[COMMON][READINESS] Update readiness image and use service feature
Update the ReadinessCheck (13.1.0) to support the "services" feature
of readiness image version 6.0.2 and use the feature in the charts
under common (dgbuilder, etcd-init, mariadb-galera, mariadb-init,
postgres-init)
Additional exclude K8S API port (443) from Istio Sidecar communication
to allow CNI Plugin
Issue-ID: OOM-3280
Change-Id: Ibe030aa9debfc82e88f2ce5e309dd6fa2250f211
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 395d8d6..a24805b 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -25,7 +25,7 @@
dockerhubRepository: docker.io
busyboxImage: busybox
- readinessImage: onap/oom/readiness:5.0.1
+ readinessImage: onap/oom/readiness:6.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index 5d3038b..6ece89d 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -61,8 +61,8 @@
- command:
- /app/ready.py
args:
- - --app-name
- - {{ .Values.config.dbPodName }}
+ - --service-name
+ - {{ .Values.config.dbServiceName }}
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index c4dcb2f..68cb86b 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -166,6 +166,13 @@
memory: "4Gi"
unlimited: {}
+podAnnotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
+
#Pods Service Account
serviceAccount:
nameOverride: dgbuilder
diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml
index f1f1b0e..55526a3 100644
--- a/kubernetes/common/etcd-init/templates/job.yaml
+++ b/kubernetes/common/etcd-init/templates/job.yaml
@@ -27,6 +27,12 @@
backoffLimit: {{ .Values.backoffLimit }}
template:
metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
@@ -37,8 +43,8 @@
command:
- /app/ready.py
args:
- - --container-name
- - {{ .Values.etcd.containerName }}
+ - --service-name
+ - {{ .Values.etcd.serviceName }}
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
index 4548626..1a174d1 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
@@ -32,6 +32,13 @@
jobTemplate:
spec:
template:
+ metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
{{ include "common.podSecurityContext" . | indent 10 | trim}}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 29d643e..9a27e60 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -329,8 +329,8 @@
readinessCheck:
wait_for:
- apps:
- - '{{ include "common.name" . }}'
+ services:
+ - '{{ include "common.servicename" . }}'
## TLS configuration
##
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 0180fec..2495e60 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -31,25 +31,18 @@
backoffLimit: 20
template:
metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
- {{- if .Values.global.mariadbGalera.localCluster }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
- {{- end }}
- {{ else }}
- {{- if .Values.global.mariadbGalera.useOperator }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global_operator ) | indent 6 | trim }}
- {{ else }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
- {{- end }}
- {{- end }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.image.mariadb" . }}
diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml
index 170eaf3..31e04f0 100644
--- a/kubernetes/common/mariadb-init/tests/job_test.yaml
+++ b/kubernetes/common/mariadb-init/tests/job_test.yaml
@@ -36,7 +36,7 @@
content: mariadb-galera
- equal:
path: spec.template.spec.initContainers[0].image
- value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+ value: nexus3.onap.org:10001/onap/oom/readiness:6.0.2
- equal:
path: spec.template.spec.initContainers[0].imagePullPolicy
value: IfNotPresent
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 5c181dd..57dfb40 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -150,15 +150,6 @@
- '{{ include "common.name" . }}'
readinessCheck:
- wait_for_global_operator:
- pods:
- - '{{ .Values.global.mariadbGalera.nameOverride }}-0'
- wait_for_local_operator:
- pods:
- - '{{ index .Values "mariadb-galera" "nameOverride" }}-0'
- wait_for_global:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
- wait_for_local:
- apps:
- - '{{ include "common.mariadbAppName" . }}'
+ wait_for:
+ services:
+ - '{{ include "common.mariadbService" . }}'
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index e028e39..0b62705 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -142,6 +142,13 @@
resources: {}
+podAnnotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
+
#Pods Service Account
serviceAccount:
nameOverride: network-name-gen
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 7fa2e9f..b62bef8 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -28,6 +28,12 @@
backoffLimit: 20
template:
metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index d2eb090..160e672 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -19,6 +19,7 @@
postgres:
service:
name: pgset
+ name2: tcp-pgset-primary
container:
name: postgres
@@ -98,7 +99,8 @@
readinessCheck:
wait_for:
- - '{{ .Values.global.postgres.container.name }}'
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
wait_for_job_container:
containers:
diff --git a/kubernetes/common/readinessCheck/Chart.yaml b/kubernetes/common/readinessCheck/Chart.yaml
index a53c7ab..bb2986a 100644
--- a/kubernetes/common/readinessCheck/Chart.yaml
+++ b/kubernetes/common/readinessCheck/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: Template used to wait for other deployment/sts/jobs in onap
name: readinessCheck
-version: 13.0.0
+version: 13.1.0
dependencies:
- name: common
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 879be12..51791fe 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -42,6 +42,14 @@
pods:
- test-pod
+ the powerful one allows also to wait for a service to be
+ available, which means all pods are deployed, which are
+ selected by the service definition:
+ wait_for:
+ name: myservice
+ services:
+ - mariadb-galera-service
+
the powerful one allows also to wait for pods with the
given "app" label:
wait_for:
@@ -62,8 +70,8 @@
- .dot : environment (.)
