From d518f733756ef9d9b1b7015d509906152d6a1288 Mon Sep 17 00:00:00 2001
From: Andreas Geissler <andreas-geissler@telekom.de>
Date: Mon, 25 Mar 2024 11:15:11 +0100
Subject: [COMMON][READINESS] Update readiness image and use service feature

Update the ReadinessCheck (13.1.0) to support the "services" feature
of readiness image version 6.0.2 and use the feature in the charts
under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init,
postgres-init)
Additional exclude K8S API port (443) from Istio Sidecar communication
to allow CNI Plugin

Issue-ID: OOM-3280

Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
---
 kubernetes/common/dgbuilder/values.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'kubernetes/common/dgbuilder/values.yaml')

diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index c4dcb2f40e..68cb86bd7e 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -166,6 +166,13 @@ resources:
       memory: "4Gi"
   unlimited: {}
 
+podAnnotations:
+  # Workarround to exclude K8S API from istio communication
+  # as init-container (readinessCheck) does not work with the
+  # Istio CNI plugin, see:
+  # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+  traffic.sidecar.istio.io/excludeOutboundPorts: "443"
+
 #Pods Service Account
 serviceAccount:
   nameOverride: dgbuilder
-- 
cgit 1.2.3-korg