add pod dependency management via Kyverno init container injection

Kyverno ClusterPolicy reads dependency.kyverno.io/wait-for annotation and injects busybox init containers that block until each dependency is reachable (nc -z). Annotations added to 18 stacks (24 deployments). Includes graceful-db-maintenance.sh script for planned DB maintenance (scales dependents to 0, saves replica counts, restores on startup).
2026-03-15 19:17:44 +00:00 · 2026-03-15 19:17:44 +00:00 · 0f262ceda3
commit 0f262ceda3
parent dc274ab413
22 changed files with 282 additions and 4 deletions
--- a/stacks/platform/modules/monitoring/grafana_chart_values.yaml
+++ b/stacks/platform/modules/monitoring/grafana_chart_values.yaml
@ -18,6 +18,8 @@ topologySpreadConstraints:
    labelSelector:
      matchLabels:
        app.kubernetes.io/name: grafana
+podAnnotations:
+  dependency.kyverno.io/wait-for: "mysql.dbaas:3306"
 podDisruptionBudget:
  maxUnavailable: 1
 persistence: