From 23428032527583798d5e42aa96555728cc71a06d Mon Sep 17 00:00:00 2001
From: Andreas Seelinger <andreas.seelinger@accenture.com>
Date: Thu, 7 Nov 2024 10:20:07 +0100
Subject: [AAI] Fix Kyverno Policy violations

- Refactored code for readiness check and use library readinessCheck
- Fixed securityContext settings
- Limit emptyVolume size and make it configurable
- Important: Need to use aai-haproxy docker image version >= 1.15.2
- Refactore meta labels and use common.labels instead

Issue-ID: AAI-4044
Change-Id: I346316e64cb67222836951cf12b3772bbf509c6a
Signed-off-by: Andreas Seelinger <andreas.seelinger@accenture.com>
---
 .../templates/job-copy-db-backup.yaml              | 33 ++++------------------
 1 file changed, 5 insertions(+), 28 deletions(-)

(limited to 'kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml')

diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index 3f0c4e11e5..1cc431c94f 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -41,11 +41,7 @@ kind: Job
 metadata:
   name: {{ include "common.fullname" . }}-db-backup
   namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}-job
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+  labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }}
   annotations:
     "helm.sh/hook": pre-upgrade,pre-install
     "helm.sh/hook-weight": "2"
@@ -54,38 +50,19 @@ spec:
   backoffLimit: 20
   template:
     metadata:
-      labels:
-        app: {{ include "common.name" . }}-job
-        release: {{ include "common.release" . }}
+      labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
       name: {{ include "common.name" . }}
     spec:
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
       initContainers:
       {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
-      - command:
-        - /bin/bash
-        - -c
-        - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-db-backup-readiness
-        resources:
-          limits:
-            cpu: "100m"
-            memory: "500Mi"
-          requests:
-            cpu: "3m"
-            memory: "20Mi"
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 6 | trim}}
       {{- end }}
       containers:
       - name: {{ include "common.name" . }}-db-backup-job
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
         command:
         - sh
         args:
-- 
cgit 1.2.3-korg