Closed dhanoa11 closed 3 years ago
Anyone has any clue, this is a showstopper for us and we cannot progress with installation. I am keen to understand if the above image is always pulled each time when the pods (web and stream) always pull this image even when the image is available on the disk on the node?
From the templates it looks to be part of the installer so it doesn't seems like it would be pulled for web and stream, unless it's a install-deploy.
Inspecting the image provided this url label: https://github.com/dcasavant/k8s-wait-for. It looks useful!
its part of the deployment for web (see below). I managed to supply the name of my image by updating _helpers.tpl and define a template as follow
{{- define "waitForPegaDBInstall" -}}
command: ['sh', '-c', 'until $(wget -q -S --spider --timeout=2 -O /dev/null {{ .Values.pegasearch.externalURL }}); do echo Waiting for search to become live...; sleep 10; done;'] {{- end }}
kind: Deployment apiVersion: apps/v1 metadata: name: pega-web namespace: pega labels: app: pega-web component: Pega spec:
replicas: 2 progressDeadlineSeconds: 2147483647 selector: matchLabels: app: pega-web strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: pega-web annotations: config-check: e46251f4b31f407a229e324383973990babed1ce565cb4e6813494b97a2a7d06 revision: "1"
spec:
volumes:
# Volume used to mount config files.
- name: pega-volume-config
configMap:
# This name will be referred in the volume mounts kind.
name: pega-web
# Used to specify permissions on files within the volume.
defaultMode: 420
- name: pega-volume-credentials
secret:
# This name will be referred in the volume mounts kind.
secretName: pega-credentials-secret
# Used to specify permissions on files within the volume.
defaultMode: 420
initContainers:
**- name: wait-for-pegainstall
image: dcasavant/k8s-wait-for
args: [ 'job', 'pega-db-install']**
- name: wait-for-pegasearch
image: busybox:1.31.0
# Init container for waiting for Elastic Search to initialize. The URL should point at your Elastic Search instance.
command: ['sh', '-c', 'until $(wget -q -S --spider --timeout=2 -O /dev/null http://pega-search); do echo Waiting for search to become live...; sleep 10; done;']
containers:
# Name of the container
- name: pega-web-tomcat
# The pega image, you may use the official pega distribution or you may extend
# and host it yourself. See the image documentation for more information.
image: austrac/pega:8.5.1
# Pod (app instance) listens on this port
ports:
- containerPort: 8080
name: pega-web-port
# Specify any of the container environment variables here
env:
# Node type of the Pega nodes for pega-web
- name: NODE_TYPE
value: WebUser
- name: PEGA_APP_CONTEXT_PATH
value: prweb
- name: REQUESTOR_PASSIVATION_TIMEOUT
value: "900"
# Additional JVM arguments
- name: JAVA_OPTS
value: ""
# Initial JVM heap size, equivalent to -Xms
- name: INITIAL_HEAP
value: "4096m"
# Maximum JVM heap size, equivalent to -Xmx
- name: MAX_HEAP
value: "7168m"
# Tier of the Pega node
- name: NODE_TIER
value: web
envFrom:
- configMapRef:
name: pega-environment-config
resources:
# Maximum CPU and Memory that the containers for pega-web can use
limits:
cpu: 4
memory: "8Gi"
# CPU and Memory that the containers for pega-web request
requests:
cpu: 2
memory: "6Gi"
volumeMounts:
# The given mountpath is mapped to volume with the specified name. The config map files are mounted here.
- name: pega-volume-config
mountPath: "/opt/pega/config"
- name: pega-volume-credentials
mountPath: "/opt/pega/secrets"
# LivenessProbe: indicates whether the container is live, i.e. running.
livenessProbe:
httpGet:
path: "/prweb/PRRestService/monitor/pingService/ping"
port: 8080
scheme: HTTP
initialDelaySeconds: 300
timeoutSeconds: 20
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
# ReadinessProbe: indicates whether the container is ready to service requests.
readinessProbe:
httpGet:
path: "/prweb/PRRestService/monitor/pingService/ping"
port: 8080
scheme: HTTP
initialDelaySeconds: 300
timeoutSeconds: 20
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
# Mentions the restart policy to be followed by the pod. 'Always' means that a new pod will always be created irrespective of type of the failure.
restartPolicy: Always
# Amount of time in which container has to gracefully shutdown.
terminationGracePeriodSeconds: 300
# Secret which is used to pull the image from the repository. This secret contains docker login details for the particular user.
# If the image is in a protected registry, you must specify a secret to access it.
imagePullSecrets:
- name: pega-registry-secret
https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/templates/pega-tier-deployment.yaml ^^^looks to be deciding on what the container waitlist should be.
If you are providing your own image double check that it is being used in the deployment. The installer seems to be using a different container for the wait than the other tiers. One is busybox based and CMD and the other looks to be an Alpine box and using a wait-for.sh entrypoint.
If you run the install and deploy separately, this image is not required. @dhanoa11, Please try running these as separate actions and see if that resolves your block.
@dhanoa11 did @dcasavant 's suggestion unblock you?
running installed and deploy separately
Pega image is pulling **dcasavant/k8s-wait-for** which is not accessible from private registry and has raised some concerns.
What is the purpose of this image? Can client supply another image instead of this image?