From 1165943968f8c79cfaccf30c392b14b4930d68e6 Mon Sep 17 00:00:00 2001 From: James Smith <119005+jgsmith@users.noreply.github.com> Date: Wed, 24 Aug 2022 22:40:38 -0400 Subject: [PATCH] Mark job pods not to use Istio's envoy sidecar (#18415) * Mark job pods not to use Istio's envoy sidecar Istio injects sidecars into pods to implement mTLS between pods. Jobs usually don't know about this, so they don't signal the Envoy process to stop when the job finishes. Since at least one process is running in the pod, Kubernetes doesn't consider the job to be completed, so it lingers. By adding the `sidecar.istio.io/inject` annotation set to `"false"`, we let Istio know that it should not inject the sidecar. If Istio is not installed, then this has no impact. * Support arbitrary job annotations in the Helm chart Rather than focus on Istio, this allows arbitrary annotations for job pods. * Add in-line documentation for pod/job annotations --- chart/templates/cronjob-media-remove.yaml | 4 ++++ chart/templates/job-assets-precompile.yaml | 4 ++++ chart/templates/job-chewy-upgrade.yaml | 4 ++++ chart/templates/job-create-admin.yaml | 4 ++++ chart/templates/job-db-migrate.yaml | 4 ++++ chart/values.yaml | 6 ++++++ 6 files changed, 26 insertions(+) diff --git a/chart/templates/cronjob-media-remove.yaml b/chart/templates/cronjob-media-remove.yaml index 726e100cf8d..160aee20421 100644 --- a/chart/templates/cronjob-media-remove.yaml +++ b/chart/templates/cronjob-media-remove.yaml @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-media-remove + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 12 }} + {{- end }} spec: restartPolicy: OnFailure {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/chart/templates/job-assets-precompile.yaml b/chart/templates/job-assets-precompile.yaml index 4aa8d1407c4..faa51a20d9d 100644 --- a/chart/templates/job-assets-precompile.yaml +++ b/chart/templates/job-assets-precompile.yaml @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-assets-precompile + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/chart/templates/job-chewy-upgrade.yaml b/chart/templates/job-chewy-upgrade.yaml index 16b4f75a7db..ae6fb38e129 100644 --- a/chart/templates/job-chewy-upgrade.yaml +++ b/chart/templates/job-chewy-upgrade.yaml @@ -13,6 +13,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-chewy-upgrade + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/chart/templates/job-create-admin.yaml b/chart/templates/job-create-admin.yaml index 486c0c35726..659c00671fc 100644 --- a/chart/templates/job-create-admin.yaml +++ b/chart/templates/job-create-admin.yaml @@ -13,6 +13,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-create-admin + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/chart/templates/job-db-migrate.yaml b/chart/templates/job-db-migrate.yaml index 41ece64a2a1..8e4f70dfb1d 100644 --- a/chart/templates/job-db-migrate.yaml +++ b/chart/templates/job-db-migrate.yaml @@ -12,6 +12,10 @@ spec: template: metadata: name: {{ include "mastodon.fullname" . }}-db-migrate + {{- with .Values.jobAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: restartPolicy: Never {{- if (not .Values.mastodon.s3.enabled) }} diff --git a/chart/values.yaml b/chart/values.yaml index bd723567f0f..4b18a9dfa5e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -281,8 +281,14 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +# Kubernetes manages pods for jobs and pods for deployments differently, so you might +# need to apply different annotations to the two different sets of pods. The annotations +# set with podAnnotations will be added to all deployment-managed pods. podAnnotations: {} +# The annotations set with jobAnnotations will be added to all job pods. +jobAnnotations: {} + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little