Mark job pods not to use Istio's envoy sidecar (#18415)

* Mark job pods not to use Istio's envoy sidecar

Istio injects sidecars into pods to implement mTLS between pods. Jobs
usually don't know about this, so they don't signal the Envoy process
to stop when the job finishes. Since at least one process is running
in the pod, Kubernetes doesn't consider the job to be completed, so it
lingers.

By adding the `sidecar.istio.io/inject` annotation set to `"false"`,
we let Istio know that it should not inject the sidecar. If Istio is
not installed, then this has no impact.

* Support arbitrary job annotations in the Helm chart

Rather than focus on Istio, this allows arbitrary annotations for job pods.

* Add in-line documentation for pod/job annotations
This commit is contained in:
James Smith 2022-08-24 22:40:38 -04:00 committed by GitHub
parent 87c468bb28
commit 96f5d87ba4
6 changed files with 26 additions and 0 deletions

View File

@ -12,6 +12,10 @@ spec:
template: template:
metadata: metadata:
name: {{ include "mastodon.fullname" . }}-media-remove name: {{ include "mastodon.fullname" . }}-media-remove
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec: spec:
restartPolicy: OnFailure restartPolicy: OnFailure
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not .Values.mastodon.s3.enabled) }}

View File

@ -12,6 +12,10 @@ spec:
template: template:
metadata: metadata:
name: {{ include "mastodon.fullname" . }}-assets-precompile name: {{ include "mastodon.fullname" . }}-assets-precompile
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not .Values.mastodon.s3.enabled) }}

View File

@ -13,6 +13,10 @@ spec:
template: template:
metadata: metadata:
name: {{ include "mastodon.fullname" . }}-chewy-upgrade name: {{ include "mastodon.fullname" . }}-chewy-upgrade
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not .Values.mastodon.s3.enabled) }}

View File

@ -13,6 +13,10 @@ spec:
template: template:
metadata: metadata:
name: {{ include "mastodon.fullname" . }}-create-admin name: {{ include "mastodon.fullname" . }}-create-admin
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not .Values.mastodon.s3.enabled) }}

View File

@ -12,6 +12,10 @@ spec:
template: template:
metadata: metadata:
name: {{ include "mastodon.fullname" . }}-db-migrate name: {{ include "mastodon.fullname" . }}-db-migrate
{{- with .Values.jobAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if (not .Values.mastodon.s3.enabled) }} {{- if (not .Values.mastodon.s3.enabled) }}

View File

@ -281,8 +281,14 @@ serviceAccount:
# If not set and create is true, a name is generated using the fullname template # If not set and create is true, a name is generated using the fullname template
name: "" name: ""
# Kubernetes manages pods for jobs and pods for deployments differently, so you might
# need to apply different annotations to the two different sets of pods. The annotations
# set with podAnnotations will be added to all deployment-managed pods.
podAnnotations: {} podAnnotations: {}
# The annotations set with jobAnnotations will be added to all job pods.
jobAnnotations: {}
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little