release-1.21.0 (#423)

* Twins importer (#360)

* Twins importer

* Twins importer add dgctlStorage settings

* Twins importer fix chart

* fix chart

* small fix

* add logs

* [keys-api] up keys-backend. Support truck, map-matching api keys (#386)

* Update citylens to 1.4.0 (#388)

* Update citylens to 1.4.0

* bump to 1.4.1

* Feature: add codeowners file (#383)

* [license] Reworked securityContext for license type 2 (#387)

* [PRO-4361] Обновление pro-api до версии 1.1.79 (#382)

* [PRO-4361] Обновление pro-api до версии 1.1.74

* PRO-4361: update to 1.1.77

* PRO-4371: update to 1.1.78

* PRO-4361: update to 1.1.79

* PRO-4176: add auth scopes (#365)

* PRO-4176: add auth scopes

* PRO-4176: update pro-ui version

* PRO-4176: update app version

* PRO-4176: update to 1.7.5

* navi-castle: bugfix (#393)

- scheduled tasks without PV
- configuration parameters mistaken

* navi-restrictions-api 1.0.1 release (#392)

* navi-restrictions-api 1.0.1 release

* readme upd

* [DEVOPS-982] navi-front: update default locations (#389)

* [DEVOPS-982] navi-front: Add pedestrian location (#396)

* [platform] Upgrade version (#381)

* PRO-3766: update platform to 0.8.1

* Fix Breaking-Changes (#401)

* generic-chart added (#398)

* PRO-3609: upgrade pro ui to 1.9.0 (#399)

* navi-back: upstream update 7.15.2.4 (#402)

* [PRO-4517] обновил хелм-чарт pro-api в onprem до версии 1.5.0 (#394)

* PRO-0: upgrade PRO API to 1.5.1 (#404)

* Feature: add PR template (#410)

* PRO-4774: upgraded PRO API to 1.6.0 (#407)

* [PRO-4635] pro-ui, версия 2.1.1 (#405)

* Citylens 1.6.0 (#406)

* Update citylens to 1.5.0

* Bump appversion

* Fix citylens-api configmap

* Fix license server url template

* Fix review notes

* Update headerLinks

* Add camcom to headerLinks

* Fix page name in configmap

* Bump to 1.5.1

* Bump to 1.6.0

* Update breaking changes & bump app version in chart

* [navi-router] rename router.keyManagementServices to keys (#409)

* [navi-router] Remove trailing dots in param descriptions

* [navi-router] Rename router.keyManagementService -> keys

* [navi-router] Rename router.castleHost -> router.castleUrl

* WAPI-23469 Add configuration for audit logging (#414)

* WAPI-23469 Add configuration for audit logging

* fixes

* upd version tag

* fix duplication key

* [navi-restrictions] update to style guide (#408)

* [tiles-api] Upgrade to 4.52.8 (#416)

* WAPI-23326 Add new s3 params, custom ca configuration (#390)

* WAPI-23326 Add new s3 config params to keys and catalog-api charts

* WAPI-23326 Add custom certs configuration to keys, catalog-api charts

* fix typos

* more fixes

* fix configmap deploy

* split configmap config for jobs and deploys

* upd config for keys

* fix to keys chart

* upd image tags

* upd docs

* Chore: fix PR template (#418)

* [PRO-4789] поправили values для сервиса ключей

* Citylens 1.7.0 (#422)

* Citylens 1.7.0

* bump version to 1.7.1

* Make reporterProTracks deploy one or no replicas

* Bump version to 1.7.2

* [tiles-api] Upgrade to 4.52.9 (#421)

