From e399b1a89f4be4e1a3a493acae8460d455235bd4 Mon Sep 17 00:00:00 2001
From: "Marc Burnie [AWS]" <mburnie@amazon.com>
Date: Fri, 10 Feb 2023 20:11:27 +0000
Subject: [PATCH] Merge branch 'aws-integration-eks' into 'master'
Adding support for EKS 1.23
See merge request osdu/platform/system/indexer-service!481
(cherry picked from commit e8a23c6b26c23115437b8be3843c15af7510e705)
7630850b adding support for EKS 1.23
---
devops/aws/chart/Chart.yaml | 4 ++--
.../chart/templates/tests/test-connection.yaml | 15 ---------------
devops/aws/chart/values.schema.json | 8 +++-----
devops/aws/chart/values.yaml | 8 +++++---
4 files changed, 10 insertions(+), 25 deletions(-)
delete mode 100644 devops/aws/chart/templates/tests/test-connection.yaml
diff --git a/devops/aws/chart/Chart.yaml b/devops/aws/chart/Chart.yaml
index 5fbb0d73c..2afc719c5 100644
--- a/devops/aws/chart/Chart.yaml
+++ b/devops/aws/chart/Chart.yaml
@@ -1,12 +1,12 @@
apiVersion: v2
name: "os-indexer"
version: __CHART_VERSION__
-kubeVersion: "v1.21.x-x-x"
+kubeVersion: ">= 1.21.x-x-x < 1.24.x-x-x"
description: Indexer Helm Chart for Kubernetes
type: application
appVersion: __VERSION__
dependencies:
- name: osdu-aws-lib
- version: 0.1.0
+ version: 0.2.0
repository: __HELM_REPO__/osdu-aws-lib/
deprecated: false
diff --git a/devops/aws/chart/templates/tests/test-connection.yaml b/devops/aws/chart/templates/tests/test-connection.yaml
deleted file mode 100644
index f341212ea..000000000
--- a/devops/aws/chart/templates/tests/test-connection.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: "{{ include "common.fullname" . }}-test-connection"
- labels:
- {{- include "common.labels" . | nindent 4 }}
- annotations:
- "helm.sh/hook": test
-spec:
- containers:
- - name: wget
- image: busybox
- command: ['wget']
- args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
- restartPolicy: Never
diff --git a/devops/aws/chart/values.schema.json b/devops/aws/chart/values.schema.json
index c3bc0eb63..d01920940 100644
--- a/devops/aws/chart/values.schema.json
+++ b/devops/aws/chart/values.schema.json
@@ -6,10 +6,8 @@
"image",
"imagePullPolicy",
"service",
- "podAnnotations",
"replicaCount",
- "serviceAccountRole",
- "securityContext"
+ "serviceAccountRole"
],
"properties": {
"image": {
@@ -262,10 +260,10 @@
"type": "string",
"title": "Allowed principal",
"examples": [
- "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
+ "cluster.local/ns/istio-system/sa/istio-ingressgateway",
"cluster.local/ns/osdu-services/sa/compliance-queue"
]
}
}
}
-}
\ No newline at end of file
+}
diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index 0032504fe..1712d51d2 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -64,8 +64,6 @@ environmentVariables:
value: "true"
- name: PARAMETER_MOUNT_PATH
value: "/mnt/params"
-podAnnotations:
- seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
# Resource Config
replicaCount: 1
@@ -92,8 +90,12 @@ securityContext:
capabilities:
drop:
- ALL
+podSecurityContext:
+ fsGroup: 1337
+ seccompProfile:
+ type: RuntimeDefault
allowedPrincipals:
- - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+ - cluster.local/ns/istio-system/sa/istio-ingressgateway
- cluster.local/ns/{{ .Release.Namespace }}/sa/indexer-queue
- cluster.local/ns/aws-binary-dms/sa/binary-dms
- cluster.local/ns/osdu-airflow/sa/airflow-dag-upload
--
GitLab