WIP: multi tenant tipg

.gitignore

@@ -1 +1,2 @@
 .idea/
+terraform/.terraform

helm-chart/eoapi/eoapi-manfests-separate-services.yaml

@@ -0,0 +1,194 @@
+---
+# Source: eoapi/templates/db/secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pgstac-secrets-vector1
+type: "Opaque"
+stringData:
+  DB_MAX_CONN_SIZE: "10"
+  DB_MIN_CONN_SIZE: "1"
+  PGDATA: "/var/lib/postgresql/data/pgdata"
+  PGDATABASE: "postgis"
+  POSTGRES_DBNAME: "postgis"
+  PGPASSWORD: "password"
+  POSTGRES_PASS: "password"
+  PGUSER: "username"
+  POSTGRES_DB: "postgis"
+  POSTGRES_HOST: "pgstac"
+  POSTGRES_HOST_READER: "pgstac"
+  POSTGRES_HOST_WRITER: "pgstac"
+  POSTGRES_PASSWORD: "password"
+  POSTGRES_PORT: "5432"
+  POSTGRES_USER: "username"
+  TIPG_DB_SCHEMAS: '["public","vector1"]'
+  TIPG_DB_EXCLUDE_TABLE_SCHEMAS: '["vector2"]'
+---
+# Source: eoapi/templates/db/secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pgstac-secrets-vector2
+type: "Opaque"
+stringData:
+  DB_MAX_CONN_SIZE: "10"
+  DB_MIN_CONN_SIZE: "1"
+  PGDATA: "/var/lib/postgresql/data/pgdata"
+  PGDATABASE: "postgis"
+  POSTGRES_DBNAME: "postgis"
+  PGPASSWORD: "password"
+  POSTGRES_PASS: "password"
+  PGUSER: "username"
+  POSTGRES_DB: "postgis"
+  POSTGRES_HOST: "pgstac"
+  POSTGRES_HOST_READER: "pgstac"
+  POSTGRES_HOST_WRITER: "pgstac"
+  POSTGRES_PASSWORD: "password"
+  POSTGRES_PORT: "5432"
+  POSTGRES_USER: "username"
+  TIPG_DB_SCHEMAS: '["public","vector2"]'
+  TIPG_DB_EXCLUDE_TABLE_SCHEMAS: '["vector1"]'
+---
+# Source: eoapi/templates/services/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: vector11
+    gitsha: c873b20edb
+  name: vector11
+spec:
+  progressDeadlineSeconds: 600
+  revisionHistoryLimit: 5
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 50%
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: vector11
+  template:
+    metadata:
+      labels:
+        app: vector11
+    spec:
+      containers:
+      - image: ghcr.io/developmentseed/tipg:uvicorn-0.2.0
+        name: vector
+        command:
+          - "uvicorn"
+
+          - "tipg.main:app"
+          - "--host=$(HOST)"
+          - "--port=$(PORT)"
+        ports:
+          - containerPort: 8080
+        resources:
+          limits:
+            cpu: 512m
+            memory: 1024Mi
+          requests:
+            cpu: 256m
+            memory: 256Mi
+        envFrom:
+          # NOTE: there's no reason we need to use a `ConfigMap` or `Secret` here to get os env vars into the pod.
+          # we could just template them out here immediately with `value: $_` but this allows us
+          # to store them in k8s intermediately and change them and then bounce deploys if needed
+        - secretRef:
+            name: pgstac-secrets-vector1
+        - configMapRef:
+            name: vector-envvar-configmap
+---
+# Source: eoapi/templates/services/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: vector12
+    gitsha: c873b20edb
+  name: vector12
+spec:
+  progressDeadlineSeconds: 600
+  revisionHistoryLimit: 5
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 50%
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: vector12
+  template:
+    metadata:
+      labels:
+        app: vector12
+    spec:
+      containers:
+      - image: ghcr.io/developmentseed/tipg:uvicorn-0.2.0
+        name: vector2
+        command:
+          - "uvicorn"
+          - "tipg.main:app"
+          - "--host=$(HOST)"
+          - "--port=$(PORT)"
+        ports:
+          - containerPort: 8080
+        resources:
+          limits:
+            cpu: 512m
+            memory: 1024Mi
+          requests:
+            cpu: 256m
+            memory: 256Mi
+        envFrom:
+          # NOTE: there's no reason we need to use a `ConfigMap` or `Secret` here to get os env vars into the pod.
+          # we could just template them out here immediately with `value: $_` but this allows us
+          # to store them in k8s intermediately and change them and then bounce deploys if needed
+        - secretRef:
+            name: pgstac-secrets-vector2
+        - configMapRef:
+            name: vector-envvar-configmap
+---
+# Source: eoapi/templates/services/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: vector11
+  name: vector11
+spec:
+  type: "NodePort"
+  ports:
+  - name: '8080'
+    port: 8080
+    targetPort: 8080
+  selector:
+    app: vector11
+---
+# Source: eoapi/templates/services/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: vector12
+  name: vector12
+spec:
+  type: "NodePort"
+  ports:
+  - name: '8080'
+    port: 8080
+    targetPort: 8080
+  selector:
+    app: vector12
+---
+# Source: eoapi/templates/services/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vector-envvar-configmap
+data:
+  HOST: "0.0.0.0"
+  PORT: "8080"
+  TIPG_CATALOG_TTL: "0"
+  WEB_CONCURRENCY: "10"

