Use PGO by Default

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -8,15 +8,6 @@ body:
       value: |
         Thanks for taking the time to fill out this bug report!
 
-  - type: input
-    id: title
-    attributes:
-      label: Title
-      description: A clear and concise title of the issue
-      placeholder: "Type the issue title here"
-    validations:
-      required: true
-
   - type: checkboxes
     id: labels
     attributes:

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -8,15 +8,6 @@ body:
       value: |
         Thanks for taking the time to suggest a feature!
 
-  - type: input
-    id: title
-    attributes:
-      label: Title
-      description: A clear and concise title of the feature request
-      placeholder: "Type the feature title here"
-    validations:
-      required: true
-
   - type: textarea
     id: description
     attributes:

.github/workflows/helm-tests.yml

@@ -1,44 +1,47 @@
 name: CI
 
-
-# On every pull request, but only on push to main
 on:
   push:
-    branches:
-    - main
-    paths: []
-    # only run jobs if some code have changed
-    #- 'helm-chart/eoapi/**'
+    branches: [ "main" ]
   pull_request:
-    branches:
-      - main
+    branches: [ "main" ]
+    types: [ opened, reopened, synchronize, labeled ]
 
 jobs:
   helm-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+
       - uses: d3adb5/helm-unittest-action@v2
         with:
-          helm-version: v3.8.2
+          helm-version: v3.15.2
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - run: |
           cd helm-chart
           helm unittest eoapi -f 'tests/*.yaml' -v eoapi/test-helm-values.yaml
-  integration-tests:
-    if: github.event.pull_request.head.repo.full_name == github.repository
+  integration-tests-gcp:
+    # run on:
+    #  - all pushes to specified branch(es)
+    #  - a PR was just labeled 'test-integration'
+    #  - a PR with 'test-integration' label was opened, reopened, or synchronized
+    if: |
+      github.event_name == 'push' ||
+      github.event.label.name == 'test-integration-gcp' ||
+      contains( github.event.pull_request.labels.*.name, 'test-integration-gcp')
     permissions:
       contents: 'read'
       id-token: 'write'
     needs: helm-tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: azure/setup-helm@v3
+      - uses: azure/setup-helm@v4
         with:
-          version: v3.8.2
-          token: ${{ secrets.GITHUB_TOKEN }}
+          version: v3.15.2
+          #token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: last commit sha if PR
         if: ${{ github.event_name == 'pull_request' }}
@@ -60,13 +63,13 @@ jobs:
           echo "RELEASE_NAME=eoapi$COMMITSHA$SALT" >> $GITHUB_ENV
 
       - id: 'auth'
-        uses: 'google-github-actions/auth@v1'
+        uses: 'google-github-actions/auth@v2'
         with:
           service_account: '[email protected]'
           credentials_json: ${{ secrets.GH_ACTIONS_SA_JSON }}
 
       - name: setup gcloud sdk
-        uses: google-github-actions/setup-gcloud@v1
+        uses: google-github-actions/setup-gcloud@v2
         with:
           version: '>= 363.0.0'
           project_id: 'devseed-labs'
@@ -78,24 +81,13 @@ jobs:
 
       - name: helm render/install eoapi templates
         run: |
-          export PGUSER=username
-          export POSTGRES_USER=username
-          export PGPASSWORD=password
-          export POSTGRES_PASSWORD=password
           export GITSHA='${{github.sha}}'
 
           cd helm-chart
 
           helm install $RELEASE_NAME \
-            --namespace eoapitest \
+            --namespace $RELEASE_NAME \
             --create-namespace \
-            --set db.settings.secrets.POSTGRES_HOST=pgstac-$RELEASE_NAME \
-            --set db.settings.secrets.POSTGRES_HOST_READER=pgstac-$RELEASE_NAME \
-            --set db.settings.secrets.POSTGRES_HOST_WRITER=pgstac-$RELEASE_NAME \
-            --set db.settings.secrets.PGUSER=$PGUSER \
-            --set db.settings.secrets.POSTGRES_USER=$POSTGRES_USER \
-            --set db.settings.secrets.PGPASSWORD=$PGPASSWORD \
-            --set db.settings.secrets.POSTGRES_PASSWORD=$POSTGRES_PASSWORD \
             -f ./eoapi/values.yaml \
             -f ./eoapi/test-unittest-values.yaml \
             ./eoapi
@@ -109,7 +101,7 @@ jobs:
         timeout-minutes: 10
         continue-on-error: true
         run: |
-          kubectl config set-context --current --namespace=eoapitest
+          kubectl config set-context --current --namespace=$RELEASE_NAME
           while [[ -z "$(kubectl get pod  | grep "^raster-$RELEASE_NAME-.*$" | cut -d' ' -f1 | xargs -I{} kubectl logs pod/{} | grep "GET /.*/healthz" | head -n 1)" ]]; do
             echo "still waiting for raster service to start..."
             sleep 1
@@ -131,6 +123,9 @@ jobs:
         run: |
           echo "The previous step failed or timed out. Running cleanup logic..."
           helm uninstall $RELEASE_NAME
+
+          kubectl delete ns/$RELEASE_NAME
+
           # force GH action to show failed result
           exit 128
 
@@ -145,7 +140,7 @@ jobs:
         id: testrunner
         continue-on-error: true
         run: |
-          kubectl config set-context --current --namespace=eoapitest
+          kubectl config set-context --current --namespace=$RELEASE_NAME
           PUBLICIP='http://'$(kubectl -n ingress-nginx get svc/ingress-nginx-controller -o jsonpath='{.spec.loadBalancerIP}')
           echo '#################################'
           echo vector=$PUBLICIP/vector$RELEASE_NAME
@@ -163,18 +158,24 @@ jobs:
           head -n 5 .github/workflows/tests/test_stac.py
           pytest .github/workflows/tests/test_stac.py
 
-          sed -i "s|raster_endpoint\=.*$|raster_endpoint\='$PUBLICIP/raster$RELEASE_NAME'|g" .github/workflows/tests/test_raster.py
-          head -n 5 .github/workflows/tests/test_raster.py
-          pytest .github/workflows/tests/test_raster.py
+          # TODO: fix raster tests
+          #sed -i "s|raster_endpoint\=.*$|raster_endpoint\='$PUBLICIP/raster$RELEASE_NAME'|g" .github/workflows/tests/test_raster.py
+          #head -n 5 .github/workflows/tests/test_raster.py
+          #pytest .github/workflows/tests/test_raster.py
 
       - name: cleanup if tests faile
         if: steps.testrunner.outcome == 'failure'
         run: |
           echo "The previous step failed or timed out. Running cleanup logic..."
           helm uninstall $RELEASE_NAME
+
+          kubectl delete ns/$RELEASE_NAME
+
           # force GH action to show failed result
           exit 128
 
       - name: helm uinstall eoapi templates
         run: |
           helm uninstall $RELEASE_NAME
+
+          kubectl delete ns/$RELEASE_NAME

.github/workflows/release.yml

@@ -10,7 +10,7 @@ jobs:
     if: github.actor == 'ranchodeluxe' || github.actor == 'gcorradini' || github.actor == 'sunu'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -19,11 +19,10 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "[email protected]"
 
-      - uses: azure/setup-helm@v3
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - uses: azure/setup-helm@v4
         with:
-          helm-version: v3.8.2
+          version: v3.15.2
+          #token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: update gh-pages with content from main
         env:

.github/workflows/tests/test_vector.py

@@ -23,6 +23,10 @@ def test_vector_api():
     assert resp.headers["content-type"] == "application/json"
     assert resp.json()["conformsTo"]
 
+    # refresh to get newest catalog
+    resp = client.get(f"{vector_endpoint}/refresh")
+    assert resp.status_code == 200
+
     # collections
     resp = client.get(f"{vector_endpoint}/collections")
     assert resp.status_code == 200

README.md

@@ -37,58 +37,63 @@ If you don't have a k8s cluster set up on AWS or GCP then follow an IaC guide be
 
 <a name="helminstall"/>
 
-## Helm Installation 
+## Helm Installation
 
-Once you have a k8s cluster set up you can `helm install` eoAPI as follows:
+Once you have a k8s cluster set up you can `helm install` eoAPI with the following steps:
 
