khansaad commented 1 month ago

Add `initContainer` in Kruize pod to check postGres pod readiness

Description

This PR will do the following changes -

update Kruize deployment section in both minikube and openshift manifest yamls to have an initContainer which checks for the postgres pod service based and starts the main kruize container only when a successful connection is established.

Type of change

[ ] Refactoring Code
[x] New feature

How has this been tested?

Openshift ( ResourceHub cluster)/Minikube: Skipped the postgres installation first to deliberately fail the init container and restored it again to see the working of initContainer before starting the kruize pod

Test Configuration

Kubernetes clusters tested on: Minikube and Openshift

Checklist :dart:

[X] Followed coding guidelines
[X] Comments added
[ ] Dependent changes merged
[ ] Documentation updated
[ ] Tests added or updated

Additional information

khansaad commented 1 month ago

@msvinaykumar Tested it on resource hub cluster, able to see it working on openshift as well

saakhan:autotune$ ./deploy.sh -m crc -c openshift -i quay.io/kruize/autotune_operator:0.0.22_mvp

###   Installing kruize for openshift

use yaml build - 0
Warning: resource namespaces/openshift-tuning is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
namespace/openshift-tuning configured
serviceaccount/kruize-sa created
clusterrolebinding.rbac.authorization.k8s.io/autotune-scc-crb created
storageclass.storage.k8s.io/manual created
persistentvolume/postgres-pv-volume created
persistentvolumeclaim/postgres-pv-claim created
configmap/kruizeconfig created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "postgres" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "postgres" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "postgres" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "postgres" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/postgres-deployment created
service/postgres-service created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "wait-for-postgres", "kruize" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "wait-for-postgres", "kruize" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "wait-for-postgres", "kruize" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "wait-for-postgres", "kruize" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/kruize created
service/kruize created
cronjob.batch/create-partition-cronjob created
cronjob.batch/kruize-delete-partition-cronjob created
servicemonitor.monitoring.coreos.com/kruize-service-monitor created
configmap/nginx-config created
service/kruize-ui-nginx-service created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "kruize-ui-nginx-container" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "kruize-ui-nginx-container" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "kruize-ui-nginx-container" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "kruize-ui-nginx-container" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
pod/kruize-ui-nginx-pod created
clusterrolebinding.rbac.authorization.k8s.io/kruize-monitoring-view created
Info: Waiting for kruize to come up.....
kruize-578b775f9d-lhbwq               0/1     Init:0/1            0          9s
kruize-578b775f9d-lhbwq               0/1     PodInitializing   0          16s
kruize-578b775f9d-lhbwq               1/1     Running   0          22s
Info: kruize deploy succeeded: Running
kruize-578b775f9d-lhbwq               1/1     Running   0          25s
kruize-ui-nginx-pod                   1/1     Running   0          19s

saakhan:autotune$ oc get pods
NAME                                  READY   STATUS    RESTARTS   AGE
kruize-578b775f9d-lhbwq               1/1     Running   0          32s
kruize-ui-nginx-pod                   1/1     Running   0          26s
postgres-deployment-79cd88468-47p6z   1/1     Running   0          33s

dinogun commented 3 weeks ago

@khansaad can we change the name of the postgres service to kruize-db or something like that. The current naming convention makes this ambiguous as to which deployment that it belong to

khansaad commented 3 weeks ago

@khansaad can we change the name of the postgres service to kruize-db or something like that. The current naming convention makes this ambiguous as to which deployment that it belong to

Updated now!

dinogun commented 3 weeks ago

@khansaad can we change the name of the postgres service to kruize-db or something like that. The current naming convention makes this ambiguous as to which deployment that it belong to

Updated now!

@khansaad Thanks for the update, can you also change the name of postgres-deployment

khansaad commented 3 weeks ago

@khansaad can we change the name of the postgres service to kruize-db or something like that. The current naming convention makes this ambiguous as to which deployment that it belong to

Updated now!

@khansaad Thanks for the update, can you also change the name of postgres-deployment

Done!

dinogun commented 3 weeks ago

@khansaad Sorry can you grep for the name postgres in the manifest files and update it something more relevant wherever appropriate, thanks!

dinogun commented 3 weeks ago

@khansaad Looks like the PR check test scripts might need to be updated as well

kruize / autotune