cortexlabs · deliahu · Sep 10, 2020 · Sep 7, 2020 · Sep 7, 2020 · Sep 7, 2020
diff --git a/cli/cmd/cluster.go b/cli/cmd/cluster.go
@@ -153,7 +153,7 @@ var _upCmd = &cobra.Command{
 exit.Error(err)
 }
 
-if clusterConfig.APIGatewaySetting == clusterconfig.EnabledAPIGatewaySetting {
+if clusterConfig.APIGatewaySetting == clusterconfig.PublicAPIGatewaySetting {
 err = createOrReplaceAPIGateway(awsClient, clusterConfig.ClusterName, clusterConfig.Tags)
 if err != nil {
 exit.Error(err)
@@ -162,14 +162,14 @@ var _upCmd = &cobra.Command{
 
 out, exitCode, err := runManagerWithClusterConfig("/root/install.sh", clusterConfig, awsCreds, _flagClusterEnv)
 if err != nil {
-if clusterConfig.APIGatewaySetting == clusterconfig.EnabledAPIGatewaySetting {
+if clusterConfig.APIGatewaySetting == clusterconfig.PublicAPIGatewaySetting {
 awsClient.DeleteAPIGatewayByTag(clusterconfig.ClusterNameTag, clusterConfig.ClusterName) // best effort deletion
 awsClient.DeleteVPCLinkByTag(clusterconfig.ClusterNameTag, clusterConfig.ClusterName) // best effort deletion
 }
 exit.Error(err)
 }
 if exitCode == nil || *exitCode != 0 {
-if clusterConfig.APIGatewaySetting == clusterconfig.EnabledAPIGatewaySetting {
+if clusterConfig.APIGatewaySetting == clusterconfig.PublicAPIGatewaySetting {
 awsClient.DeleteAPIGatewayByTag(clusterconfig.ClusterNameTag, clusterConfig.ClusterName) // best effort deletion
 awsClient.DeleteVPCLinkByTag(clusterconfig.ClusterNameTag, clusterConfig.ClusterName) // best effort deletion
 }

diff --git a/cli/cmd/lib_cluster_config.go b/cli/cmd/lib_cluster_config.go
@@ -464,7 +464,7 @@ func confirmInstallClusterConfig(clusterConfig *clusterconfig.Config, awsCreds A
 }
 fmt.Printf("cortex will also create an s3 bucket (%s) and a cloudwatch log group (%s)%s\n\n", clusterConfig.Bucket, clusterConfig.LogGroup, privateSubnetMsg)
 
-if clusterConfig.APIGatewaySetting == clusterconfig.DisabledAPIGatewaySetting {
+if clusterConfig.APIGatewaySetting == clusterconfig.NoneAPIGatewaySetting {
 fmt.Print("warning: you've disabled API Gateway cluster-wide, so APIs will not be able to create API Gateway endpoints (they will still be reachable via the API load balancer; see https://docs.cortex.dev/deployments/networking for more information)\n\n")
 }
 

diff --git a/cli/local/deploy.go b/cli/local/deploy.go
@@ -62,7 +62,7 @@ func Deploy(env cliconfig.Environment, configPath string, projectFileList []stri
 }
 }
 
-apiConfigs, err := spec.ExtractAPIConfigs(configBytes, types.LocalProviderType, configFileName)
+apiConfigs, err := spec.ExtractAPIConfigs(configBytes, types.LocalProviderType, configFileName, nil)
 if err != nil {
 return schema.DeployResponse{}, err
 }

diff --git a/docs/cluster-management/config.md b/docs/cluster-management/config.md
@@ -67,9 +67,9 @@ api_load_balancer_scheme: internet-facing # must be "internet-facing" or "inter
 operator_load_balancer_scheme: internet-facing # must be "internet-facing" or "internal"
 
 # whether to disable API gateway cluster-wide
-# if set to "enabled" (the default), each API can specify whether to use API Gateway
-# if set to "disabled", no APIs will be allowed to use API Gateway
-api_gateway: enabled # must be "enabled" or "disabled"
+# if set to "public" (the default), each API can specify whether to use API Gateway
+# if set to "none", no APIs will be allowed to use API Gateway
+api_gateway: public # must be "public" or "none"
 
