Added FQDN support to experiment with resolution for db cluster

Author: whatnick

helm-chart/stac-fastapi/README.md

@@ -62,11 +62,23 @@ helm install my-stac-api ./helm-chart/stac-fastapi \
 
 ## Configuration
 
+### Global Options
+
+```yaml
+global:
+  imageRegistry: ""
+  storageClass: ""
+  clusterDomain: "cluster.local"
+```
+
+The chart builds fully qualified service endpoints for bundled databases using the Kubernetes cluster domain. Adjust `clusterDomain` if your cluster doesn't use the default `cluster.local` suffix.
+
 ## Backend Selection
 
 The chart supports both Elasticsearch and OpenSearch backends, but only deploys **one backend at a time** based on the `backend` configuration:
 
 ### Elasticsearch Backend
+
 ```yaml
 backend: elasticsearch
 elasticsearch:
@@ -76,6 +88,7 @@ opensearch:
 ```
 
 ### OpenSearch Backend  
+
 ```yaml
 backend: opensearch
 elasticsearch:
@@ -113,6 +126,11 @@ app:
     tag: "latest"
     pullPolicy: IfNotPresent
   
+  waitForDatabase:
+    enabled: true
+    intervalSeconds: 2
+    maxAttempts: 120
+  
   env:
     STAC_FASTAPI_TITLE: "STAC API"
     STAC_FASTAPI_DESCRIPTION: "A STAC FastAPI implementation"
@@ -124,8 +142,24 @@ app:
     STAC_FASTAPI_RATE_LIMIT: "200/minute"
 ```
 
+The optional `waitForDatabase` block adds a lightweight init container that blocks STAC FastAPI startup until the backing Elasticsearch/OpenSearch service is reachable—mirroring the docker-compose `wait-for-it` helper. Disable it by setting `app.waitForDatabase.enabled=false` if you prefer the application to start immediately and rely on internal retries instead.
+
 ### Database Configuration
 
+#### Application Credentials
+
+If your Elasticsearch or OpenSearch cluster requires authentication, provide credentials to the application with the `app.databaseAuth` block. You can reference an existing secret or supply literal values:
+
+```yaml
+app:
+  databaseAuth:
+    existingSecret: "stac-opensearch-admin"  # Optional. When set, keys are read from this secret.
+    usernameKey: "username"                  # Secret key that stores the username (defaults to "username").
+    passwordKey: "password"                  # Secret key that stores the password (defaults to "password").
+    # username: "admin"                      # Optional literal username when not using a secret.
+    # password: "changeme"                   # Optional literal password when not using a secret.
+```
+
 #### Bundled Elasticsearch
 
 ```yaml
@@ -394,7 +428,7 @@ kubectl exec -it deployment/my-stac-api -- curl http://elasticsearch:9200/_healt
 kubectl port-forward service/my-stac-api 8080:80
 ```
 
-Then visit http://localhost:8080
+Then visit <http://localhost:8080>
 
 ## Configuration Reference
 
@@ -423,4 +457,4 @@ Contributions are welcome! Please ensure any changes maintain compatibility with
 
 ## License
 
-This chart is released under the same license as the STAC FastAPI project.
+This chart is released under the same license as the STAC FastAPI project.

