[COMMON][READINESS] Update readiness image and use service feature

Update the ReadinessCheck (13.1.0) to support the "services" feature
of readiness image version 6.0.2 and use the feature in the charts
under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init,
postgres-init)
Additional exclude K8S API port (443) from Istio Sidecar communication
to allow CNI Plugin

Issue-ID: OOM-3280

Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>

23 files changed, 80 insertions, 48 deletions

diff --git a/docs/sections/resources/yaml/environments_onap_demo.yaml b/docs/sections/resources/yaml/environments_onap_demo.yaml
index 492e5d2ff1..acc395dac4 100644
--- a/docs/sections/resources/yaml/environments_onap_demo.yaml
+++ b/docs/sections/resources/yaml/environments_onap_demo.yaml
@@ -13,7 +13,7 @@ global:
   repository: nexus3.onap.org:10001
   repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
   # readiness check
-  readinessImage: onap/oom/readiness:3.0.1
+  readinessImage: onap/oom/readiness:6.0.2
   # logging agent
   loggingRepository: docker.elastic.co
 
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 395d8d6b17..a24805b149 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -25,7 +25,7 @@ global: # global defaults
   dockerhubRepository: docker.io
   busyboxImage: busybox
 
-  readinessImage: onap/oom/readiness:5.0.1
+  readinessImage: onap/oom/readiness:6.0.2
 
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index 5d3038bcb1..6ece89d34a 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -61,8 +61,8 @@ spec:
       - command:
         - /app/ready.py
         args:
-        - --app-name
-        - {{ .Values.config.dbPodName }}
+        - --service-name
+        - {{ .Values.config.dbServiceName }}
         env:
         - name: NAMESPACE
           valueFrom:
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index c4dcb2f40e..68cb86bd7e 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -166,6 +166,13 @@ resources:
       memory: "4Gi"
   unlimited: {}
 
+podAnnotations:
+  # Workarround to exclude K8S API from istio communication
+  # as init-container (readinessCheck) does not work with the
+  # Istio CNI plugin, see:
+  # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+  traffic.sidecar.istio.io/excludeOutboundPorts: "443"
+
 #Pods Service Account
 serviceAccount:
   nameOverride: dgbuilder
diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml
index f1f1b0e27e..55526a34a1 100644
--- a/kubernetes/common/etcd-init/templates/job.yaml
+++ b/kubernetes/common/etcd-init/templates/job.yaml
@@ -27,6 +27,12 @@ spec:
   backoffLimit: {{ .Values.backoffLimit }}
   template:
     metadata:
+      annotations:
+        # Workarround to exclude K8S API from istio communication
+        # as init-container (readinessCheck) does not work with the
+        # Istio CNI plugin, see:
+        # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+        traffic.sidecar.istio.io/excludeOutboundPorts: "443"
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
@@ -37,8 +43,8 @@ spec:
         command:
         - /app/ready.py
         args:
-        - --container-name
-        - {{ .Values.etcd.containerName }}
+        - --service-name
+        - {{ .Values.etcd.serviceName }}
         env:
         - name: NAMESPACE
           valueFrom:
diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
index 4548626dd3..1a174d1bb2 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
@@ -32,6 +32,13 @@ spec:
   jobTemplate:
     spec:
       template:
+        metadata:
+          annotations:
+            # Workarround to exclude K8S API from istio communication
+            # as init-container (readinessCheck) does not work with the
+            # Istio CNI plugin, see:
+            # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+            traffic.sidecar.istio.io/excludeOutboundPorts: "443"
         spec:
           serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
           {{ include "common.podSecurityContext" . | indent 10 | trim}}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 29d643eb1e..9a27e605d8 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -329,8 +329,8 @@ backup:
 
 readinessCheck:
   wait_for:
-    apps:
-      - '{{ include "common.name" . }}'
+    services:
+      - '{{ include "common.servicename" . }}'
 
