From c50f0892fc601eb3d0e237c04b3f54019de513b1 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Wed, 14 Jun 2023 14:21:31 +0200 Subject: [POLICY] Correct clamp timeouts and enable sidecars in jobs again Clamp pods take longer to start in "small" flavor case and require 60 seconds to startup. Revert the Istio Sidecar removal in MariaDB jobs, as they are not the root cause of the startup issue. Issue-ID: OOM-3186 Signed-off-by: Andreas Geissler Change-Id: I0f3fd6a55e851640617bc3b0de8f96a0fe33d765 --- kubernetes/policy/templates/job.yaml | 84 ++++++++++++++++++++++++++++++++---- 1 file changed, 76 insertions(+), 8 deletions(-) (limited to 'kubernetes/policy/templates') diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index f0e91e8350..2503c6fd5f 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -32,8 +32,6 @@ spec: app: {{ include "common.name" . }}-galera-init release: {{ include "common.release" . }} name: {{ include "common.name" . }}-galera-init - annotations: - sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -63,6 +61,8 @@ spec: - /bin/sh - -cx - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /dbcmd-config/db.sh env: - name: MYSQL_ROOT_PASSWORD @@ -74,6 +74,23 @@ spec: - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" resources: {{ include "common.resources" . | nindent 10 }} + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -103,8 +120,6 @@ spec: app: {{ include "common.name" . }}-pg-init release: {{ include "common.release" . }} name: {{ include "common.name" . }}-pg-init - annotations: - sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -121,6 +136,8 @@ spec: - /bin/sh - -cx - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /docker-entrypoint-initdb.d/db-pg.sh env: - name: PG_ADMIN_PASSWORD @@ -134,6 +151,23 @@ spec: - name: PG_PORT value: "{{ .Values.postgres.service.internalPort }}" resources: {{ include "common.resources" . | nindent 10 }} + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -163,8 +197,6 @@ spec: app: {{ include "common.name" . }}-galera-config release: {{ include "common.release" . }} name: {{ include "common.name" . }}-galera-config - annotations: - sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -195,6 +227,8 @@ spec: - /bin/sh - -cx - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /dbcmd-config/db_migrator_policy_init.sh env: - name: SQL_HOST @@ -210,6 +244,23 @@ spec: - name: SCRIPT_DIRECTORY value: "sql" resources: {{ include "common.resources" . | nindent 10 }} + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -238,8 +289,6 @@ spec: app: {{ include "common.name" . }}-pg-config release: {{ include "common.release" . }} name: {{ include "common.name" . }}-pg-config - annotations: - sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -270,6 +319,8 @@ spec: - /bin/sh - -cx - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /dbcmd-config/db_migrator_pg_policy_init.sh env: - name: SQL_HOST @@ -287,6 +338,23 @@ spec: - name: PGPASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} resources: {{ include "common.resources" . | nindent 10 }} + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -- cgit 1.2.3-korg