Merge branch 'master' into dependency-upgrade

devops/aws/chart/Chart.yaml

 apiVersion: v2
 name: "os-register"
 version: __CHART_VERSION__
-kubeVersion: "v1.21.x-x-x"
+kubeVersion: ">= 1.21.x-x-x < 1.24.x-x-x"
 description: Register Helm Chart for Kubernetes
 type: application
 appVersion: __VERSION__
 dependencies:
   - name: osdu-aws-lib
-    version: 0.1.0
+    version: 0.2.0
     repository: __HELM_REPO__/osdu-aws-lib/
 deprecated: false

devops/aws/chart/templates/tests/test-connection.yaml

-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "common.fullname" . }}-test-connection"
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

devops/aws/chart/values.schema.json

@@ -6,10 +6,8 @@
         "image",
         "imagePullPolicy",
         "service",
-        "podAnnotations",
         "replicaCount",
-        "serviceAccountRole",
-        "securityContext"
+        "serviceAccountRole"
     ],
     "properties": {
         "image": {
@@ -262,10 +260,10 @@
                 "type": "string",
                 "title": "Allowed principal",
                 "examples": [
-                    "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
+                    "cluster.local/ns/istio-system/sa/istio-ingressgateway",
                     "cluster.local/ns/osdu-services/sa/compliance-queue"
                 ]
             }
         }
     }
-}
\ No newline at end of file
+}

devops/aws/chart/values.yaml

@@ -36,8 +36,6 @@ environmentVariables:
     value: "xxx"
   - name: SUBSCRIBER_SECRET
     value: "02030405060708090A0B0C0D0E0F"
-podAnnotations: 
-  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
 
 # Resource Config
 replicaCount: 1
@@ -77,9 +75,13 @@ securityContext:
   capabilities:
     drop:
     - ALL
+podSecurityContext: 
+  fsGroup: 1337
+  seccompProfile:
+    type: RuntimeDefault
 
 allowedPrincipals:
-  - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+  - cluster.local/ns/istio-system/sa/istio-ingressgateway
   - cluster.local/ns/{{ .Release.Namespace }}/sa/os-notification
   - cluster.local/ns/aws-binary-dms/sa/binary-dms
   - cluster.local/ns/osdu-airflow/sa/airflow-dag-upload

devops/gc/deploy/README.md

@@ -48,9 +48,9 @@ First you need to set variables in **values.yaml** file using any code editor. S
 | Name | Description | Type | Default |Required |
 |------|-------------|------|---------|---------|
 **data.image** | your image name | string | - | yes
-**data.requestsCpu** | amount of requests CPU | string | 0.1 | yes
-**data.requestsMemory** | amount of requests memory| string | 384M | yes
-**data.limitsCpu** | CPU limit | string | 1 | yes
+**data.requestsCpu** | amount of requests CPU | string | 1180m | yes
+**data.requestsMemory** | amount of requests memory| string | 750Mi | yes
+**data.limitsCpu** | CPU limit | string | 1.5 | yes
 **data.limitsMemory** | memory limit | string | 1G | yes
 **data.serviceAccountName** | name of your service account | string | register | yes
 **data.imagePullPolicy** | when to pull image | string | IfNotPresent | yes
@@ -72,9 +72,9 @@ First you need to set variables in **values.yaml** file using any code editor. S
 
 | Name | Description | Type | Default |Required |
 |------|-------------|------|---------|---------|
-**istio.proxyCPU** | CPU request for Envoy sidecars | string | 50m | yes
+**istio.proxyCPU** | CPU request for Envoy sidecars | string | 330m | yes
 **istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | 500m | yes
-**istio.proxyMemory** | memory request for Envoy sidecars | string | 64Mi | yes
+**istio.proxyMemory** | memory request for Envoy sidecars | string | 150Mi | yes
 **istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | 512Mi | yes
 
 ### Install the helm chart

devops/gc/deploy/values.yaml

@@ -16,9 +16,9 @@ data:
   kmsKey: "registerService"
   subscriberPrivateKeyId: "testkey"
   # Deployment
-  requestsCpu: "0.1"
-  requestsMemory: "384M"
-  limitsCpu: "1"
+  requestsCpu: "1180m"
+  requestsMemory: "750Mi"
+  limitsCpu: "1.5"
   limitsMemory: "1G"
   serviceAccountName: "register"
   imagePullPolicy: "IfNotPresent"
@@ -33,10 +33,9 @@ conf:
   appName: "register"
   onPremEnabled: false
   domain: ""
-  cicdEnabled: false
 
 istio:
-  proxyCPU: "50m"
+  proxyCPU: "330m"
   proxyCPULimit: "500m"
-  proxyMemory: "64Mi"
+  proxyMemory: "150Mi"
   proxyMemoryLimit: "512Mi"

devops/gc/pipeline/override-stages.yml

@@ -2,8 +2,6 @@ variables:
   GC_SERVICE: register
   GC_VENDOR: gc
   GC_HELM_SETS: "--set data.recordsChangePubsubEndpoint=$RECORDS_CHANGE_PUBSUB_ENDPOINT"
-  # FIXME remove when all services are migrated to a single helm
-  GC_ENABLE_HELM_CONFIG: "false"
 
 gc-anthos-test:
   variables:

provider/register-azure/pom.xml

@@ -80,8 +80,27 @@
             <groupId>org.opengroup.osdu</groupId>
             <artifactId>register-core</artifactId>
             <version>${project.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.security</groupId>
+                    <artifactId>spring-security-web</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.tomcat.embed</groupId>
+                    <artifactId>tomcat-embed-core</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-web</artifactId>
+            <version>5.7.6</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>9.0.70</version>
         </dependency>
-
         <!-- Azure Dependencies -->
         <dependency>
             <groupId>com.azure.spring</groupId>