 # CloudWatch log group for cortex (default: <cluster_name>)
 log_group: cortex

diff --git a/docs/deployments/batch-api/api-configuration.md b/docs/deployments/batch-api/api-configuration.md
@@ -20,7 +20,7 @@ Reference the section below which corresponds to your Predictor type: [Python](#
  env: <string: string> # dictionary of environment variables
  networking:
  endpoint: <string> # the endpoint for the API (default: <api_name>)
- api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public)
+ api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public, unless disabled cluster-wide)
  compute:
  cpu: <string | int | float> # CPU request per worker, e.g. 200m or 1 (200m is equivalent to 0.2) (default: 200m)
  gpu: <int> # GPU request per worker (default: 0)
@@ -55,7 +55,7 @@ See additional documentation for [compute](../compute.md), [networking](../netwo
  env: <string: string> # dictionary of environment variables
  networking:
  endpoint: <string> # the endpoint for the API (default: <api_name>)
- api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public)
+ api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public, unless disabled cluster-wide)
  compute:
  cpu: <string | int | float> # CPU request per worker, e.g. 200m or 1 (200m is equivalent to 0.2) (default: 200m)
  gpu: <int> # GPU request per worker (default: 0)
@@ -85,7 +85,7 @@ See additional documentation for [compute](../compute.md), [networking](../netwo
  env: <string: string> # dictionary of environment variables
  networking:
  endpoint: <string> # the endpoint for the API (default: <api_name>)
- api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public)
+ api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public, unless disabled cluster-wide)
  compute:
  cpu: <string | int | float> # CPU request per worker, e.g. 200m or 1 (200m is equivalent to 0.2) (default: 200m)
  gpu: <int> # GPU request per worker (default: 0)

diff --git a/docs/deployments/networking.md b/docs/deployments/networking.md
@@ -4,7 +4,7 @@ _WARNING: you are on the master branch, please refer to the docs on the branch t
 
 ![api architecture diagram](https://user-images.githubusercontent.com/808475/84695323-8507dd00-aeff-11ea-8b32-5a55cef76c79.png)
 
-APIs are deployed with a public API Gateway by default (the API Gateway forwards requests to the API load balancer). Each API can be independently configured to not create the API Gateway endpoint by setting `api_gateway: none` in the `networking` field of the [Realtime API configuration](realtime-api/api-configuration.md) and [Batch API configuration](batch-api/api-configuration.md). If the API Gateway endpoint is not created, your API can still be accessed via the API load balancer; `cortex get API_NAME` will show the load balancer endpoint if API Gateway is disabled. API Gateway is enabled by default, and is generally recommended unless it doesn't support your use case due to limitations such as the 29 second request timeout, or if you are keeping your APIs private to your VPC. See below for common configurations. To disable API Gateway cluster-wide (thereby enforcing that all APIs cannot create API Gateway endpoints), set `api_gateway: disabled` in your [cluster configuration](../cluster-management/config.md) file (before creating your cluster).
+APIs are deployed with a public API Gateway by default (the API Gateway forwards requests to the API load balancer). Each API can be independently configured to not create the API Gateway endpoint by setting `api_gateway: none` in the `networking` field of the [Realtime API configuration](realtime-api/api-configuration.md) and [Batch API configuration](batch-api/api-configuration.md). If the API Gateway endpoint is not created, your API can still be accessed via the API load balancer; `cortex get API_NAME` will show the load balancer endpoint if API Gateway is disabled. API Gateway is enabled by default, and is generally recommended unless it doesn't support your use case due to limitations such as the 29 second request timeout, or if you are keeping your APIs private to your VPC. See below for common configurations. To disable API Gateway cluster-wide (thereby enforcing that all APIs cannot create API Gateway endpoints), set `api_gateway: none` in your [cluster configuration](../cluster-management/config.md) file (before creating your cluster).
 
 By default, the API load balancer is public. You can configure your API load balancer to be private by setting `api_load_balancer_scheme: internal` in your [cluster configuration](../cluster-management/config.md) file (before creating your cluster). This will force external traffic to go through your API Gateway endpoint, or if you disabled API Gateway for your API, it will make your API only accessible through VPC Peering. Note that if API Gateway is used, endpoints will be public regardless of `api_load_balancer_scheme`. See below for common configurations.
 

diff --git a/docs/deployments/realtime-api/api-configuration.md b/docs/deployments/realtime-api/api-configuration.md
@@ -23,7 +23,7 @@ Reference the section below which corresponds to your Predictor type: [Python](#
  networking:
  endpoint: <string> # the endpoint for the API (aws only) (default: <api_name>)
  local_port: <int> # specify the port for API (local only) (default: 8888)
- api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public)
+ api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public, unless disabled cluster-wide)
  compute:
  cpu: <string | int | float> # CPU request per replica, e.g. 200m or 1 (200m is equivalent to 0.2) (default: 200m)
  gpu: <int> # GPU request per replica (default: 0)
@@ -80,7 +80,7 @@ See additional documentation for [parallelism](parallelism.md), [autoscaling](au
  networking:
  endpoint: <string> # the endpoint for the API (aws only) (default: <api_name>)
  local_port: <int> # specify the port for API (local only) (default: 8888)
- api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public)
+ api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public, unless disabled cluster-wide)
  compute:
  cpu: <string | int | float> # CPU request per replica, e.g. 200m or 1 (200m is equivalent to 0.2) (default: 200m)
  gpu: <int> # GPU request per replica (default: 0)
@@ -132,7 +132,7 @@ See additional documentation for [parallelism](parallelism.md), [autoscaling](au
  networking:
  endpoint: <string> # the endpoint for the API (aws only) (default: <api_name>)
  local_port: <int> # specify the port for API (local only) (default: 8888)
- api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public)
+ api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public, unless disabled cluster-wide)
  compute:
  cpu: <string | int | float> # CPU request per replica, e.g. 200m or 1 (200m is equivalent to 0.2) (default: 200m)
  gpu: <int> # GPU request per replica (default: 0)

