From f10c5555b94780a402c5d62dce1e60dfe12390ec Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Tue, 21 Mar 2023 18:09:46 +0100 Subject: [POLICY] Cleanup of Helmcharts from AAF/TLS options Remove AAF options and Certificate settings Disable Istio Sidecar injection for DB jobs due to problems during DB Migration Extended the timeouts for clamp-runtime-acm Issue-ID: OOM-3120 Signed-off-by: Andreas Geissler Change-Id: I802fa2038535524f4696513acd5aa7772e0a3f35 --- .../components/policy-pap/templates/deployment.yaml | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) (limited to 'kubernetes/policy/components/policy-pap/templates') diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index f29ab865f1..201f48776d 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -77,24 +77,12 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"] -{{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -112,14 +100,13 @@ spec: httpHeaders: - name: Authorization value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} - scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }} + scheme: "HTTP" successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -136,7 +123,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime -- cgit 1.2.3-korg