diff options
Diffstat (limited to 'kubernetes/policy/components/policy-opa-pdp/templates')
3 files changed, 7 insertions, 87 deletions
diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml index cc08af6937..1942a59f6f 100755 --- a/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/templates/configmap.yaml @@ -26,17 +26,3 @@ metadata: labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap-policies-data - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} -{{- with .Files.Glob "resources/policies/*" }} -binaryData: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml index 6c25bac01c..90ff759bb8 100755 --- a/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-opa-pdp/templates/deployment.yaml @@ -29,29 +29,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - command: - - /bin/sh - args: - - -c - - | - echo "*** set right permissions to the different folders" - chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /var/log; - chmod -R 755 /var/log - chown -R {{ .Values.permissions.uid }}:{{ .Values.permissions.gid }} /opt/; - chmod -R 755 /opt/* - tar -xvf /tmp/policies/policy-data.tar.gz -C /opt/ - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} - name: {{ include "common.name" . }}-readiness - volumeMounts: - - name: logs - mountPath: /var/log - - name: tmp-policies-data - mountPath: /tmp/policies - - name : opa-policies-data - mountPath: /opt/ - + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} containers: - name: {{ include "common.name" . }} {{ include "common.containerSecurityContext" . | indent 10 | trim }} @@ -65,8 +43,12 @@ spec: value: "{{ .Values.kafka.useSASL }}" - name: KAFKA_URL value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid - name: GROUPID - value: "{{ .Values.kafka.groupid }}" + value: "{{ .Values.groupIdPrefix }}-$(POD_UID)" - name: LOG_LEVEL value: "{{ .Values.log.loglevel }}" - name: PAP_TOPIC @@ -97,15 +79,12 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - - name: opa-policies-data - mountPath: /opt - name: opa-config mountPath: /app/config - name: opa-bundles mountPath: /app/bundles - name: logs - mountPath: /var/log + mountPath: /var/logs resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -117,13 +96,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: tmp-policies-data - configMap: - name: {{ include "common.fullname" . }}-configmap-policies-data - defaultMode: 0755 - - name: opa-policies-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-policies-data - name: opa-config configMap: name: {{ include "common.fullname" . }}-configmap-config diff --git a/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml b/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml deleted file mode 100755 index 5a1e9e3450..0000000000 --- a/kubernetes/policy/components/policy-opa-pdp/templates/pvc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2025 Deutsche Telekom Intellectual Property. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} - -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "common.fullname" . }}-policies-data - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.logsSize }} - storageClassName: {{ include "common.storageClass" . }} - volumeMode: Filesystem - -{{- end }} |