helm-chart/stac-fastapi/templates/_helpers.tpl

@@ -62,41 +62,53 @@ Create the name of the service account to use
 {{- end }}
 
 {{/*
-Create the database host based on backend selection
+Create the bundled database service name based on backend selection
 */}}
-{{- define "stac-fastapi.databaseHost" -}}
-{{- if .Values.externalDatabase.enabled }}
-{{- .Values.externalDatabase.host }}
-{{- else if eq .Values.backend "elasticsearch" }}
-{{- if .Values.elasticsearch.enabled }}
-{{- if .Values.elasticsearch.masterService }}
-{{- .Values.elasticsearch.masterService }}
-{{- else if .Values.elasticsearch.fullnameOverride }}
-{{- printf "%s-master" .Values.elasticsearch.fullnameOverride }}
-{{- else if .Values.elasticsearch.clusterName }}
-{{- printf "%s-master" .Values.elasticsearch.clusterName }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name "elasticsearch-master" }}
-{{- end }}
-{{- else }}
-{{- fail "Elasticsearch is not enabled but backend is set to elasticsearch" }}
-{{- end }}
+{{- define "stac-fastapi.databaseServiceName" -}}
+{{- if eq .Values.backend "elasticsearch" }}
+  {{- if .Values.elasticsearch.enabled }}
+    {{- if .Values.elasticsearch.masterService }}
+      {{- .Values.elasticsearch.masterService }}
+    {{- else if .Values.elasticsearch.fullnameOverride }}
+      {{- printf "%s-master" .Values.elasticsearch.fullnameOverride }}
+    {{- else if .Values.elasticsearch.clusterName }}
+      {{- printf "%s-master" .Values.elasticsearch.clusterName }}
+    {{- else }}
+      {{- printf "%s-%s" .Release.Name "elasticsearch-master" }}
+    {{- end }}
+  {{- else }}
+    {{- fail "Elasticsearch is not enabled but backend is set to elasticsearch" }}
+  {{- end }}
 {{- else if eq .Values.backend "opensearch" }}
-{{- if .Values.opensearch.enabled }}
-{{- if .Values.opensearch.masterService }}
-{{- .Values.opensearch.masterService }}
-{{- else if .Values.opensearch.fullnameOverride }}
-{{- printf "%s-master" .Values.opensearch.fullnameOverride }}
-{{- else if .Values.opensearch.clusterName }}
-{{- printf "%s-master" .Values.opensearch.clusterName }}
+  {{- if .Values.opensearch.enabled }}
+    {{- if .Values.opensearch.masterService }}
+      {{- .Values.opensearch.masterService }}
+    {{- else if .Values.opensearch.fullnameOverride }}
+      {{- printf "%s-master" .Values.opensearch.fullnameOverride }}
+    {{- else if .Values.opensearch.clusterName }}
+      {{- printf "%s-master" .Values.opensearch.clusterName }}
+    {{- else }}
+      {{- printf "%s-%s" .Release.Name "opensearch-cluster-master" }}
+    {{- end }}
+  {{- else }}
+    {{- fail "OpenSearch is not enabled but backend is set to opensearch" }}
+  {{- end }}
 {{- else }}
-{{- printf "%s-%s" .Release.Name "opensearch-cluster-master" }}
+  {{- fail "Invalid backend specified. Must be 'elasticsearch' or 'opensearch'" }}
 {{- end }}
-{{- else }}
-{{- fail "OpenSearch is not enabled but backend is set to opensearch" }}
 {{- end }}
+
+{{/*
+Create the database host based on backend selection
+*/}}
+{{- define "stac-fastapi.databaseHost" -}}
+{{- if .Values.externalDatabase.enabled }}
+  {{- .Values.externalDatabase.host }}
 {{- else }}
-{{- fail "Invalid backend specified. Must be 'elasticsearch' or 'opensearch'" }}
+  {{- $service := include "stac-fastapi.databaseServiceName" . | trim }}
+  {{- $namespace := .Release.Namespace | default "default" }}
+  {{- $clusterDomain := default "cluster.local" .Values.global.clusterDomain }}
+  {{- printf "%s.%s.svc.%s" $service $namespace $clusterDomain }}
 {{- end }}
 {{- end }}
 
