From d518f733756ef9d9b1b7015d509906152d6a1288 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 25 Mar 2024 11:15:11 +0100 Subject: [COMMON][READINESS] Update readiness image and use service feature Update the ReadinessCheck (13.1.0) to support the "services" feature of readiness image version 6.0.2 and use the feature in the charts under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init, postgres-init) Additional exclude K8S API port (443) from Istio Sidecar communication to allow CNI Plugin Issue-ID: OOM-3280 Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211 Signed-off-by: Andreas Geissler --- kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml | 7 +++++++ kubernetes/common/mariadb-galera/values.yaml | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'kubernetes/common/mariadb-galera') diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 4548626dd3..1a174d1bb2 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -32,6 +32,13 @@ spec: jobTemplate: spec: template: + metadata: + annotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} {{ include "common.podSecurityContext" . | indent 10 | trim}} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 29d643eb1e..9a27e605d8 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -329,8 +329,8 @@ backup: readinessCheck: wait_for: - apps: - - '{{ include "common.name" . }}' + services: + - '{{ include "common.servicename" . }}' ## TLS configuration ## -- cgit 1.2.3-korg