-1. `helm install` from https://devseed.com/eoapi-k8s/:
+0. `eoapi-k8s` depends on the [Crunchydata Postgresql Operator](https://access.crunchydata.com/documentation/postgres-operator/latest/installation/helm). Install that first:
+
+   ```python
+   $ helm install --set disable_check_for_upgrades=true pgo oci://registry.developers.crunchydata.com/crunchydata/pgo
+   ```
+
+
+1. Add the eoapi repo from https://devseed.com/eoapi-k8s/:
 
     ```python
-      # add the eoapi helm repo locally
       $ helm repo add eoapi https://devseed.com/eoapi-k8s/
-
-      # list out the eoapi chart versions
-      $ helm search repo eoapi --versions
-      NAME            CHART VERSION   APP VERSION     DESCRIPTION                                       
-      eoapi/eoapi     0.1.1           0.1.0           Create a full Earth Observation API with Metada...
-      eoapi/eoapi     0.1.2           0.1.0           Create a full Earth Observation API with Metada...
-
-      # add the required secret overrides to an arbitrarily named `.yaml` file (`config.yaml` below)
-      $ cat config.yaml 
-      db:
-        settings:
-          secrets:
-            PGUSER: "username"
-            POSTGRES_USER: "username"
-            PGPASSWORD: "password"
-            POSTGRES_PASSWORD: "password"
-
-      # then run `helm install` with those overrides 
-      $ helm install -n eoapi --create-namespace eoapi eoapi/eoapi --version 0.1.2 -f config.yaml
     ```
 
-2. or `helm install` from this repo's `helm-chart/` folder:
+2. List out the eoapi chart versions
+
+   ```python
+   $ helm search repo eoapi --versions
+   NAME            CHART VERSION   APP VERSION     DESCRIPTION                                       
+   eoapi/eoapi     0.2.14          0.3.1           Create a full Earth Observation API with Metada...
+   eoapi/eoapi     0.1.13          0.2.11          Create a full Earth Observation API with Metada...
+   ```
+3. Optionally override keys/values in the default `values.yaml` with a custom `config.yaml` like below:
+
+   ```python
+   $ cat config.yaml 
+   vector:
+     enable: false
+   pgstacBootstrap:
+     settings:
+       envVars:
+         LOAD_FIXTURES: "0"
+         RUN_FOREVER: "1"
+   ```
+4. Then `helm install` with those `config.yaml` values:
+
+   ```python
+   $ helm install -n eoapi --create-namespace eoapi eoapi/eoapi --version 0.1.2 -f config.yaml
+   ```
+
+5. or check out this repo and `helm install` from this repo's `helm-chart/` folder:
 
     ```python
       ######################################################
       # create os environment variables for required secrets
       ######################################################
       $ export GITSHA=$(git rev-parse HEAD | cut -c1-10)
-      $ export PGUSER=s00pers3cr3t
-      $ export POSTGRES_USER=s00pers3cr3t
-      $ export POSTGRES_PASSWORD=superuserfoobar
-      $ export PGPASSWORD=foobar
 
       $ cd ./helm-chart
 
       $ helm install \
           --namespace eoapi \
           --create-namespace \
           --set gitSha=$GITSHA \
-          --set db.settings.secrets.PGUSER=$PGUSER \
-          --set db.settings.secrets.POSTGRES_USER=$POSTGRES_USER \
-          --set db.settings.secrets.PGPASSWORD=$PGPASSWORD \
-          --set db.settings.secrets.POSTGRES_PASSWORD=$POSTGRES_PASSWORD \
           eoapi \
           ./eoapi
     ```

docs/aws-eks.md

@@ -2,7 +2,7 @@
 
 This is a verbose walkthrough. It uses `eksctl` and assumes you already have an AWS account, have the [eksctl prerequisites installed](https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html) including `eksctl` and `helm`.
 
