[COMMON][MARIABD] MariaDB ServiceMesh compatibility

Update the port names of metrics and mariadb to match the
istio requirements and update the timeouts.
Fix mysql protocol setup for istio and update mariadb-init job
to support istio sidecar communication.
This is separated from a patch for CDS SM compatibility

Issue-ID: OOM-2820

Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I02c19c9fcfbd76a2cede0b924174ad81b45d719e

diff --git a/kubernetes/common/common/templates/_serviceMonitor.tpl b/kubernetes/common/common/templates/_serviceMonitor.tpl
index 81d7a74..907d9c6 100644 (file)
--- a/kubernetes/common/common/templates/_serviceMonitor.tpl
+++ b/kubernetes/common/common/templates/_serviceMonitor.tpl
@@ -135,7 +135,7 @@ spec:
     {{- else if $dot.Values.metrics.serviceMonitor.targetPort }}
     targetPort: {{ $dot.Values.metrics.serviceMonitor.targetPort }}
     {{- else }}
-    port: metrics
+    port: tcp-metrics
     {{- end }}
     {{- if $dot.Values.metrics.serviceMonitor.isHttps }}
     scheme: https

diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
index e71351e..841aab3 100644 (file)
--- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
+++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
@@ -27,8 +27,8 @@ metadata:
 spec:
   type: {{ .Values.metrics.service.type }}
   ports:
-    - name: metrics
+    - name: tcp-metrics
       port: {{ .Values.metrics.service.port }}
-      targetPort: metrics
+      targetPort: tcp-metrics
   selector: {{- include "common.matchLabels" . | nindent 4 }}
 {{- end }}

diff --git a/kubernetes/common/mariadb-galera/templates/service.yaml b/kubernetes/common/mariadb-galera/templates/service.yaml
index 75aff98..880bc55 100644 (file)
--- a/kubernetes/common/mariadb-galera/templates/service.yaml
+++ b/kubernetes/common/mariadb-galera/templates/service.yaml
@@ -18,3 +18,20 @@
 {{ include "common.service" . }}
 ---
 {{ include "common.headlessService" . }}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+---
+apiVersion: security.istio.io/v1beta1
+kind: PeerAuthentication
+metadata:
+  name: {{ include "common.servicename" . }}
+  namespace: {{ include "common.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.servicename" . }}
+  portLevelMtls:
+    {{ .Values.service.internalPort }}:
+      mode: DISABLE
+{{- end}}
+{{- end}}

diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 22832c9..c95b572 100644 (file)
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -197,12 +197,12 @@ spec:
             - |
               DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS
           ports:
-            - name: metrics
+            - name: tcp-metrics
               containerPort: 9104
           livenessProbe:
             httpGet:
               path: /metrics
-              port: metrics
+              port: tcp-metrics
             initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
             timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
@@ -211,7 +211,7 @@ spec:
           readinessProbe:
             httpGet:
               path: /metrics
-              port: metrics
+              port: tcp-metrics
             initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
             timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}

diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 38f3e6e..d719fb3 100644 (file)
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -89,14 +89,14 @@ service:
   headless: {}
   internalPort: &dbPort 3306
   ports:
-    - name: mysql
+    - name: tcp-mysql
       port: *dbPort
   headlessPorts:
-    - name: galera
+    - name: tcp-galera
       port: 4567
-    - name: ist
+    - name: tcp-ist
       port: 4568
-    - name: sst
+    - name: tcp-sst
       port: 4444
 
 
@@ -380,8 +380,12 @@ updateStrategy:
 
 ## Additional pod annotations for MariaDB Galera pods
 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+## -> here required to enable mariadb-galera in istio
 ##
-podAnnotations: {}
+podAnnotations:
+  #  sidecar.istio.io/inject: "false"
+  traffic.sidecar.istio.io/excludeInboundPorts: "4568"
+  traffic.sidecar.istio.io/includeInboundPorts: '*'
 
 ## Pod affinity preset
 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
@@ -504,14 +508,14 @@ livenessProbe:
   enabled: true
   initialDelaySeconds: 1
   periodSeconds: 10
-  timeoutSeconds: 1
+  timeoutSeconds: 180
   successThreshold: 1
   failureThreshold: 3
 readinessProbe:
   enabled: true
   initialDelaySeconds: 1
   periodSeconds: 10
-  timeoutSeconds: 1
+  timeoutSeconds: 180
   successThreshold: 1
   failureThreshold: 3
 startupProbe:
@@ -520,7 +524,7 @@ startupProbe:
   enabled: true
   initialDelaySeconds: 10
   periodSeconds: 10
-  timeoutSeconds: 1
+  timeoutSeconds: 180
   successThreshold: 1
   # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before
   # stating startup wasn't good (910s per default)
@@ -644,7 +648,7 @@ metrics:
       release: prometheus
 
     ## Rules as a map.
-    rules: {}
+    rules: []
     #  - alert: MariaDB-Down
     #    annotations:
     #      message: 'MariaDB instance {{ $labels.instance }} is down'

diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 96d1dc5..e911d46 100644 (file)
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -59,6 +59,8 @@ spec:
           - /bin/sh
           - -c
           - |
+            {{- if include "common.onServiceMesh" . }}
+            echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
             /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} &&
             /db_config/db_cmd.sh{{ end }}
         env:
@@ -91,6 +93,7 @@ spec:
 {{- end }}
         resources:
 {{ include "common.resources" . | indent 12 }}
+      {{ include "common.waitForJobContainer" . | indent 6 | trim }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}

diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index b2c0a05..9104dd8 100644 (file)
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -117,3 +117,7 @@ resources:
       cpu: 20m
       memory: 20Mi
   unlimited: {}
+
+wait_for_job_container:
+  containers:
+    - '{{ include "common.name" . }}'

diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml
index 50703fb..c9ae94a 100644 (file)
--- a/kubernetes/onap/resources/overrides/environment.yaml
+++ b/kubernetes/onap/resources/overrides/environment.yaml
@@ -136,7 +136,7 @@ dmaap:
       initialDelaySeconds: 120
 mariadb-galera:
   liveness:
-    initialDelaySeconds: 180
+    initialDelaySeconds: 30
     periodSeconds: 60
   mariadb-galera-server:
     liveness: