Merge "[AAI] Fix Kyverno Policy violations"

author: Andreas Geissler <andreas-geissler@telekom.de> 2024-12-12 11:34:05 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2024-12-12 11:34:05 +0000
commit: baa6822ac0435a5b4d2e2fc490e238163bedb34c (patch)
tree: d20410331bd422ef20c8f6a7829be88d43c0bb68 /kubernetes/aai/components/aai-resources/templates
parent: 5f8008ea8d1aa700a26b7ced5d43aacbcf23107a (diff)
parent: 23428032527583798d5e42aa96555728cc71a06d (diff)
5 files changed, 23 insertions, 81 deletions
diff --git a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
index 6b703e7cdd..f6063a024d 100644
--- a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
+++ b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
@@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2
 kind: KafkaUser
 metadata:
   name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }}
-  labels:
+  labels: {{- include "common.labels" . | nindent 4 }}
     strimzi.io/cluster: {{ include "common.release" . }}-strimzi
 spec:
   authentication:
diff --git a/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml b/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml
index ed1f8e3ea8..29b191b68d 100644
--- a/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml
@@ -4,11 +4,7 @@ kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "common.fullname" . }}
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+  labels: {{- include "common.labels" . | nindent 4 }}
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
index c3c2262ab9..8e13c8c90d 100644
--- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -20,11 +20,7 @@ kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+  labels: {{- include "common.labels" . | nindent 4 }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 4c6c12b1f4..cb434ed2cd 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -20,20 +20,7 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    app.kubernetes.io/name: {{ include "common.name" . }}
-    {{- if .Chart.AppVersion }}
-    version: "{{ .Chart.AppVersion | replace "+" "_" }}"
-    {{- else }}
-    version: "{{ .Chart.Version | replace "+" "_" }}"
-    {{- end }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
   {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }}
   replicas: 1
@@ -53,19 +40,7 @@ spec:
     matchLabels:
       app: {{ include "common.name" . }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-        app.kubernetes.io/name: {{ include "common.name" . }}
-        {{- if .Chart.AppVersion }}
-        version: "{{ .Chart.AppVersion | replace "+" "_" }}"
-        {{- else }}
-        version: "{{ .Chart.Version | replace "+" "_" }}"
-        {{- end }}
-      name: {{ include "common.name" . }}
-      annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
       {{- if .Values.global.msbEnabled }}
         {{ $values := .Values }}
         msb.onap.org/service-info: '[
@@ -99,44 +74,20 @@ spec:
     spec:
       hostname: aai-resources
       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
       initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /app/ready.py
-        args:
-        {{- if .Values.global.jobs.migration.enabled }}
-        - --job-name
-        - {{ include "common.release" . }}-aai-graphadmin-migration
-        {{- else }}
-          {{- if .Values.global.jobs.createSchema.enabled  }}
-        - --job-name
-        - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
-          {{- else }}
-        - --service-name
-        - {{ .Values.global.cassandra.serviceName }}
-        - --service-name
-        - aai-schema-service
-          {{- end }}
-        {{- end }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        resources:
-          limits:
-            cpu: "100m"
-            memory: "500Mi"
-          requests:
-            cpu: "3m"
-            memory: "20Mi"
+      {{- if .Values.global.jobs.migration.enabled }}
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
+      {{- else if .Values.global.jobs.createSchema.enabled  }}
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }}
+      {{- else }}
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ include "common.name" . }}
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
         env:
         {{- if .Values.config.env }}
         {{- range $key,$value := .Values.config.env }}
@@ -189,6 +140,8 @@ spec:
         - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
           name: {{ include "common.fullname" . }}-config
           subPath: application-keycloak.properties
+        - mountPath: /tmp
+          name: tmp
         ports:
         - containerPort: {{ .Values.service.resourcesPort }}
           name: {{ .Values.service.resourcesPortName }}
@@ -252,7 +205,11 @@ spec:
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
       - name: logs
-        emptyDir: {}
+        emptyDir:
+          sizeLimit: {{ .Values.volumes.logSizeLimit }}
+      - name: tmp
+        emptyDir:
+          sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
       - name: {{ include "common.fullname" . }}-config
         configMap:
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 308dc052c8..605679ee52 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -19,12 +19,7 @@ kind: Service
 metadata:
   name: {{ include "common.servicename" . }}
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    app.kubernetes.io/name: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+  labels: {{- include "common.labels" . | nindent 4 }}
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -54,8 +49,6 @@ spec:
     name: {{ .Values.service.metricsPortName }}
     targetPort: {{ .Values.service.metricsPortName }}
   {{- end }}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+  selector: {{- include "common.matchLabels" . | nindent 4 }}
   clusterIP: None
   sessionAffinity: {{ .Values.service.sessionAffinity }}
author	Andreas Geissler <andreas-geissler@telekom.de>	2024-12-12 11:34:05 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2024-12-12 11:34:05 +0000
commit	baa6822ac0435a5b4d2e2fc490e238163bedb34c (patch)
tree	d20410331bd422ef20c8f6a7829be88d43c0bb68 /kubernetes/aai/components/aai-resources/templates
parent	5f8008ea8d1aa700a26b7ced5d43aacbcf23107a (diff)
parent	23428032527583798d5e42aa96555728cc71a06d (diff)