 ## TLS configuration
 ##
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 0180fecf0e..2495e602f3 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -31,25 +31,18 @@ spec:
   backoffLimit: 20
   template:
     metadata:
+      annotations:
+        # Workarround to exclude K8S API from istio communication
+        # as init-container (readinessCheck) does not work with the
+        # Istio CNI plugin, see:
+        # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+        traffic.sidecar.istio.io/excludeOutboundPorts: "443"
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
       name: {{ include "common.name" . }}
     spec:
-      initContainers:
-      {{- if .Values.global.mariadbGalera.localCluster }}
-      {{-   if .Values.global.mariadbGalera.useOperator }}
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local_operator ) | indent 6 | trim }}
-      {{    else }}
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
-      {{-   end }}
-      {{ else }}
-      {{-   if .Values.global.mariadbGalera.useOperator }}
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global_operator ) | indent 6 | trim }}
-      {{   else }}
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
-      {{-   end }}
-      {{- end }}
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       containers:
       - name: {{ include "common.name" . }}
         image: {{ include "repositoryGenerator.image.mariadb" . }}
diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml
index 170eaf3c96..31e04f0e2c 100644
--- a/kubernetes/common/mariadb-init/tests/job_test.yaml
+++ b/kubernetes/common/mariadb-init/tests/job_test.yaml
@@ -36,7 +36,7 @@ tests:
           content: mariadb-galera
       - equal:
           path: spec.template.spec.initContainers[0].image
-          value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+          value: nexus3.onap.org:10001/onap/oom/readiness:6.0.2
       - equal:
           path: spec.template.spec.initContainers[0].imagePullPolicy
           value: IfNotPresent
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 5c181dded2..57dfb400c4 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -150,15 +150,6 @@ wait_for_job_container:
     - '{{ include "common.name" . }}'
 
 readinessCheck:
-  wait_for_global_operator:
-    pods:
-      - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
-  wait_for_local_operator:
-    pods:
-      - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
-  wait_for_global:
-    apps:
-      - '{{ include "common.mariadbAppName" . }}'
-  wait_for_local:
-    apps:
-      - '{{ include "common.mariadbAppName" . }}'
+  wait_for:
+    services:
+    - '{{ include "common.mariadbService" . }}'
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index e028e39545..0b62705474 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -142,6 +142,13 @@ ingress:
 
 resources: {}
 
+podAnnotations:
+  # Workarround to exclude K8S API from istio communication
+  # as init-container (readinessCheck) does not work with the
+  # Istio CNI plugin, see:
+  # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+  traffic.sidecar.istio.io/excludeOutboundPorts: "443"
+
 #Pods Service Account
 serviceAccount:
   nameOverride: network-name-gen
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 7fa2e9f4e8..b62bef878f 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -28,6 +28,12 @@ spec:
   backoffLimit: 20
   template:
     metadata:
+      annotations:
+        # Workarround to exclude K8S API from istio communication
+        # as init-container (readinessCheck) does not work with the
+        # Istio CNI plugin, see:
+        # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+        traffic.sidecar.istio.io/excludeOutboundPorts: "443"
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index d2eb090142..160e6720ed 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -19,6 +19,7 @@ global:
   postgres:
     service:
       name: pgset
+      name2: tcp-pgset-primary
     container:
       name: postgres
 
@@ -98,7 +99,8 @@ serviceAccount:
 
 readinessCheck:
   wait_for:
-    - '{{ .Values.global.postgres.container.name }}'
+    services:
+    - '{{ .Values.global.postgres.service.name2 }}'
 
 wait_for_job_container:
   containers:
diff --git a/kubernetes/common/readinessCheck/Chart.yaml b/kubernetes/common/readinessCheck/Chart.yaml
index a53c7ab980..bb2986a9fb 100644
--- a/kubernetes/common/readinessCheck/Chart.yaml
+++ b/kubernetes/common/readinessCheck/Chart.yaml
@@ -17,7 +17,7 @@
 apiVersion: v2
 description: Template used to wait for other deployment/sts/jobs in onap
 name: readinessCheck
-version: 13.0.0
+version: 13.1.0
 
 dependencies:
   - name: common
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 879be1288f..51791fec13 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -42,6 +42,14 @@
     pods:
       - test-pod
 
+  the powerful one allows also to wait for a service to be
+  available, which means all pods are deployed, which are
+  selected by the service definition:
+  wait_for:
+    name: myservice
+    services:
+      - mariadb-galera-service
+
   the powerful one allows also to wait for pods with the
   given "app" label:
   wait_for:
@@ -62,8 +70,8 @@
      - .dot : environment (.)
      - .initRoot : the root dictionary of readinessCheck submodule
                    (default to .Values.readinessCheck)
-     - .wait_for : list of containers / pods /apps / jobs to wait for (default to
-                   .Values.wait_for)
+     - .wait_for : list of service / containers / pods /apps / jobs to wait for
+                   (default to .Values.wait_for)
 
