aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/components/aai-sparky-be
diff options
context:
space:
mode:
authorAndreas Seelinger <andreas.seelinger@accenture.com>2024-11-07 10:20:07 +0100
committerAndreas Seelinger <andreas.seelinger@accenture.com>2024-12-09 12:53:21 +0100
commit23428032527583798d5e42aa96555728cc71a06d (patch)
tree82bdc7d9ff753088772a839cfffb6d09592362dd /kubernetes/aai/components/aai-sparky-be
parent64e996851eb741093e18b8c9948f23dd91b26d96 (diff)
[AAI] Fix Kyverno Policy violations
- Refactored code for readiness check and use library readinessCheck - Fixed securityContext settings - Limit emptyVolume size and make it configurable - Important: Need to use aai-haproxy docker image version >= 1.15.2 - Refactore meta labels and use common.labels instead Issue-ID: AAI-4044 Change-Id: I346316e64cb67222836951cf12b3772bbf509c6a Signed-off-by: Andreas Seelinger <andreas.seelinger@accenture.com>
Diffstat (limited to 'kubernetes/aai/components/aai-sparky-be')
-rw-r--r--kubernetes/aai/components/aai-sparky-be/Chart.yaml5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml9
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml30
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml20
4 files changed, 29 insertions, 35 deletions
diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
index 9c9185baf3..074e266228 100644
--- a/kubernetes/aai/components/aai-sparky-be/Chart.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP AAI sparky-be
name: aai-sparky-be
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
@@ -29,3 +29,6 @@ dependencies:
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
index 7c958fa410..407850eb7f 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -17,13 +17,6 @@
---
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 28fe1d5c99..ede5b60676 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -38,32 +38,14 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - command:
- - /app/ready.py
- args:
- - --service-name
- - aai
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- sh
args:
@@ -158,9 +140,11 @@ spec:
configMap:
name: {{ include "common.fullname" . }}
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: modeldir
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.modeldirSizeLimit }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index c4b90d30ca..9cbe9e5fd2 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -128,23 +128,24 @@ serviceMesh:
podAnnotations:
sidecar.istio.io/rewriteAppHTTPProbers: "false"
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
small:
limits:
- cpu: "0.5"
+ cpu: "500m"
memory: "4Gi"
requests:
- cpu: "0.25"
+ cpu: "250m"
memory: "1Gi"
large:
limits:
cpu: "1"
memory: "8Gi"
requests:
- cpu: "0.5"
+ cpu: "500m"
memory: "2Gi"
unlimited: {}
@@ -158,3 +159,16 @@ serviceAccount:
log:
path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 64Mi
+ modeldirSizeLimit: 64Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for:
+ services:
+ - aai