diff --git a/docs/deployments/realtime-api/traffic-splitter.md b/docs/deployments/realtime-api/traffic-splitter.md
@@ -17,7 +17,7 @@ Traffic Splitter expects the target Realtime APIs to already be running or be in
  kind: TrafficSplitter # must be "TrafficSplitter", create an Traffic Splitter which routes traffic to multiple Realtime APIs
  networking:
  endpoint: <string> # the endpoint for the Traffic Splitter (default: <api_name>)
- api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public)
+ api_gateway: public | none # whether to create a public API Gateway endpoint for this API (if not, the load balancer will be accessed directly) (default: public, unless disabled cluster-wide)
  apis: # list of Realtime APIs to target
  - name: <string> # name of a Realtime API that is already running or is included in the same configuration file (required)
  weight: <int> # percentage of traffic to route to the Realtime API (all weights must sum to 100) (required)

diff --git a/manager/info.sh b/manager/info.sh
@@ -37,13 +37,13 @@ eksctl utils write-kubeconfig --cluster=$CORTEX_CLUSTER_NAME --region=$CORTEX_RE
 
 operator_endpoint=$(get_operator_endpoint)
 api_load_balancer_endpoint=$(get_api_load_balancer_endpoint)
-if [ "$CORTEX_API_GATEWAY" == "enabled" ]; then
+if [ "$CORTEX_API_GATEWAY" == "public" ]; then
  api_gateway_endpoint=$(get_api_gateway_endpoint)
 fi
 
 echo -e "\033[1mendpoints:\033[0m"
 echo "operator: $operator_endpoint" # before modifying this, search for this prefix
 echo "api load balancer: $api_load_balancer_endpoint"
-if [ "$CORTEX_API_GATEWAY" == "enabled" ]; then
+if [ "$CORTEX_API_GATEWAY" == "public" ]; then
  echo "api gateway: $api_gateway_endpoint"
 fi
diff --git a/manager/install.sh b/manager/install.sh
@@ -167,7 +167,7 @@ function main() {
  ensure_eks
 
  # create VPC Link for API Gateway
- if [ "$arg1" != "--update" ] && [ "$CORTEX_API_LOAD_BALANCER_SCHEME" == "internal" ] && [ "$CORTEX_API_GATEWAY" == "enabled" ]; then
+ if [ "$arg1" != "--update" ] && [ "$CORTEX_API_LOAD_BALANCER_SCHEME" == "internal" ] && [ "$CORTEX_API_GATEWAY" == "public" ]; then
  vpc_id=$(aws ec2 describe-vpcs --region $CORTEX_REGION --filters Name=tag:eksctl.cluster.k8s.io/v1alpha1/cluster-name,Values=$CORTEX_CLUSTER_NAME | jq .Vpcs[0].VpcId | tr -d '"')
  if [ "$vpc_id" = "" ] || [ "$vpc_id" = "null" ]; then
  echo "unable to find cortex vpc"
@@ -247,7 +247,7 @@ function main() {
  fi
 
  # add VPC Link integration to API Gateway
- if [ "$arg1" != "--update" ] && [ "$CORTEX_API_LOAD_BALANCER_SCHEME" == "internal" ] && [ "$CORTEX_API_GATEWAY" == "enabled" ]; then
+ if [ "$arg1" != "--update" ] && [ "$CORTEX_API_LOAD_BALANCER_SCHEME" == "internal" ] && [ "$CORTEX_API_GATEWAY" == "public" ]; then
  echo -n "￮ creating api gateway vpc link integration "
  api_id=$(python get_api_gateway_id.py)
  python create_gateway_integration.py $api_id $vpc_link_id

diff --git a/pkg/operator/config/config.go b/pkg/operator/config/config.go
@@ -86,7 +86,7 @@ func Init() error {
 fmt.Println(errors.Message(err))
 }
 
