ifrc.org"
@@ -147,6 +144,15 @@ spec:
             enabled: "true"
             secretName: "montandon-eoapi-helm-secret-cert"
         replicaCount: 1
+        extraVolumes:
+          - name: filters
+            configMap:
+              name: stac-auth-proxy-filters
+        extraVolumeMounts:
+          - name: filters
+            mountPath: /app/src/stac_auth_proxy/montandon_filters.py
+            subPath: montandon_filters.py
+            readOnly: true
   destination:
     server: https://kubernetes.default.svc
     namespace: montandon-eoapi

applications/argocd/production/applications/montandon-eoapi/internal/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: montandon-eoapi-extra-manifests
+description: Montandon eoAPI extra manifests
+type: application
+
+version: 0.1.0
+appVersion: "1.0"