* [+] release 1.21.0 branch

* mapgl values fix

---------

Co-authored-by: Dmitriy Donov <[email protected]>
Co-authored-by: Voronkov Alexander <[email protected]>
Co-authored-by: Петр Беклемишев <[email protected]>
Co-authored-by: Andrey Morozov <[email protected]>
Co-authored-by: Vladimir Popov <[email protected]>
Co-authored-by: Dmitrii Molochnikov <[email protected]>
Co-authored-by: Artem Malko <[email protected]>
Co-authored-by: Alexander Voronkov <[email protected]>
Co-authored-by: i-bogomazov <[email protected]>
Co-authored-by: vgivanov <[email protected]>
Co-authored-by: Dmitry Milov <[email protected]>
Co-authored-by: ostrovskiy2gis <[email protected]>
Co-authored-by: Andrew Mikhailov <[email protected]>
Co-authored-by: Денис Беляев <[email protected]>
Co-authored-by: Kirill Salnikov <[email protected]>
Co-authored-by: Власов Сергей Сергеевич <[email protected]>

.github/pull_request_template.md

@@ -1,16 +1,21 @@
-Changelog:
+# Pull Request description
+
+
+## Changelog
 
 - `Some changes` (A description of the changes proposed in the pull request.)
 
-Issues:
+## Issues
 
 - `Issue-123` (Link to related issue)
 
-Steps for check:
+## Braking changes
+
+- If there are breaking changes, they need to be added to the file [Breaking-Changes](../Breaking-Changes.md)
+
+## Steps for check
 
 - `Step 1`
 - `...`
 - `Step n-1`
 - `Step n`
-
-[Breaking-Changes](../Breaking-Changes.md)

Breaking-Changes.md

@@ -1,5 +1,18 @@
 # 2GIS On-Premise Breaking-Changes
 
+## [1.21.0]
+
+### navi-restrictions
+- `api.api_key` renamed to `api.key`
+- `api.is_init_db` renamed to `api.isInitDb`
+- `db` renamed to `postgres`
+- `cron.max_attributes_fetcher_rps` renamed to `cron.maxAttributesFetcherRps`
+- `api.attractor_url`, `cron.edges_url_template` and `cron.edge_attributes_url_template` are deprecated. Set `naviBackHost` and `naviCastleHost` with `api.attractorUri`, `cron.edgeAttributesUriTemplate` and `cron.maxAttributesFetcherRps` instead
+- New values required `naviBackHost`, `naviCastleHost`
+
+### citylens
+- `worker.reporterProTracks.replicas` replaced with `worker.reporterProTracks.enabled`. One replica will be deployed if enabled.
+
 ## [1.20.0]
 
