Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commenting jpl-internal ingress #249

Merged
merged 6 commits into from
Dec 20, 2024
Merged

Commenting jpl-internal ingress #249

merged 6 commits into from
Dec 20, 2024

Conversation

jpl-btlunsfo
Copy link
Collaborator

Purpose

  • Commenting out the jpl-internal ingress, and its associated security groups. If necessary, folks can manually re-enable.
    • also switching healthcheck ssm parameters to use shared-services URLs, and adding in the SSM lookups required to fetch those

Proposed Changes

  • ADD shared-services domain lookups (through SSM parameters)
  • CHANGE airflow healthcheck and url SSM parameters to point at shared services domain
  • CHANGE/comment out the JPL-internal ingress and security group rules

Issues

Testing

@jpl-btlunsfo
commenting out jpl-internal ingress
54c4936 
also switching ssm parameters to use shared-services URLs (and adding in the SSM lookups required to fetch those)
@jpl-btlunsfo
forgot to drill down to ssm param value
7607069
@jpl-btlunsfo
shared services URLs are apparently all prepended by www
4edd5eb
@jpl-btlunsfo jpl-btlunsfo self-assigned this Dec 14, 2024
LucaCinquini
LucaCinquini requested changes Dec 18, 2024
View reviewed changes
Copy link
Collaborator

@LucaCinquini LucaCinquini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @jpl-btlunsfo : I was able to deploy the SPS using this branch without any issues - once you fixed the EKS module. The top-level proxy works fine, but right now if we merged this PR, we wouldn't be able to interact with the Airflow and OGC APIs because we have not yet worked out how to pass the authentication to them.
Can you update this PR so that the Terraform output includes not only the top-level proxy, but also the URLs of the middle and Airflow ALBs? We can use those to temporarily interact with the APIs.

@jpl-btlunsfo
Copy link
Collaborator Author

Can you update this PR so that the Terraform output includes not only the top-level proxy, but also the URLs of the middle and Airflow ALBs? We can use those to temporarily interact with the APIs.

For the first (middle proxy URL) sure, easy enough, but for the airflow ALB? This PR is already disabling the only one we'd be able to access directly- the remaining ALB is specifically locked down by security groups to only talk to the middle proxy. I'll add in the middle proxy one asap, though.

@LucaCinquini
Copy link
Collaborator

Thanks, that should work

@jpl-btlunsfo
Copy link
Collaborator Author

New change should print it all out

resources = {
  "buckets" = {
    "airflow_logs" = {
      "bucket" = "btl-df1-dev-sps-airflowlogs"
      "ssm_param_id" = "/btl-df1/dev/sps/processing/airflow/logs"
    }
  }
  "endpoints" = {
    "airflow" = {
      "rest_api" = {
        "ssm_param_id" = "/btl-df1/dev/sps/processing/airflow/api_url"
        "url" = "https://www.dev.mdps.mcp.nasa.gov:4443/btl-df1/dev/sps/api/v1"
      }
      "ui" = {
        "ssm_param_id" = "/btl-df1/dev/sps/processing/airflow/ui_url"
        "url" = "https://www.dev.mdps.mcp.nasa.gov:4443/btl-df1/dev/sps/"
      }
    }
    "ogc_processes" = {
      "rest_api" = {
        "ssm_param_id" = "/btl-df1/dev/sps/processing/ogc_processes/api_url"
        "url" = "https://www.dev.mdps.mcp.nasa.gov:4443/btl-df1/dev/ogc/"
      }
      "ui" = {
        "ssm_param_id" = "/btl-df1/dev/sps/processing/ogc_processes/ui_url"
        "url" = "https://www.dev.mdps.mcp.nasa.gov:4443/btl-df1/dev/ogc/redoc"
      }
    }
  }
  "venue_endpoints" = {
    "airflow" = {
      "rest_api" = {
        "url" = "HTTP://btl-df1-dev-httpd-alb-1474979360.us-west-2.elb.amazonaws.com:8080/btl-df1/dev/sps/api/v1"
      }
      "ui" = {
        "url" = "HTTP://btl-df1-dev-httpd-alb-1474979360.us-west-2.elb.amazonaws.com:8080/btl-df1/dev/sps/"
      }
    }
    "ogc_processes" = {
      "rest_api" = {
        "url" = "HTTP://btl-df1-dev-httpd-alb-1474979360.us-west-2.elb.amazonaws.com:8080/btl-df1/dev/ogc/"
      }
      "ui" = {
        "url" = "HTTP://btl-df1-dev-httpd-alb-1474979360.us-west-2.elb.amazonaws.com:8080/btl-df1/dev/ogc/redoc"
      }
    }
  }
}

LucaCinquini
LucaCinquini approved these changes Dec 20, 2024
View reviewed changes
Copy link
Collaborator

@LucaCinquini LucaCinquini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @jpl-btlunsfo : this works and will approve it, but is there any way to make the URL protocol "HTTP://..." lowercase?

@LucaCinquini LucaCinquini merged commit 4256aab into develop Dec 20, 2024
2 checks passed
@LucaCinquini LucaCinquini deleted the 246-removing-jpl-internal-albs branch December 20, 2024 14:42
@jpl-btlunsfo
Copy link
Collaborator Author

make the URL protocol "HTTP://..." lowercase?

CS's fault. It happens somewhere during their orchestration, but I haven't been able to trace where yet (to file a PR of my own to fix that). There's no functional effect but it's annoying I agree.

@jpl-btlunsfo jpl-btlunsfo mentioned this pull request Dec 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucaCinquini LucaCinquini LucaCinquini approved these changes

@nikki-t nikki-t Awaiting requested review from nikki-t

Assignees

@jpl-btlunsfo jpl-btlunsfo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jpl-btlunsfo @LucaCinquini