-if Cluster.APIGatewaySetting == clusterconfig.EnabledAPIGatewaySetting {
+if Cluster.APIGatewaySetting == clusterconfig.PublicAPIGatewaySetting {
 apiGateway, err := AWS.GetAPIGatewayByTag(clusterconfig.ClusterNameTag, Cluster.ClusterName)
 if err != nil {
 return err

diff --git a/pkg/operator/resources/errors.go b/pkg/operator/resources/errors.go
@@ -95,13 +95,8 @@ func ErrorAPIsNotDeployed(notDeployedAPIs []string) error {
 }
 
 func ErrorAPIGatewayDisabled(apiGatewayType userconfig.APIGatewayType) error {
-msg := fmt.Sprintf("%s is not permitted because api gateway is disabled cluster-wide", s.UserStr(apiGatewayType))
-if apiGatewayType == userconfig.PublicAPIGatewayType {
-msg += fmt.Sprintf(" (%s is the default value, and the valid values are %s)", s.UserStr(userconfig.PublicAPIGatewayType), s.UserStrsAnd(userconfig.APIGatewayTypeStrings()))
-}
-
 return errors.WithStack(&errors.Error{
 Kind: ErrAPIGatewayDisabled,
-Message: msg,
+Message: fmt.Sprintf("%s is not permitted because api gateway is disabled cluster-wide (valid values are %s)", s.UserStr(apiGatewayType), s.UserStrsAnd(userconfig.APIGatewayTypeStrings())),
 })
 }
diff --git a/pkg/operator/resources/resources.go b/pkg/operator/resources/resources.go
@@ -86,7 +86,7 @@ func Deploy(projectBytes []byte, configFileName string, configBytes []byte, forc
 ConfigFileName: configFileName,
 }
 
-apiConfigs, err := spec.ExtractAPIConfigs(configBytes, types.AWSProviderType, configFileName)
+apiConfigs, err := spec.ExtractAPIConfigs(configBytes, types.AWSProviderType, configFileName, &config.Cluster.Config)
 if err != nil {
 return nil, err
 }

diff --git a/pkg/operator/resources/validations.go b/pkg/operator/resources/validations.go
@@ -127,7 +127,7 @@ func ValidateClusterAPIs(apis []userconfig.API, projectFiles spec.ProjectFiles)
 }
 }
 
-if api.Networking.APIGateway != userconfig.NoneAPIGatewayType && config.Cluster.APIGatewaySetting == clusterconfig.DisabledAPIGatewaySetting {
+if api.Networking.APIGateway != userconfig.NoneAPIGatewayType && config.Cluster.APIGatewaySetting == clusterconfig.NoneAPIGatewaySetting {
 return errors.Wrap(ErrorAPIGatewayDisabled(api.Networking.APIGateway), api.Identify(), userconfig.NetworkingKey, userconfig.APIGatewayKey)
 }
 }

diff --git a/pkg/types/clusterconfig/api_gateway_setting.go b/pkg/types/clusterconfig/api_gateway_setting.go
@@ -17,14 +17,14 @@ type APIGatewaySetting int
 
 const (
 UnknownAPIGatewaySetting APIGatewaySetting = iota
-EnabledAPIGatewaySetting
-DisabledAPIGatewaySetting
+PublicAPIGatewaySetting
+NoneAPIGatewaySetting
 )
 
 var _apiGatewaySettings = []string{
 "unknown",
-"enabled",
-"disabled",
+"public",
+"none",
 }
 
 func APIGatewaySettingFromString(s string) APIGatewaySetting {

diff --git a/pkg/types/clusterconfig/clusterconfig.go b/pkg/types/clusterconfig/clusterconfig.go
@@ -322,7 +322,7 @@ var UserValidation = &cr.StructValidation{
 StructField: "APIGatewaySetting",
 StringValidation: &cr.StringValidation{
 AllowedValues: APIGatewaySettingStrings(),
-Default: EnabledAPIGatewaySetting.String(),
+Default: PublicAPIGatewaySetting.String(),
 },
 Parser: func(str string) (interface{}, error) {
 return APIGatewaySettingFromString(str), nil
-Original file line number
+Diff line change
@@ Expand Up @@
  }
  }
- if api.Networking.APIGateway != userconfig.NoneAPIGatewayType && config.Cluster.APIGatewaySetting == clusterconfig.DisabledAPIGatewaySetting {
+ if api.Networking.APIGateway != userconfig.NoneAPIGatewayType && config.Cluster.APIGatewaySetting == clusterconfig.NoneAPIGatewaySetting {
  return errors.Wrap(ErrorAPIGatewayDisabled(api.Networking.APIGateway), api.Identify(), userconfig.NetworkingKey, userconfig.APIGatewayKey)
  }
  }
@@ Expand Down @@