foo

pantierra · pantierra · commit 10cb103dd2a1 · 2025-11-23T01:47:39.000+01:00
diff --git a/charts/eoapi/profiles/experimental.yaml b/charts/eoapi/profiles/experimental.yaml
@@ -370,11 +370,14 @@ stac-auth-proxy:
   enabled: true
   service:
     port: 8080
-  # Wait for mock-oidc to be ready in testing scenarios
+  # Wait for dependencies to be ready before starting stac-auth-proxy
   initContainers:
     - name: wait-for-mock-oidc
       image: busybox:1.35
       command: ['sh', '-c', 'until nc -z eoapi-mock-oidc-server.eoapi.svc.cluster.local 8080; do echo waiting for mock-oidc; sleep 2; done']
+    - name: wait-for-stac
+      image: busybox:1.35
+      command: ['sh', '-c', 'until nc -z eoapi-stac.eoapi.svc.cluster.local 8080; do echo waiting for stac service; sleep 2; done']
   env:
     UPSTREAM_URL: "http://eoapi-stac:8080"
     # For testing one could deploy a mock OIDC server (https://github.com/alukach/mock-oidc-server)
diff --git a/charts/eoapi/templates/core/stac-auth-proxy-patch.yaml b/charts/eoapi/templates/core/stac-auth-proxy-patch.yaml
@@ -46,6 +46,12 @@ spec:
           fi
           echo "Patching deployment with initContainers..."
           INIT_CONTAINERS_JSON='{{ index .Values "stac-auth-proxy" "initContainers" | toJson }}'
+          # Replace hardcoded service names and namespace with actual release name and namespace
+          # Replace eoapi-stac.eoapi with $RELEASE_NAME-stac.$NAMESPACE
+          # Replace eoapi-mock-oidc-server.eoapi with $RELEASE_NAME-mock-oidc-server.$NAMESPACE
+          RELEASE_NAME="{{ .Release.Name }}"
+          NAMESPACE_VAL="{{ .Release.Namespace }}"
+          INIT_CONTAINERS_JSON=$(echo "$INIT_CONTAINERS_JSON" | sed "s/eoapi-stac\.eoapi/${RELEASE_NAME}-stac.${NAMESPACE_VAL}/g" | sed "s/eoapi-mock-oidc-server\.eoapi/${RELEASE_NAME}-mock-oidc-server.${NAMESPACE_VAL}/g")
           kubectl patch deployment "$DEPLOYMENT_NAME" -n "$NAMESPACE" --type='json' -p="[{\"op\":\"add\",\"path\":\"/spec/template/spec/initContainers\",\"value\":$INIT_CONTAINERS_JSON}]"
           echo "Waiting for rollout..."
           kubectl rollout status deployment/"$DEPLOYMENT_NAME" -n "$NAMESPACE" --timeout=300s
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
@@ -393,8 +393,13 @@ deploy_eoapi() {
 
         # Set UPSTREAM_URL and OIDC_DISCOVERY_URL dynamically for stac-auth-proxy when experimental profile is used
         # The experimental profile enables stac-auth-proxy, so we need to set the correct service names
+        # Also configure STAC service to run without root path when behind auth proxy
         HELM_CMD="$HELM_CMD --set stac-auth-proxy.env.UPSTREAM_URL=http://$RELEASE_NAME-stac:8080"
         HELM_CMD="$HELM_CMD --set stac-auth-proxy.env.OIDC_DISCOVERY_URL=http://$RELEASE_NAME-mock-oidc-server.$NAMESPACE.svc.cluster.local:8080/.well-known/openid-configuration"
+        # Note: initContainer service names are dynamically replaced by the stac-auth-proxy-patch job
+        # Configure STAC service to run without root path when behind auth proxy
+        # Empty string makes STAC service run at root path (no --root-path argument)
+        HELM_CMD="$HELM_CMD --set 'stac.overrideRootPath='"
 
         HELM_CMD="$HELM_CMD --set eoapi-notifier.enabled=true"
         HELM_CMD="$HELM_CMD --set eoapi-notifier.config.sources[0].config.connection.existingSecret.name=$RELEASE_NAME-pguser-eoapi"
diff --git a/scripts/deployment.sh b/scripts/deployment.sh
@@ -86,9 +86,14 @@ run_deployment() {
 
     # Set UPSTREAM_URL and OIDC_DISCOVERY_URL dynamically for stac-auth-proxy when experimental profile is used
     # The experimental profile enables stac-auth-proxy, so we need to set the correct service names
+    # Also configure STAC service to run without root path when behind auth proxy
     if [[ "$use_experimental" == "true" ]]; then
         helm_cmd="$helm_cmd --set stac-auth-proxy.env.UPSTREAM_URL=http://$RELEASE_NAME-stac:8080"
         helm_cmd="$helm_cmd --set stac-auth-proxy.env.OIDC_DISCOVERY_URL=http://$RELEASE_NAME-mock-oidc-server.$NAMESPACE.svc.cluster.local:8080/.well-known/openid-configuration"
+        # Note: initContainer service names are dynamically replaced by the stac-auth-proxy-patch job
+        # Configure STAC service to run without root path when behind auth proxy
+        # Empty string makes STAC service run at root path (no --root-path argument)
+        helm_cmd="$helm_cmd --set 'stac.overrideRootPath='"
     fi
 
     if is_ci; then