   Example calls:
     {{ include "common.readinessCheck.waitFor" . }}
@@ -76,6 +84,7 @@
 {{-   $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
 {{-   $wait_for := default $initRoot.wait_for .wait_for -}}
 {{-   $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}}
+{{-   $services := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "services" -}}
 {{-   $pods := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "pods" -}}
 {{-   $apps := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "apps" -}}
 {{-   $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
@@ -97,6 +106,10 @@
   - --pod-name
   - {{ tpl $pod $dot }}
   {{- end }}
+  {{- range $service := default (list) $services }}
+  - --service-name
+  - {{ tpl $service $dot }}
+  {{- end }}
   {{- range $app := default (list) $apps }}
   - --app-name
   - {{ tpl $app $dot }}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 03ffddafd1..3b1acd9946 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -39,10 +39,10 @@ global:
   mariadbImage: bitnami/mariadb:10.5.8
   nginxImage: bitnami/nginx:1.21.4
   postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
-  readinessImage: onap/oom/readiness:5.0.1
+  readinessImage: onap/oom/readiness:6.0.2
   dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
   drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15
-  quitQuitImage: onap/oom/readiness:5.0.1
+  quitQuitImage: onap/oom/readiness:6.0.2
 
   # Default credentials
   # they're optional. If the target repository doesn't need them, comment them
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index c2b4403e33..e0ceea608a 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -32,7 +32,7 @@ global:
   #repository: nexus3.onap.org:10001
 
   # readiness check
-  readinessImage: onap/oom/readiness:3.0.1
+  readinessImage: onap/oom/readiness:6.0.2
 
   # logging agent - temporary repo until images migrated to nexus3
   loggingRepository: docker.elastic.co
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index a51106f92b..0a4a2f856b 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -35,7 +35,7 @@ global:
     password: docker
 
   # readiness check
-  readinessImage: onap/oom/readiness:3.0.1
+  readinessImage: onap/oom/readiness:6.0.2
 
   # logging agent - temporary repo until images migrated to nexus3
   loggingRepository: docker.elastic.co
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 7f558374ae..75c2dacc00 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -89,7 +89,7 @@ global:
   postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
 
   # readiness check image
-  readinessImage: onap/oom/readiness:5.0.1
+  readinessImage: onap/oom/readiness:6.0.2
 
   # image pull policy
   pullPolicy: Always
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index b038b5264b..94416b4a7d 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -15,7 +15,7 @@
 # Global
 global:
   nodePortPrefix: 302
-  readinessImage: onap/oom/readiness:3.0.1
+  readinessImage: onap/oom/readiness:6.0.2
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   busyboxRepository: registry.hub.docker.com
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index 2c896ea77f..f6317b7af9 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -18,7 +18,7 @@
 #################################################################
 global:
   nodePortPrefix: 302
-  readinessImage: onap/oom/readiness:3.0.1
+  readinessImage: onap/oom/readiness:6.0.2
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   sdc_cassandra:
diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml
index c10b509734..2ec3d2ea4d 100644
--- a/kubernetes/so/components/so-admin-cockpit/values.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/values.yaml
@@ -26,7 +26,7 @@ global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
   repository: nexus3.onap.org:10001
-  readinessImage: onap/oom/readiness:3.0.1
+  readinessImage: onap/oom/readiness:6.0.2
   envsubstImage: dibi/envsubst
   persistence:
     mountPath: /dockerdata-nfs
diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml
index 6fdfd75dde..39d5e084ca 100755
--- a/kubernetes/so/components/so-mariadb/values.yaml
+++ b/kubernetes/so/components/so-mariadb/values.yaml
@@ -22,7 +22,7 @@ global:
   nodePortPrefix: 302
   nodePortPrefixExt: 304
   repository: nexus3.onap.org:10001
-  readinessImage: onap/oom/readiness:5.0.1
+  readinessImage: onap/oom/readiness:6.0.2
   ubuntuInitRepository: docker.io
   mariadbGalera:
     # flag to enable the DB creation via mariadb-operator