@@ -130,12 +142,42 @@ Create the image repository with tag
 Create environment variables for the application
 */}}
 {{- define "stac-fastapi.environment" -}}
+{{- $env := default (dict) .Values.app.env -}}
+{{- $envFromSecret := default (dict) .Values.app.envFromSecret -}}
+{{- $dbAuth := default (dict) .Values.app.databaseAuth -}}
 - name: BACKEND
   value: {{ .Values.backend | quote }}
 - name: ES_HOST
   value: {{ include "stac-fastapi.databaseHost" . | quote }}
 - name: ES_PORT
   value: {{ include "stac-fastapi.databasePort" . | quote }}
+{{- if $dbAuth.existingSecret }}
+{{- $usernameKey := default "username" $dbAuth.usernameKey }}
+{{- $passwordKey := default "password" $dbAuth.passwordKey }}
+{{- if not (hasKey $env "ES_USER") }}
+- name: ES_USER
+  valueFrom:
+    secretKeyRef:
+      name: {{ $dbAuth.existingSecret }}
+      key: {{ $usernameKey }}
+{{- end }}
+{{- if not (hasKey $env "ES_PASS") }}
+- name: ES_PASS
+  valueFrom:
+    secretKeyRef:
+      name: {{ $dbAuth.existingSecret }}
+      key: {{ $passwordKey }}
+{{- end }}
+{{- else }}
+{{- if and (not (hasKey $env "ES_USER")) $dbAuth.username }}
+- name: ES_USER
+  value: {{ $dbAuth.username | quote }}
+{{- end }}
+{{- if and (not (hasKey $env "ES_PASS")) $dbAuth.password }}
+- name: ES_PASS
+  value: {{ $dbAuth.password | quote }}
+{{- end }}
+{{- end }}
 {{- if .Values.externalDatabase.enabled }}
 - name: ES_USE_SSL
   value: {{ .Values.externalDatabase.ssl | quote }}
@@ -151,11 +193,11 @@ Create environment variables for the application
       key: {{ .Values.externalDatabase.apiKeySecretKey }}
 {{- end }}
 {{- end }}
-{{- range $key, $value := .Values.app.env }}
+{{- range $key, $value := $env }}
 - name: {{ $key }}
   value: {{ $value | quote }}
 {{- end }}
-{{- range $key, $secretName := .Values.app.envFromSecret }}
+{{- range $key, $secretName := $envFromSecret }}
 - name: {{ $key }}
   valueFrom:
     secretKeyRef:

helm-chart/stac-fastapi/templates/deployment.yaml

@@ -20,6 +20,39 @@ spec:
       labels:
         {{- include "stac-fastapi.selectorLabels" . | nindent 8 }}
     spec:
+      {{- if .Values.app.waitForDatabase.enabled }}
+      initContainers:
+        - name: wait-for-database
+          image: {{ .Values.app.waitForDatabase.image | default "busybox:1.36.1" }}
+          imagePullPolicy: {{ .Values.app.waitForDatabase.pullPolicy | default "IfNotPresent" }}
+          command:
+            - sh
+            - -c
+            - |
+              set -e
+              HOST="{{ include "stac-fastapi.databaseHost" . | trim }}"
+              PORT="{{ include "stac-fastapi.databasePort" . | trim }}"
+              ATTEMPTS={{ .Values.app.waitForDatabase.maxAttempts | default 120 }}
+              INTERVAL={{ .Values.app.waitForDatabase.intervalSeconds | default 2 }}
+              COUNT=0
+              echo "Waiting for ${HOST}:${PORT} before starting STAC FastAPI..."
+              while true; do
+                if nc -z "$HOST" "$PORT"; then
+                  echo "${HOST}:${PORT} is reachable."
+                  exit 0
+                fi
+                COUNT=$((COUNT + 1))
+                if [ "$COUNT" -ge "$ATTEMPTS" ]; then
+                  echo "Timed out waiting for ${HOST}:${PORT} after ${COUNT} attempts." >&2
+                  exit 1
+                fi
+                sleep "$INTERVAL"
+              done
+          {{- with .Values.app.waitForDatabase.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- end }}
       {{- with .Values.app.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}

helm-chart/stac-fastapi/values-elasticsearch.yaml

@@ -19,6 +19,11 @@ app:
     port: 80
     targetPort: 8080
 
+  waitForDatabase:
+    enabled: true
+    intervalSeconds: 2
+    maxAttempts: 180
+
   # Ingress configuration
   ingress:
     enabled: true