From d518f733756ef9d9b1b7015d509906152d6a1288 Mon Sep 17 00:00:00 2001
From: Andreas Geissler <andreas-geissler@telekom.de>
Date: Mon, 25 Mar 2024 11:15:11 +0100
Subject: [COMMON][READINESS] Update readiness image and use service feature

Update the ReadinessCheck (13.1.0) to support the "services" feature
of readiness image version 6.0.2 and use the feature in the charts
under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init,
postgres-init)
Additional exclude K8S API port (443) from Istio Sidecar communication
to allow CNI Plugin

Issue-ID: OOM-3280

Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
---
 kubernetes/common/postgres-init/templates/job.yaml | 6 ++++++
 kubernetes/common/postgres-init/values.yaml        | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'kubernetes/common/postgres-init')

diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 7fa2e9f4e8..b62bef878f 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -28,6 +28,12 @@ spec:
   backoffLimit: 20
   template:
     metadata:
+      annotations:
+        # Workarround to exclude K8S API from istio communication
+        # as init-container (readinessCheck) does not work with the
+        # Istio CNI plugin, see:
+        # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+        traffic.sidecar.istio.io/excludeOutboundPorts: "443"
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index d2eb090142..160e6720ed 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -19,6 +19,7 @@ global:
   postgres:
     service:
       name: pgset
+      name2: tcp-pgset-primary
     container:
       name: postgres
 
@@ -98,7 +99,8 @@ serviceAccount:
 
 readinessCheck:
   wait_for:
-    - '{{ .Values.global.postgres.container.name }}'
+    services:
+    - '{{ .Values.global.postgres.service.name2 }}'
 
 wait_for_job_container:
   containers:
-- 
cgit 1.2.3-korg