adding support for EKS 1.23

fa6edace · Marc Burnie [AWS] · b4f0d36b · fa6edace · b4f0d36b · fa6edace
Commit fa6edace authored 2 years ago by Marc Burnie [AWS]
--- a/devops/aws/chart/Chart.yaml
+++ b/devops/aws/chart/Chart.yaml
 apiVersion: v2
 name: "os-schema"
 version: __CHART_VERSION__
-kubeVersion: "v1.21.x-x-x"
+kubeVersion: ">= 1.21.x-x-x < 1.24.x-x-x"
 description: Schema Helm Chart for Kubernetes
 type: application
 appVersion: __VERSION__
 dependencies:
  - name: osdu-aws-lib
-    version: 0.1.0
+    version: 0.2.0
    repository: __HELM_REPO__/osdu-aws-lib/
 deprecated: false
--- a/devops/aws/chart/templates/tests/test-connection.yaml
+++ b/devops/aws/chart/templates/tests/test-connection.yaml
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "common.fullname" . }}-test-connection"
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never
--- a/devops/aws/chart/values.schema.json
+++ b/devops/aws/chart/values.schema.json
@@ -6,10 +6,8 @@
        "image",
        "imagePullPolicy",
        "service",
-        "podAnnotations",
        "replicaCount",
-        "serviceAccountRole",
-        "securityContext"
+        "serviceAccountRole"
    ],
    "properties": {
        "image": {
@@ -262,7 +260,7 @@
                "type": "string",
                "title": "Allowed principal",
                "examples": [
-                    "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
+                    "cluster.local/ns/istio-system/sa/istio-ingressgateway",
                    "cluster.local/ns/osdu-services/sa/compliance-queue"
                ]
            }

--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -26,8 +26,6 @@ environmentVariables:
    value: "http://os-entitlements:8080"
  - name: PARTITION_BASE_URL
    value: http://os-partition:8080
-podAnnotations: 
-  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"

 # Resource Config
 replicaCount: 1
@@ -66,9 +64,13 @@ securityContext:
  capabilities:
    drop:
    - ALL
+podSecurityContext: 
+  fsGroup: 1337
+  seccompProfile:
+    type: RuntimeDefault

 allowedPrincipals:
-  - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+  - cluster.local/ns/istio-system/sa/istio-ingressgateway
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-dataset
  - cluster.local/ns/{{ .Release.Namespace }}/sa/os-indexer
  - cluster.local/ns/os-timeseries-dms/sa/os-timeseries-dms