 ### navi-router

CHANGELOG.md

@@ -1,5 +1,32 @@
 # 2GIS On-Premise Changelog
 
+## [1.21.0] (2024-04-02)
+#### [Breaking-Changes](Breaking-Changes.md#1210)
+#### Images
+```
+catalog-api
+	- catalog-importer:1.1.0
+	+ catalog-importer:1.5.0
+citylens
+	- citylens-api:1.6.0
+	+ citylens-api:1.7.2
+	- citylens-database:1.6.0
+	+ citylens-database:1.7.0
+	- citylens-web:1.6.0
+	+ citylens-web:1.7.2
+keys
+	- keys-backend:1.78.0
+	+ keys-backend:1.79.0
+tiles-api
+	- tiles-api-importer:4.51.5
+	+ tiles-api-importer:4.52.9
+	- tiles-api-proxy:4.51.5
+	+ tiles-api-proxy:4.52.9
+	- tiles-api:4.51.5
+	+ tiles-api:4.52.9
+
+```
+
 ## [1.20.2] (2024-03-20)
 #### Images
 ```

charts/catalog-api/Chart.yaml

@@ -3,7 +3,7 @@ name: catalog-api
 type: application
 description: A Helm chart for Kubernetes to deploy Catalog APIs
 
-version: 1.20.2
+version: 1.21.0
 appVersion: 3.600.0
 
 maintainers:

charts/catalog-api/README.md

@@ -33,6 +33,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo
 | `nodeSelector`     | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)                                  | `{}`  |
 | `affinity`         | Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)                                   | `{}`  |
 | `tolerations`      | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings                                    | `[]`  |
+| `annotations`      | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).                                           | `{}`  |
 | `podAnnotations`   | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)                                        | `{}`  |
 | `podLabels`        | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)                                                  | `{}`  |
 | `imagePullSecrets` | Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | `[]`  |
@@ -47,13 +48,16 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo
 
 ### Deployment Artifacts Storage settings
 
-| Name                     | Description                                                                                                                                                                                                                                                           | Value |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
-| `dgctlStorage.host`      | S3 host. Format: `host:port`. **Required**                                                                                                                                                                                                                            | `""`  |
-| `dgctlStorage.bucket`    | S3 bucket name. **Required**                                                                                                                                                                                                                                          | `""`  |
-| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. **Required**                                                                                                                                                                                                                  | `""`  |
-| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. **Required**                                                                                                                                                                                                                  | `""`  |
-| `dgctlStorage.manifest`  | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json` <br> This file contains the description of pieces of data that the service requires to operate. **Required** | `""`  |
+| Name                     | Description                                                                                                                                                                                                                                                           | Value   |
+| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `dgctlStorage.host`      | S3 host. Format: `host:port`. **Required**                                                                                                                                                                                                                            | `""`    |
+| `dgctlStorage.region`    | S3 region name.                                                                                                                                                                                                                                                       | `""`    |
+| `dgctlStorage.secure`    | Set to `true` if dgctlStorage.host must be accessed via https. **Required**                                                                                                                                                                                           | `false` |
+| `dgctlStorage.verifySsl` | Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required**                                                                                                                                                           | `true`  |
+| `dgctlStorage.bucket`    | S3 bucket name. **Required**                                                                                                                                                                                                                                          | `""`    |
+| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. **Required**                                                                                                                                                                                                                  | `""`    |
+| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. **Required**                                                                                                                                                                                                                  | `""`    |
+| `dgctlStorage.manifest`  | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json` <br> This file contains the description of pieces of data that the service requires to operate. **Required** | `""`    |
 
 ### Strategy settings
 
@@ -186,7 +190,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo
 | Name                        | Description                                                                                   | Value                              |
 | --------------------------- | --------------------------------------------------------------------------------------------- | ---------------------------------- |
 | `importer.image.repository` | Repository                                                                                    | `2gis-on-premise/catalog-importer` |
-| `importer.image.tag`        | Tag                                                                                           | `1.1.0`                            |
+| `importer.image.tag`        | Tag                                                                                           | `1.5.0`                            |
 | `importer.image.pullPolicy` | Image [Pull Policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | `IfNotPresent`                     |
 
 ### importer.postgres **Database settings**
@@ -235,6 +239,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo
 | `importer.cleaner.resources.limits.cpu`      | A CPU limit      | `1000m` |
 | `importer.cleaner.resources.limits.memory`   | A memory limit   | `512Mi` |
 
+### customCAs **Custom Certificate Authority**
+
+| Name                  | Description                                                                                                                 | Value |
+| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- |
+| `customCAs.bundle`    | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""`  |
+| `customCAs.certsPath` | Custom CA bundle mount directory in the container.                                                                          | `""`  |
+
 
 ## Maintainers
 

charts/catalog-api/templates/api/deployment.yaml

@@ -2,9 +2,14 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "catalog.name" . }}
-  {{- if .Values.annotations }}
+  {{- if or .Values.annotations .Values.customCAs.bundle }}
   annotations:
-    {{- toYaml .Values.annotations | nindent 4 }}
+    {{- if .Values.customCAs.bundle }}
+    checksum/config: {{ include (print .Template.BasePath "/configmap-deploys.yaml") . | sha256sum }}
+    {{- end }}
+    {{- with .Values.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- end }}
   labels:
     {{- include "catalog.labels" . | nindent 4 }}
@@ -54,6 +59,17 @@ spec:
             {{- include "catalog.env.search" . | nindent 12 }}
             {{- include "catalog.env.keys" . | nindent 12 }}
             {{- include "catalog.env.license" . | nindent 12 }}
+            {{- if .Values.customCAs.bundle }}
+            {{- include "catalog.env.custom.ca.path" . | nindent 12 }}
+            {{- end }}
+          {{- if .Values.customCAs.bundle }}
+          volumeMounts:
+            {{- include "catalog.custom.ca.volumeMounts" . | nindent 12 }}
+          {{- end }}
+      {{- if .Values.customCAs.bundle }}
+      volumes:
+        {{- include "catalog.custom.ca.deploys.volumes" . | nindent 8 }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/catalog-api/templates/configmap-deploys.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.customCAs.bundle }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "catalog.configmap.deploys.name" . }}
+  labels:
+    {{- include "catalog.labels" . | nindent 4}}
+data:
+  custom-ca.crt: |-
+{{- .Values.customCAs.bundle | nindent 4 }}
+{{- end }}

charts/catalog-api/templates/configmap-jobs.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.customCAs.bundle }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "catalog.configmap.jobs.name" . }}
+  labels:
+    {{- include "catalog.labels" . | nindent 4}}
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
+    "helm.sh/hook-weight": "-10"
+data:
+  custom-ca.crt: |-
+{{- .Values.customCAs.bundle | nindent 4 }}
+{{- end }}

charts/catalog-api/templates/helpers.tpl

@@ -162,6 +162,12 @@ onprem
       key: importerDbPassword
 - name: IMPORTER_S3_ENDPOINT
   value: "{{ .Values.dgctlStorage.host }}"
+- name: IMPORTER_S3_REGION
+  value: "{{ .Values.dgctlStorage.region }}"
+- name: IMPORTER_S3_SECURE
+  value: "{{ .Values.dgctlStorage.secure }}"
+- name: IMPORTER_S3_VERIFY_SSL
+  value: "{{ .Values.dgctlStorage.verifySsl }}"
 - name: IMPORTER_S3_BUCKET
   value: "{{ .Values.dgctlStorage.bucket }}"
 - name: IMPORTER_S3_ACCESS_KEY
@@ -219,3 +225,39 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler.
 {{- print "autoscaling/v2" -}}
 {{- end -}}
 {{- end -}}
+
+{{- define "catalog.env.custom.ca.path" -}}
+- name: SSL_CERT_DIR
+  value: {{ include "catalog.custom.ca.mountPath" . }}
+{{- end }}
+
+{{- define "catalog.custom.ca.mountPath" -}}