helm-chart/eoapi/eoapi-manfests-shared-services.yml

@@ -0,0 +1,103 @@
+---
+# Source: eoapi/templates/db/secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pgstac-secrets-vector1
+type: "Opaque"
+stringData:
+  DB_MAX_CONN_SIZE: "10"
+  DB_MIN_CONN_SIZE: "1"
+  PGDATA: "/var/lib/postgresql/data/pgdata"
+  PGDATABASE: "postgis"
+  POSTGRES_DBNAME: "postgis"
+  PGPASSWORD: "password"
+  POSTGRES_PASS: "password"
+  PGUSER: "username"
+  POSTGRES_DB: "postgis"
+  POSTGRES_HOST: "pgstac"
+  POSTGRES_HOST_READER: "pgstac"
+  POSTGRES_HOST_WRITER: "pgstac"
+  POSTGRES_PASSWORD: "password"
+  POSTGRES_PORT: "5432"
+  POSTGRES_USER: "username"
+  TIPG_DB_SCHEMAS: '["public","vector1","vector2"]'
+  TIPG_MULTI_MAPPING: '{"vector1.wfs3labs.com":{"include": ["public","vector1"], "exclude": ["vector2"]}, "vector2.wfs3labs.com":{"include": ["public","vector2"], "exclude": ["vector1"]}}'
+---
+# Source: eoapi/templates/services/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: vector
+    gitsha: c873b20edb
+  name: vector
+spec:
+  progressDeadlineSeconds: 600
+  revisionHistoryLimit: 5
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 50%
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: vector
+  template:
+    metadata:
+      labels:
+        app: vector
+    spec:
+      containers:
+      - image: ghcr.io/ranchodeluxe/tipg:multitenantv17
+        name: vector
+        command:
+          - "uvicorn"
+
+          - "tipg.main:app"
+          - "--host=$(HOST)"
+          - "--port=$(PORT)"
+        ports:
+          - containerPort: 8080
+        resources:
+          limits:
+            cpu: 512m
+            memory: 1024Mi
+          requests:
+            cpu: 256m
+            memory: 256Mi
+        envFrom:
+          # NOTE: there's no reason we need to use a `ConfigMap` or `Secret` here to get os env vars into the pod.
+          # we could just template them out here immediately with `value: $_` but this allows us
+          # to store them in k8s intermediately and change them and then bounce deploys if needed
+        - secretRef:
+            name: pgstac-secrets-vector1
+        - configMapRef:
+            name: vector-envvar-configmap
+---
+# Source: eoapi/templates/services/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: vector
+  name: vector
+spec:
+  type: "NodePort"
+  ports:
+  - name: '8080'
+    port: 8080
+    targetPort: 8080
+  selector:
+    app: vector
+---
+# Source: eoapi/templates/services/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vector-envvar-configmap
+data:
+  HOST: "0.0.0.0"
+  PORT: "8080"
+  TIPG_CATALOG_TTL: "0"
+  WEB_CONCURRENCY: "10"

helm-chart/eoapi/ingress.yaml

@@ -0,0 +1,69 @@
+---
+# Source: eoapi/templates/services/ingress-alb.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vector-ingresses
+  # AWS EKS:
+  # https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/
+  # GCP GKE:
+  # https://cloud.google.com/kubernetes-engine/docs/concepts/ingress
+  annotations:
+    alb.ingress.kubernetes.io/target-type: instance
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
+    #alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
+    #alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-1:444055461661:certificate/41579498-2e29-4d7d-b59e-2048ee81fbb4
+spec:
+  ingressClassName: alb
+  rules:
+#    - http:
+#        paths:
+#          - path: /*
+#            pathType: Prefix
+#            backend:
+#              service:
+#                name: ssl-redirect
+#                port:
+#                  name: use-annotation
+    - host: vector1.wfs3labs.com
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: vector
+                port:
+                  number: 8080
+    - host: vector2.wfs3labs.com
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: vector
+                port:
+                  number: 8080
+    - host: vector11.wfs3labs.com
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: vector11
+                port:
+                  number: 8080
+    - host: vector12.wfs3labs.com
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: vector12
+                port:
+                  number: 8080