From fa6edace6e13d4d6cec8e2a242d370e24760805a Mon Sep 17 00:00:00 2001
From: Marc Burnie <mburnie@amazon.com>
Date: Thu, 9 Feb 2023 15:23:20 +0000
Subject: [PATCH] adding support for EKS 1.23
---
devops/aws/chart/Chart.yaml | 4 ++--
.../chart/templates/tests/test-connection.yaml | 15 ---------------
devops/aws/chart/values.schema.json | 6 ++----
devops/aws/chart/values.yaml | 8 +++++---
4 files changed, 9 insertions(+), 24 deletions(-)
delete mode 100644 devops/aws/chart/templates/tests/test-connection.yaml
diff --git a/devops/aws/chart/Chart.yaml b/devops/aws/chart/Chart.yaml
index b919f0be0..c6d4e9a03 100644
--- a/devops/aws/chart/Chart.yaml
+++ b/devops/aws/chart/Chart.yaml
@@ -1,12 +1,12 @@
apiVersion: v2
name: "os-schema"
version: __CHART_VERSION__
-kubeVersion: "v1.21.x-x-x"
+kubeVersion: ">= 1.21.x-x-x < 1.24.x-x-x"
description: Schema Helm Chart for Kubernetes
type: application
appVersion: __VERSION__
dependencies:
- name: osdu-aws-lib
- version: 0.1.0
+ version: 0.2.0
repository: __HELM_REPO__/osdu-aws-lib/
deprecated: false
diff --git a/devops/aws/chart/templates/tests/test-connection.yaml b/devops/aws/chart/templates/tests/test-connection.yaml
deleted file mode 100644
index f341212ea..000000000
--- a/devops/aws/chart/templates/tests/test-connection.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: "{{ include "common.fullname" . }}-test-connection"
- labels:
- {{- include "common.labels" . | nindent 4 }}
- annotations:
- "helm.sh/hook": test
-spec:
- containers:
- - name: wget
- image: busybox
- command: ['wget']
- args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
- restartPolicy: Never
diff --git a/devops/aws/chart/values.schema.json b/devops/aws/chart/values.schema.json
index c3bc0eb63..56b4ef3ad 100644
--- a/devops/aws/chart/values.schema.json
+++ b/devops/aws/chart/values.schema.json
@@ -6,10 +6,8 @@
"image",
"imagePullPolicy",
"service",
- "podAnnotations",
"replicaCount",
- "serviceAccountRole",
- "securityContext"
+ "serviceAccountRole"
],
"properties": {
"image": {
@@ -262,7 +260,7 @@
"type": "string",
"title": "Allowed principal",
"examples": [
- "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
+ "cluster.local/ns/istio-system/sa/istio-ingressgateway",
"cluster.local/ns/osdu-services/sa/compliance-queue"
]
}
diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
index fe2ef9915..24d9eafa4 100644
--- a/devops/aws/chart/values.yaml
+++ b/devops/aws/chart/values.yaml
@@ -26,8 +26,6 @@ environmentVariables:
value: "http://os-entitlements:8080"
- name: PARTITION_BASE_URL
value: http://os-partition:8080
-podAnnotations:
- seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
# Resource Config
replicaCount: 1
@@ -66,9 +64,13 @@ securityContext:
capabilities:
drop:
- ALL
+podSecurityContext:
+ fsGroup: 1337
+ seccompProfile:
+ type: RuntimeDefault
allowedPrincipals:
- - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+ - cluster.local/ns/istio-system/sa/istio-ingressgateway
- cluster.local/ns/{{ .Release.Namespace }}/sa/os-dataset
- cluster.local/ns/{{ .Release.Namespace }}/sa/os-indexer
- cluster.local/ns/os-timeseries-dms/sa/os-timeseries-dms
--
GitLab