add pod dependency management via Kyverno init container injection

Kyverno ClusterPolicy reads dependency.kyverno.io/wait-for annotation and injects busybox init containers that block until each dependency is reachable (nc -z). Annotations added to 18 stacks (24 deployments). Includes graceful-db-maintenance.sh script for planned DB maintenance (scales dependents to 0, saves replica counts, restores on startup).
2026-03-15 19:17:44 +00:00 · 2026-03-15 19:17:44 +00:00 · 0f262ceda3
commit 0f262ceda3
parent dc274ab413
22 changed files with 282 additions and 4 deletions
--- a/stacks/dawarich/main.tf
+++ b/stacks/dawarich/main.tf
@ -84,6 +84,7 @@ resource "kubernetes_deployment" "dawarich" {
        annotations = {
          # "diun.enable"          = "true"
          # "diun.include_tags"    = "latest"
+          "dependency.kyverno.io/wait-for" = "postgresql.dbaas:5432,redis.redis:6379"
        }
      }
      spec {