From d518f733756ef9d9b1b7015d509906152d6a1288 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 25 Mar 2024 11:15:11 +0100 Subject: [COMMON][READINESS] Update readiness image and use service feature Update the ReadinessCheck (13.1.0) to support the "services" feature of readiness image version 6.0.2 and use the feature in the charts under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init, postgres-init) Additional exclude K8S API port (443) from Istio Sidecar communication to allow CNI Plugin Issue-ID: OOM-3280 Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211 Signed-off-by: Andreas Geissler --- .../resources/yaml/environments_onap_demo.yaml | 2 +- kubernetes/aai/values.yaml | 2 +- .../common/dgbuilder/templates/deployment.yaml | 4 ++-- kubernetes/common/dgbuilder/values.yaml | 7 +++++++ kubernetes/common/etcd-init/templates/job.yaml | 10 ++++++++-- .../mariadb-galera/templates/backup/cronjob.yaml | 7 +++++++ kubernetes/common/mariadb-galera/values.yaml | 4 ++-- kubernetes/common/mariadb-init/templates/job.yaml | 21 +++++++-------------- kubernetes/common/mariadb-init/tests/job_test.yaml | 2 +- kubernetes/common/mariadb-init/values.yaml | 15 +++------------ kubernetes/common/network-name-gen/values.yaml | 7 +++++++ kubernetes/common/postgres-init/templates/job.yaml | 6 ++++++ kubernetes/common/postgres-init/values.yaml | 4 +++- kubernetes/common/readinessCheck/Chart.yaml | 2 +- .../readinessCheck/templates/_readinessCheck.tpl | 17 +++++++++++++++-- kubernetes/common/repositoryGenerator/values.yaml | 4 ++-- kubernetes/onap/resources/environments/dev.yaml | 2 +- .../overrides/onap-5g-network-slicing.yaml | 2 +- kubernetes/onap/values.yaml | 2 +- .../components/cmpv2-cert-provider/values.yaml | 2 +- kubernetes/sdc/components/sdc-cs/values.yaml | 2 +- .../so/components/so-admin-cockpit/values.yaml | 2 +- kubernetes/so/components/so-mariadb/values.yaml | 2 +- 23 files changed, 80 insertions(+), 48 deletions(-) diff --git a/docs/sections/resources/yaml/environments_onap_demo.yaml b/docs/sections/resources/yaml/environments_onap_demo.yaml index 492e5d2ff1..acc395dac4 100644 --- a/docs/sections/resources/yaml/environments_onap_demo.yaml +++ b/docs/sections/resources/yaml/environments_onap_demo.yaml @@ -13,7 +13,7 @@ global: repository: nexus3.onap.org:10001 repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== # readiness check - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.2 # logging agent loggingRepository: docker.elastic.co diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 395d8d6b17..a24805b149 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -25,7 +25,7 @@ global: # global defaults dockerhubRepository: docker.io busyboxImage: busybox - readinessImage: onap/oom/readiness:5.0.1 + readinessImage: onap/oom/readiness:6.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 5d3038bcb1..6ece89d34a 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -61,8 +61,8 @@ spec: - command: - /app/ready.py args: - - --app-name - - {{ .Values.config.dbPodName }} + - --service-name + - {{ .Values.config.dbServiceName }} env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index c4dcb2f40e..68cb86bd7e 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -166,6 +166,13 @@ resources: memory: "4Gi" unlimited: {} +podAnnotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" + #Pods Service Account serviceAccount: nameOverride: dgbuilder diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml index f1f1b0e27e..55526a34a1 100644 --- a/kubernetes/common/etcd-init/templates/job.yaml +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -27,6 +27,12 @@ spec: backoffLimit: {{ .Values.backoffLimit }} template: metadata: + annotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} @@ -37,8 +43,8 @@ spec: command: - /app/ready.py args: - - --container-name - - {{ .Values.etcd.containerName }} + - --service-name + - {{ .Values.etcd.serviceName }} env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 4548626dd3..1a174d1bb2 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -32,6 +32,13 @@ spec: jobTemplate: spec: template: + metadata: + annotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} {{ include "common.podSecurityContext" . | indent 10 | trim}} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 29d643eb1e..9a27e605d8 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -329,8 +329,8 @@ backup: readinessCheck: wait_for: - apps: - - '{{ include "common.name" . }}' + services: + - '{{ include "common.servicename" . }}' ## TLS configuration ## diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 0180fecf0e..2495e602f3 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -31,25 +31,18 @@ spec: backoffLimit: 20 template: metadata: + annotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: - {{- if .Values.global.mariadbGalera.localCluster }} - {{- if .Values.global.mariadbGalera.useOperator }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local_operator ) | indent 6 | trim }} - {{ else }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }} - {{- end }} - {{ else }} - {{- if .Values.global.mariadbGalera.useOperator }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global_operator ) | indent 6 | trim }} - {{ else }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }} - {{- end }} - {{- end }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.image.mariadb" . }} diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml index 170eaf3c96..31e04f0e2c 100644 --- a/kubernetes/common/mariadb-init/tests/job_test.yaml +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -36,7 +36,7 @@ tests: content: mariadb-galera - equal: path: spec.template.spec.initContainers[0].image - value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 + value: nexus3.onap.org:10001/onap/oom/readiness:6.0.2 - equal: path: spec.template.spec.initContainers[0].imagePullPolicy value: IfNotPresent diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index 5c181dded2..57dfb400c4 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -150,15 +150,6 @@ wait_for_job_container: - '{{ include "common.name" . }}' readinessCheck: - wait_for_global_operator: - pods: - - '{{ .Values.global.mariadbGalera.nameOverride }}-0' - wait_for_local_operator: - pods: - - '{{ index .Values "mariadb-galera" "nameOverride" }}-0' - wait_for_global: - apps: - - '{{ include "common.mariadbAppName" . }}' - wait_for_local: - apps: - - '{{ include "common.mariadbAppName" . }}' + wait_for: + services: + - '{{ include "common.mariadbService" . }}' diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index e028e39545..0b62705474 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -142,6 +142,13 @@ ingress: resources: {} +podAnnotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" + #Pods Service Account serviceAccount: nameOverride: network-name-gen diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 7fa2e9f4e8..b62bef878f 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -28,6 +28,12 @@ spec: backoffLimit: 20 template: metadata: + annotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml index d2eb090142..160e6720ed 100644 --- a/kubernetes/common/postgres-init/values.yaml +++ b/kubernetes/common/postgres-init/values.yaml @@ -19,6 +19,7 @@ global: postgres: service: name: pgset + name2: tcp-pgset-primary container: name: postgres @@ -98,7 +99,8 @@ serviceAccount: readinessCheck: wait_for: - - '{{ .Values.global.postgres.container.name }}' + services: + - '{{ .Values.global.postgres.service.name2 }}' wait_for_job_container: containers: diff --git a/kubernetes/common/readinessCheck/Chart.yaml b/kubernetes/common/readinessCheck/Chart.yaml index a53c7ab980..bb2986a9fb 100644 --- a/kubernetes/common/readinessCheck/Chart.yaml +++ b/kubernetes/common/readinessCheck/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: Template used to wait for other deployment/sts/jobs in onap name: readinessCheck -version: 13.0.0 +version: 13.1.0 dependencies: - name: common diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 879be1288f..51791fec13 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -42,6 +42,14 @@ pods: - test-pod + the powerful one allows also to wait for a service to be + available, which means all pods are deployed, which are + selected by the service definition: + wait_for: + name: myservice + services: + - mariadb-galera-service + the powerful one allows also to wait for pods with the given "app" label: wait_for: @@ -62,8 +70,8 @@ - .dot : environment (.) - .initRoot : the root dictionary of readinessCheck submodule (default to .Values.readinessCheck) - - .wait_for : list of containers / pods /apps / jobs to wait for (default to - .Values.wait_for) + - .wait_for : list of service / containers / pods /apps / jobs to wait for + (default to .Values.wait_for) Example calls: {{ include "common.readinessCheck.waitFor" . }} @@ -76,6 +84,7 @@ {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} {{- $wait_for := default $initRoot.wait_for .wait_for -}} {{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}} +{{- $services := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "services" -}} {{- $pods := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "pods" -}} {{- $apps := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "apps" -}} {{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}} @@ -97,6 +106,10 @@ - --pod-name - {{ tpl $pod $dot }} {{- end }} + {{- range $service := default (list) $services }} + - --service-name + - {{ tpl $service $dot }} + {{- end }} {{- range $app := default (list) $apps }} - --app-name - {{ tpl $app $dot }} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 03ffddafd1..3b1acd9946 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -39,10 +39,10 @@ global: mariadbImage: bitnami/mariadb:10.5.8 nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 - readinessImage: onap/oom/readiness:5.0.1 + readinessImage: onap/oom/readiness:6.0.2 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15 - quitQuitImage: onap/oom/readiness:5.0.1 + quitQuitImage: onap/oom/readiness:6.0.2 # Default credentials # they're optional. If the target repository doesn't need them, comment them diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index c2b4403e33..e0ceea608a 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -32,7 +32,7 @@ global: #repository: nexus3.onap.org:10001 # readiness check - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.2 # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index a51106f92b..0a4a2f856b 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -35,7 +35,7 @@ global: password: docker # readiness check - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.2 # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 7f558374ae..75c2dacc00 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -89,7 +89,7 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 # readiness check image - readinessImage: onap/oom/readiness:5.0.1 + readinessImage: onap/oom/readiness:6.0.2 # image pull policy pullPolicy: Always diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index b038b5264b..94416b4a7d 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -15,7 +15,7 @@ # Global global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 busyboxRepository: registry.hub.docker.com diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 2c896ea77f..f6317b7af9 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 sdc_cassandra: diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml index c10b509734..2ec3d2ea4d 100644 --- a/kubernetes/so/components/so-admin-cockpit/values.yaml +++ b/kubernetes/so/components/so-admin-cockpit/values.yaml @@ -26,7 +26,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:6.0.2 envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml index 6fdfd75dde..39d5e084ca 100755 --- a/kubernetes/so/components/so-mariadb/values.yaml +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -22,7 +22,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessImage: onap/oom/readiness:5.0.1 + readinessImage: onap/oom/readiness:6.0.2 ubuntuInitRepository: docker.io mariadbGalera: # flag to enable the DB creation via mariadb-operator -- cgit 1.2.3-korg