adding support for EKS 1.23

1f873c4f · Marc Burnie [AWS] · e901feed · 1f873c4f · e901feed · 1f873c4f
Commit 1f873c4f authored 2 years ago by Marc Burnie [AWS]
--- a/devops/aws/chart/Chart.yaml
+++ b/devops/aws/chart/Chart.yaml
 apiVersion: v2
 name: os-partition
 version: __CHART_VERSION__
-kubeVersion: "v1.21.x-x-x"
+kubeVersion: ">= 1.21.x-x-x < 1.24.x-x-x"
 description: Partitions Helm chart for Kubernetes
 type: application
 appVersion: __VERSION__
 dependencies:
  - name: osdu-aws-lib
-    version: 0.1.0
+    version: 0.2.0
    repository:  __HELM_REPO__/osdu-aws-lib/
 deprecated: false
--- a/devops/aws/chart/templates/tests/test-connection.yaml
+++ b/devops/aws/chart/templates/tests/test-connection.yaml
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "common.fullname" . }}-test-connection"
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
--- a/devops/aws/chart/values.schema.json
+++ b/devops/aws/chart/values.schema.json
@@ -6,10 +6,8 @@
        "image",
        "imagePullPolicy",
        "service",
-        "podAnnotations",
        "replicaCount",
-        "serviceAccountRole",
+        "serviceAccountRole"
-        "securityContext"
    ],
    "properties": {
        "image": {
@@ -262,10 +260,10 @@
                "type": "string",
                "title": "Allowed principal",
                "examples": [
-                    "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
+                    "cluster.local/ns/istio-system/sa/istio-ingressgateway",
                    "cluster.local/ns/osdu-services/sa/compliance-queue"
                ]
            }
        }
    }
 }
\ No newline at end of file
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -61,8 +61,6 @@ environmentVariables:
    value: "true"
  - name: MONGODB_ENABLE_TLS
    value: "false"
-podAnnotations: 
-  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
 # Resource Config
 replicaCount: 1
@@ -101,9 +99,13 @@ securityContext:
  capabilities:
    drop:
    - ALL
+podSecurityContext: 
+  fsGroup: 1337
+  seccompProfile:
+    type: RuntimeDefault
 allowedPrincipals:
-  - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+  - cluster.local/ns/istio-system/sa/istio-ingressgateway
  - cluster.local/ns/{{ .Release.Namespace }}/sa/compliance-queue
  - cluster.local/ns/{{ .Release.Namespace }}/sa/compliance-queue-trigger
  - cluster.local/ns/{{ .Release.Namespace }}/sa/indexer-queue