[POLICY] Fix Kyverno Policy violations
- Add "archive" folder for removed policy-gui charts
- Update all deployments/jobs to fix policies
- Correct KafkaUser definition to avoid deprecated attribute
- update xacml-pdp deployment to work with readOnlyFilesystem setting
Issue-ID: OOM-3307
Change-Id: I579062c1c49923666c1d836f7324c8bbd7b88695
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index ae216a2..18ddfdf 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -147,6 +148,18 @@
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+ policyDir:
+ sizeLimit: 100Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
@@ -194,5 +207,3 @@
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
-
-