diff options
| author |   Andreas Seelinger <andreas.seelinger@accenture.com> | 2024-11-07 10:20:07 +0100 |
|---|---|---|
| committer | Andreas Seelinger <andreas.seelinger@accenture.com> | 2024-12-09 12:53:21 +0100 |
| commit | 23428032527583798d5e42aa96555728cc71a06d (patch) | |
| tree | 82bdc7d9ff753088772a839cfffb6d09592362dd /kubernetes/aai/values.yaml | |
| parent | 64e996851eb741093e18b8c9948f23dd91b26d96 (diff) | |
[AAI] Fix Kyverno Policy violations
- Refactored code for readiness check and use library readinessCheck
- Fixed securityContext settings
- Limit emptyVolume size and make it configurable
- Important: Need to use aai-haproxy docker image version >= 1.15.2
- Refactore meta labels and use common.labels instead
Issue-ID: AAI-4044
Change-Id: I346316e64cb67222836951cf12b3772bbf509c6a
Signed-off-by: Andreas Seelinger <andreas.seelinger@accenture.com>
Diffstat (limited to 'kubernetes/aai/values.yaml')
| -rw-r--r-- | kubernetes/aai/values.yaml | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index e129220e23..a000d2f934 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -309,7 +309,7 @@ aai-traversal: # application image dockerhubRepository: registry.hub.docker.com -image: onap/aai-haproxy:1.11.0 +image: onap/aai-haproxy:1.15.2 pullPolicy: Always flavor: small @@ -321,6 +321,9 @@ debugEnabled: false config: logstashServiceName: log-ls logstashPort: 5044 + # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file. + # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same. + NAME_SERVER: coredns.kube-system # default number of instances replicaCount: 1 @@ -408,9 +411,9 @@ metrics: selector: app: '{{ include "common.name" . }}-metrics' - chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - release: '{{ include "common.release" . }}' - heritage: '{{ .Release.Service }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' relabelings: [] @@ -459,15 +462,15 @@ resources: cpu: "2" memory: "4Gi" requests: - cpu: "1" - memory: "1.2Gi" + cpu: "500m" + memory: "1200Mi" large: limits: cpu: "4" memory: "8Gi" requests: - cpu: "2" - memory: "2.4Gi" + cpu: "1" + memory: "2400Mi" unlimited: {} #Pods Service Account @@ -475,3 +478,20 @@ serviceAccount: nameOverride: aai roles: - read + +securityContext: + user_id: 99 + group_id: 99 + +readinessCheck: + wait_for: + services: + - aai-resources + - aai-traversal + - aai-graphadmin + +volumes: + haProxySizeLimit: 20Mi + +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' |