-If you are familiar with Terraform would like an IaC choice that is more terse consider setting up your cluster with that: https://github.com/developmentseed/eoapi-k8s-terraform
+If you're familiar with Terraform and would like an IaC choice that is more terse consider setting up your cluster with that: https://github.com/developmentseed/eoapi-k8s-terraform
 
 
 ## Table of Contents:

docs/configuration.md

@@ -10,19 +10,16 @@ $ head -n 9 <eoapi-k8s-repo>/values.schema.json
   "$schema": "http://json-schema.org/schema#",
   "type": "object",
   "required": [
-    "db",
     "service",
     "gitSha"
   ],
 ```
 
-Most of the required fields have common-sense defaults except traditional username and password secrets under `db`. 
+Most of the required fields have common-sense defaults. 
 The table below and the `values.yaml` comments should explain what the options and defaults are:
 
 |                               **Values Key**                              |                                                              **Description**                                                              |  **Default** | **Choices**            |
 |:-------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------|:------------|:------------------------|
-| `db.settings.secrets.PGUSER`<br>`db.settings.secrets.PGPASSWORD`              | username and password used by application for connections<br>https://www.postgresql.org/docs/current/libpq-envars.html                    |              |                        |
-| `db.settings.secrets.POSTGRES_USER`<br>`db.settings.secrets.POSTGRES_PASSWORD` | username and password used by<br>base postgresl image for admin purposes<br>see https://www.postgresql.org/docs/current/libpq-envars.html |              |                        |
 | `service.port`                                                              | the port that all vector/raster/stac services run on<br>used in `kind: Service` and `kind: Ingress`                                       |     8080     |   your favorite port   |
 | `gitSha`                                                                    | sha attached to a `kind: Deployment` key `metadata.labels`                                                                                | gitshaABC123 | your favorite sha      |
 
@@ -31,23 +28,11 @@ The table below and the `values.yaml` comments should explain what the options a
 
 ## Default Configuration
 
-Running `helm install` from https://devseed.com/eoapi-k8s/ with this simple `config.yml` overrides below
-should spin up similar infrastructure in EKS or GKE:
-
-```python
-$ cat config.yaml 
-db:
-  settings:
-    secrets:
-      PGUSER: "username"
-      POSTGRES_USER: "username"
-      PGPASSWORD: "password"
-      POSTGRES_PASSWORD: "password"
-```
+Running `helm install` from https://devseed.com/eoapi-k8s/ should spin up similar infrastructure in EKS or GKE:
 
 In EKS or GKE you'll by default get:
 
-* a pgstac PostgreSQL database deployment and service
+* a HA PostgreSQL database deployment and service via [Crunchdata's Postgresl Operator](https://access.crunchydata.com/documentation/postgres-operator)
 * the same vector and raster data fixtures used for testing loaded into the DB
 * a load balancer and nginx-compatible ingress with the following path rewrites:
     * a `/stac` service for `stac_fastapi.pgstac`
@@ -69,7 +54,7 @@ Here's a simplified high-level diagram to grok:
 
 |   **Values Key**  |                                                                 **Description**                                                                 | **Default** | **Choices**  |
 |:-----------------|:-----------------------------------------------------------------------------------------------------------------------------------------------|:-----------|:--------------|
-| `autoscaling.type` | a simple example of a default metric (`cpu`) and custom metric (`requestRate`) to scale by. NOTE: `requestRate` is based on nginx metrics and currently isn't supported for `ingress.className: alb/gce` options yet. It will throw an error during install if you attemp this. If selecting `both` the metric that results in the "highest amount of change" wins. See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#scaling-on-multiple-metrics for more info  | requestRate       | requestRate<br>cpu<br>both<br> |
+| `autoscaling.type` | a simple example of a default metric (`cpu`) and custom metric (`requestRate`) to scale by. If selecting `both` the metric that results in the "highest amount of change" wins. See [k8s documentation](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#scaling-on-multiple-metrics) for more info  | requestRate       | requestRate<br>cpu<br>both<br> |
 
 #### `autoscaling.behaviour.[scaleDown||scaleUp]`
 

docs/gcp-gke.md

@@ -2,7 +2,7 @@
 
 This is a verbose walkthrough. It uses `gcloud` and assumes you already have an GCP account and project where you want to run eoapi. We also assume that you have some prerequisites installed including `gcloud`, `kubectl` and `helm`.
 
-If you are familiar with Terraform would like an IaC choice that is more terse consider setting up your cluster with that: https://github.com/developmentseed/eoapi-k8s-terraform
+If you're familiar with Terraform and would like an IaC choice that is more terse consider setting up your cluster with that: https://github.com/developmentseed/eoapi-k8s-terraform
 
 # Table of Contents
 - [Pre-requisites](#pre-requisites)