From c72ce8bed13cc6a2ce711832dbf6778e0f8bbaf9 Mon Sep 17 00:00:00 2001
From: "Marc Burnie [AWS]" <mburnie@amazon.com>
Date: Fri, 10 Feb 2023 18:02:04 +0000
Subject: [PATCH] Merge branch 'aws-integration' into 'master'

Adding support for EKS 1.23

See merge request osdu/platform/system/notification!342

(cherry picked from commit af389b855cb94a0c2670e72c4f39be43eab5238d)

0d1e304d upgrade dependencies
d75a3313 Merge branch 'master' into master-dev-merge-bios
2ed13075 Merge branch 'master' into master-dev-merge-bios
a1c4bdfc Merge remote-tracking branch 'origin/master' into master-dev-merge
3f1ce709 Merge remote-tracking branch 'origin/master' into master-dev-merge
53e78452 Fix Spring vulnerabilities
af1ef586 Merge remote-tracking branch 'origin/master' into master-dev-merge
2d1118dc Fix Spring vulnerabilities
f906fbca Update core common lib version and fix vulnerable libs
401f4816 Merge remote-tracking branch 'origin/master' into master-dev-merge
c760a4fa Update versions of vulnerable libs
03800aeb Set pathmatch strategy to ant-path-matcher
ce91a89b Migration from Springfox to springdoc-openapi
5015de1f Merge remote-tracking branch 'origin/master' into master-dev-merge
c2adc600 Merge remote-tracking branch 'origin/master' into master-dev-merge
f1a80d83 Merge remote-tracking branch 'origin/master' into master-dev-merge
a7338ad1 adding support for EKS 1.23
a98c7c76 Update NOTICE
---
 devops/aws/chart/Chart.yaml                       |  4 ++--
 .../chart/templates/tests/test-connection.yaml    | 15 ---------------
 devops/aws/chart/values.schema.json               |  6 ++----
 devops/aws/chart/values.yaml                      |  8 +++++---
 4 files changed, 9 insertions(+), 24 deletions(-)
 delete mode 100644 devops/aws/chart/templates/tests/test-connection.yaml

diff --git a/devops/aws/chart/Chart.yaml b/devops/aws/chart/Chart.yaml
index ab059d183..851a59075 100644
--- a/devops/aws/chart/Chart.yaml
+++ b/devops/aws/chart/Chart.yaml
@@ -1,12 +1,12 @@
 apiVersion: v2
 name: "os-notification"
 version: __CHART_VERSION__
-kubeVersion: "v1.21.x-x-x"
+kubeVersion: ">= 1.21.x-x-x < 1.24.x-x-x"
 description: Notification Helm Chart for Kubernetes
 type: application
 appVersion: __VERSION__
 dependencies:
   - name: osdu-aws-lib
-    version: 0.1.0
+    version: 0.2.0
     repository: __HELM_REPO__/osdu-aws-lib/
 deprecated: false
diff --git a/devops/aws/chart/templates/tests/test-connection.yaml b/devops/aws/chart/templates/tests/test-connection.yaml
deleted file mode 100644
index f341212ea..000000000
--- a/devops/aws/chart/templates/tests/test-connection.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "common.fullname" . }}-test-connection"
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
diff --git a/devops/aws/chart/values.schema.json b/devops/aws/chart/values.schema.json
index c3bc0eb63..56b4ef3ad 100644
--- a/devops/aws/chart/values.schema.json
+++ b/devops/aws/chart/values.schema.json
@@ -6,10 +6,8 @@
         "image",
         "imagePullPolicy",
         "service",
-        "podAnnotations",
         "replicaCount",
-        "serviceAccountRole",
-        "securityContext"
+        "serviceAccountRole"
     ],
     "properties": {
         "image": {
@@ -262,7 +260,7 @@
                 "type": "string",
                 "title": "Allowed principal",
                 "examples": [
-                    "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
+                    "cluster.local/ns/istio-system/sa/istio-ingressgateway",
                     "cluster.local/ns/osdu-services/sa/compliance-queue"
                 ]
             }
diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index b5242dd0f..a8b091f4a 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -27,8 +27,6 @@ environmentVariables:
     value: "http://os-entitlements:8080"
   - name: REGISTER_BASE_URL
     value: http://os-register:8080
-podAnnotations: 
-  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
 
 # Resource Config
 replicaCount: 1
@@ -69,9 +67,13 @@ securityContext:
   capabilities:
     drop:
     - ALL
+podSecurityContext: 
+  fsGroup: 1337
+  seccompProfile:
+    type: RuntimeDefault
 
 allowedPrincipals:
-  - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+  - cluster.local/ns/istio-system/sa/istio-ingressgateway
   - cluster.local/ns/aws-binary-dms/sa/binary-dms
   - cluster.local/ns/osdu-airflow/sa/airflow-dag-upload
   - cluster.local/ns/osdu-ingest/sa/os-data-workflow
-- 
GitLab