- .initRoot : the root dictionary of readinessCheck submodule
(default to .Values.readinessCheck)
- - .wait_for : list of containers / pods /apps / jobs to wait for (default to
- .Values.wait_for)
+ - .wait_for : list of service / containers / pods /apps / jobs to wait for
+ (default to .Values.wait_for)
Example calls:
{{ include "common.readinessCheck.waitFor" . }}
@@ -76,6 +84,7 @@
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- $wait_for := default $initRoot.wait_for .wait_for -}}
{{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}}
+{{- $services := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "services" -}}
{{- $pods := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "pods" -}}
{{- $apps := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "apps" -}}
{{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
@@ -97,6 +106,10 @@
- --pod-name
- {{ tpl $pod $dot }}
{{- end }}
+ {{- range $service := default (list) $services }}
+ - --service-name
+ - {{ tpl $service $dot }}
+ {{- end }}
{{- range $app := default (list) $apps }}
- --app-name
- {{ tpl $app $dot }}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 03ffdda..3b1acd9 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -39,10 +39,10 @@
mariadbImage: bitnami/mariadb:10.5.8
nginxImage: bitnami/nginx:1.21.4
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
- readinessImage: onap/oom/readiness:5.0.1
+ readinessImage: onap/oom/readiness:6.0.2
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15
- quitQuitImage: onap/oom/readiness:5.0.1
+ quitQuitImage: onap/oom/readiness:6.0.2
# Default credentials
# they're optional. If the target repository doesn't need them, comment them
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index c2b4403..e0ceea6 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -32,7 +32,7 @@
#repository: nexus3.onap.org:10001
# readiness check
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.2
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index a51106f..0a4a2f8 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -35,7 +35,7 @@
password: docker
# readiness check
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.2
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 7f55837..75c2dac 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -89,7 +89,7 @@
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
# readiness check image
- readinessImage: onap/oom/readiness:5.0.1
+ readinessImage: onap/oom/readiness:6.0.2
# image pull policy
pullPolicy: Always
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index b038b52..94416b4 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -15,7 +15,7 @@
# Global
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: registry.hub.docker.com
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index 2c896ea..f6317b7 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -18,7 +18,7 @@
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
sdc_cassandra:
diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml
index c10b509..2ec3d2e 100644
--- a/kubernetes/so/components/so-admin-cockpit/values.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/values.yaml
@@ -26,7 +26,7 @@
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.2
envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml
index 6fdfd75..39d5e08 100755
--- a/kubernetes/so/components/so-mariadb/values.yaml
+++ b/kubernetes/so/components/so-mariadb/values.yaml
@@ -22,7 +22,7 @@
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:5.0.1
+ readinessImage: onap/oom/readiness:6.0.2
ubuntuInitRepository: docker.io
mariadbGalera:
# flag to enable the DB creation via mariadb-operator