+{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }}
+{{- end -}}
+
+{{- define "catalog.custom.ca.volumeMounts" -}}
+- name: custom-ca
+  mountPath: {{ include "catalog.custom.ca.mountPath" . }}/custom-ca.crt
+  subPath: custom-ca.crt
+  readOnly: true
+{{- end -}}
+
+{{- define "catalog.custom.ca.jobs.volumes" -}}
+- name: custom-ca
+  configMap:
+    name: {{ include "catalog.configmap.jobs.name" . }}
+{{- end -}}
+
+{{- define "catalog.custom.ca.deploys.volumes" -}}
+- name: custom-ca
+  configMap:
+    name: {{ include "catalog.configmap.deploys.name" . }}
+{{- end -}}
+
+{{- define "catalog.configmap.jobs.name" -}}
+{{ include "catalog.name" . }}-configmap-jobs
+{{- end -}}
+
+{{- define "catalog.configmap.deploys.name" -}}
+{{ include "catalog.name" . }}-configmap-deploys
+{{- end -}}

charts/catalog-api/templates/importer/cleaner/job.yaml

@@ -26,6 +26,17 @@ spec:
             {{- toYaml .Values.importer.cleaner.resources | nindent 12 }}
           env:
             {{- include "catalog.env.importer" . | nindent 12 }}
+            {{- if $.Values.customCAs.bundle }}
+            {{- include "catalog.env.custom.ca.path" . | nindent 12 }}
+            {{- end }}
+          {{- if .Values.customCAs.bundle }}
+          volumeMounts:
+            {{- include "catalog.custom.ca.volumeMounts" . | nindent 12 }}
+          {{- end }}
+      {{- if .Values.customCAs.bundle }}
+      volumes:
+        {{- include "catalog.custom.ca.jobs.volumes" . | nindent 8 }}
+      {{- end }}
       {{- with .Values.importer.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/catalog-api/templates/importer/job.yaml

@@ -34,17 +34,30 @@ spec:
             {{- toYaml .Values.importer.resources | nindent 12 }}
           env:
             {{- include "catalog.env.importer" . | nindent 12 }}
-          {{- if .Values.importer.persistentVolume.enabled }}
+            {{- if .Values.customCAs.bundle }}
+            {{- include "catalog.env.custom.ca.path" . | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.importer.persistentVolume.enabled .Values.customCAs.bundle }}
           volumeMounts:
+          {{- if .Values.importer.persistentVolume.enabled }}
             - name: {{ include "catalog.importer.name" . }}-pv
               mountPath: "/tmp"
           {{- end }}
-      {{- if .Values.importer.persistentVolume.enabled }}
+          {{- if .Values.customCAs.bundle }}
+            {{- include "catalog.custom.ca.volumeMounts" . | nindent 12 }}
+          {{- end }}
+          {{- end }}
+      {{- if or .Values.importer.persistentVolume.enabled .Values.customCAs.bundle }}
       volumes:
+      {{- if .Values.importer.persistentVolume.enabled }}
         - name: {{ include "catalog.importer.name" . }}-pv
           persistentVolumeClaim:
             claimName: {{ include "catalog.importer.name" . }}
       {{- end }}
+      {{- if .Values.customCAs.bundle }}
+        {{- include "catalog.custom.ca.jobs.volumes" . | nindent 8 }}
+      {{- end }}
+      {{- end }}
       {{- with .Values.importer.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/catalog-api/values.yaml

@@ -10,13 +10,15 @@ dgctlDockerRegistry: ''
 # @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)
 # @param affinity Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)
 # @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings
+# @param annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
 # @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)
 # @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)
 # @param imagePullSecrets Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)
 
 nodeSelector: {}
 affinity: {}
 tolerations: []
+annotations: {}
 podAnnotations: {}
 podLabels: {}
 imagePullSecrets: []
@@ -37,13 +39,19 @@ pdb:
 # @section Deployment Artifacts Storage settings
 
 # @param dgctlStorage.host S3 host. Format: `host:port`. **Required**
+# @param dgctlStorage.region S3 region name.
+# @param dgctlStorage.secure Set to `true` if dgctlStorage.host must be accessed via https. **Required**
+# @param dgctlStorage.verifySsl Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required**
 # @param dgctlStorage.bucket S3 bucket name. **Required**
 # @param dgctlStorage.accessKey S3 access key for accessing the bucket. **Required**
 # @param dgctlStorage.secretKey S3 secret key for accessing the bucket. **Required**
 # @param dgctlStorage.manifest The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json` <br> This file contains the description of pieces of data that the service requires to operate. **Required**
 
 dgctlStorage:
   host: ''
+  region: ''
+  secure: false
+  verifySsl: true
   bucket: ''
   accessKey: ''
   secretKey: ''
@@ -262,7 +270,7 @@ importer:
 
   image:
     repository: 2gis-on-premise/catalog-importer
-    tag: 1.1.0
+    tag: 1.5.0
     pullPolicy: IfNotPresent
 
   # @section importer.postgres **Database settings**
@@ -334,3 +342,16 @@ importer:
       limits:
         cpu: 1000m
         memory: 512Mi
+
+# @section customCAs **Custom Certificate Authority**
+
+# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1)
+# @param customCAs.certsPath Custom CA bundle mount directory in the container.
+
+customCAs:
+  bundle: ''
+# bundle: |
+    # -----BEGIN CERTIFICATE-----
+    # ...
+    # -----END CERTIFICATE-----
+  certsPath: ''

charts/citylens/Chart.yaml

@@ -3,8 +3,8 @@ name: citylens
 type: application
 description: A Helm chart for Kubernetes to deploy Citylens service
 
-version: 1.20.2
-appVersion: 1.6.0
+version: 1.21.0
+appVersion: 1.7.2
 
 maintainers:
 - name: 2gis