From 824f168efc4bef03981b19d5212c1e69eacd26dc Mon Sep 17 00:00:00 2001 From: Andrii Ostapenko Date: Mon, 6 Jul 2020 14:50:07 -0500 Subject: [PATCH] Undo octal-values restriction together with corresponding code Unrestrict octal values rule since benefits of file modes readability exceed possible issues with yaml 1.2 adoption in future k8s versions. These issues will be addressed when/if they occur. Also ensure osh-infra is a required project for lint job, that matters when running job against another project. Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da Signed-off-by: Andrii Ostapenko --- calico/templates/daemonset-calico-node.yaml | 6 +++--- calico/templates/deployment-calico-kube-controllers.yaml | 2 +- calico/templates/job-calico-settings.yaml | 2 +- ceph-client/templates/cronjob-checkPGs.yaml | 4 ++-- ceph-client/templates/cronjob-defragosds.yaml | 2 +- ceph-client/templates/deployment-checkdns.yaml | 2 +- ceph-client/templates/deployment-mds.yaml | 4 ++-- ceph-client/templates/deployment-mgr.yaml | 4 ++-- ceph-client/templates/job-bootstrap.yaml | 4 ++-- ceph-client/templates/job-rbd-pool.yaml | 4 ++-- ceph-client/templates/pod-helm-tests.yaml | 4 ++-- ceph-mon/templates/daemonset-mon.yaml | 4 ++-- ceph-mon/templates/deployment-moncheck.yaml | 4 ++-- ceph-mon/templates/job-bootstrap.yaml | 4 ++-- ceph-mon/templates/job-keyring.yaml | 4 ++-- ceph-mon/templates/job-storage-admin-keys.yaml | 4 ++-- ceph-osd/templates/daemonset-osd.yaml | 4 ++-- ceph-osd/templates/job-bootstrap.yaml | 4 ++-- ceph-osd/templates/job-post-apply.yaml | 4 ++-- ceph-osd/templates/pod-helm-tests.yaml | 4 ++-- .../templates/deployment-cephfs-provisioner.yaml | 2 +- .../templates/deployment-rbd-provisioner.yaml | 2 +- ceph-provisioners/templates/job-bootstrap.yaml | 4 ++-- ceph-provisioners/templates/job-cephfs-client-key.yaml | 2 +- .../templates/job-namespace-client-key-cleaner.yaml | 2 +- ceph-provisioners/templates/job-namespace-client-key.yaml | 2 +- ceph-provisioners/templates/pod-helm-tests.yaml | 2 +- ceph-rgw/templates/deployment-rgw.yaml | 4 ++-- ceph-rgw/templates/job-bootstrap.yaml | 4 ++-- ceph-rgw/templates/job-rgw-storage-init.yaml | 6 +++--- ceph-rgw/templates/job-s3-admin.yaml | 4 ++-- ceph-rgw/templates/pod-helm-tests.yaml | 4 ++-- daemonjob-controller/templates/deployment.yaml | 2 +- elastic-apm-server/templates/deployment.yaml | 2 +- elastic-filebeat/templates/daemonset.yaml | 2 +- elastic-metricbeat/templates/daemonset-node-metrics.yaml | 2 +- elastic-metricbeat/templates/deployment-modules.yaml | 2 +- elastic-packetbeat/templates/daemonset.yaml | 2 +- elasticsearch/templates/cron-job-curator.yaml | 4 ++-- elasticsearch/templates/cron-job-verify-repositories.yaml | 2 +- elasticsearch/templates/deployment-client.yaml | 4 ++-- elasticsearch/templates/deployment-gateway.yaml | 4 ++-- elasticsearch/templates/job-elasticsearch-template.yaml | 4 ++-- elasticsearch/templates/job-es-cluster-wait.yaml | 2 +- .../templates/job-register-snapshot-repository.yaml | 2 +- elasticsearch/templates/pod-helm-tests.yaml | 2 +- elasticsearch/templates/statefulset-data.yaml | 4 ++-- elasticsearch/templates/statefulset-master.yaml | 4 ++-- etcd/templates/deployment.yaml | 2 +- falco/templates/daemonset.yaml | 2 +- fluentbit/templates/daemonset-fluent-bit.yaml | 4 ++-- fluentd/templates/deployment-fluentd.yaml | 6 +++--- gnocchi/templates/cron-job-resources-cleaner.yaml | 4 ++-- gnocchi/templates/daemonset-metricd.yaml | 4 ++-- gnocchi/templates/daemonset-statsd.yaml | 4 ++-- gnocchi/templates/deployment-api.yaml | 4 ++-- gnocchi/templates/job-clean.yaml | 2 +- gnocchi/templates/job-db-init-indexer.yaml | 4 ++-- gnocchi/templates/job-db-sync.yaml | 4 ++-- gnocchi/templates/job-storage-init.yaml | 4 ++-- gnocchi/templates/pod-gnocchi-test.yaml | 4 ++-- grafana/templates/deployment.yaml | 6 +++--- grafana/templates/job-add-home-dashboard.yaml | 2 +- grafana/templates/job-db-init-session.yaml | 2 +- grafana/templates/job-db-init.yaml | 2 +- grafana/templates/job-db-session-sync.yaml | 2 +- grafana/templates/job-set-admin-user.yaml | 4 ++-- grafana/templates/pod-helm-tests.yaml | 2 +- helm-toolkit/templates/manifests/_job-bootstrap.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-db-init-mysql.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-db-sync.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-ks-endpoints.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-ks-service.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl | 4 ++-- .../templates/manifests/_job-rabbit-init.yaml.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl | 8 ++++---- helm-toolkit/templates/manifests/_job_image_repo_sync.tpl | 4 ++-- ingress/templates/deployment-ingress.yaml | 2 +- kafka/templates/job-generate-acl.yaml | 4 ++-- kafka/templates/pod-helm-test.yaml | 4 ++-- kafka/templates/statefulset.yaml | 4 ++-- kibana/templates/deployment.yaml | 4 ++-- kibana/templates/job-flush-kibana-metadata.yaml | 2 +- kibana/templates/job-register-kibana-indexes.yaml | 2 +- kubernetes-keystone-webhook/templates/deployment.yaml | 6 +++--- kubernetes-keystone-webhook/templates/pod-test.yaml | 2 +- libvirt/templates/daemonset-libvirt.yaml | 6 +++--- mariadb/templates/deployment-ingress.yaml | 4 ++-- mariadb/templates/pod-test.yaml | 4 ++-- mariadb/templates/statefulset.yaml | 6 +++--- memcached/templates/deployment.yaml | 2 +- mongodb/templates/statefulset.yaml | 2 +- nagios/templates/deployment.yaml | 4 ++-- nagios/templates/pod-helm-tests.yaml | 2 +- openvswitch/templates/daemonset-ovs-db.yaml | 2 +- openvswitch/templates/daemonset-ovs-vswitchd.yaml | 2 +- postgresql/templates/pod-test.yaml | 2 +- postgresql/templates/statefulset.yaml | 8 ++++---- powerdns/templates/deployment.yaml | 2 +- powerdns/templates/job-db-sync.yaml | 4 ++-- prometheus-alertmanager/templates/statefulset.yaml | 2 +- prometheus-kube-state-metrics/templates/deployment.yaml | 2 +- prometheus-node-exporter/templates/daemonset.yaml | 2 +- prometheus-openstack-exporter/templates/deployment.yaml | 2 +- prometheus-openstack-exporter/templates/job-ks-user.yaml | 2 +- prometheus/templates/pod-helm-tests.yaml | 2 +- prometheus/templates/statefulset.yaml | 4 ++-- rabbitmq/templates/job-cluster-wait.yaml | 4 ++-- rabbitmq/templates/pod-test.yaml | 2 +- rabbitmq/templates/statefulset.yaml | 6 +++--- redis/templates/pod_test.yaml | 4 ++-- registry/templates/daemonset-registry-proxy.yaml | 4 ++-- registry/templates/deployment-registry.yaml | 4 ++-- registry/templates/job-bootstrap.yaml | 2 +- yamllint-templates.conf | 2 +- yamllint.conf | 2 +- zookeeper/templates/statefulset.yaml | 4 ++-- zuul.d/jobs.yaml | 3 +++ 120 files changed, 208 insertions(+), 205 deletions(-) diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 5476ace2a..cb0deba52 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -285,15 +285,15 @@ spec: - name: calico-etc configMap: name: calico-etc - defaultMode: 292 + defaultMode: 0444 - name: calico-bird configMap: name: calico-bird - defaultMode: 292 + defaultMode: 0444 - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index e16b57382..1c5937d8e 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -172,5 +172,5 @@ spec: - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets - defaultMode: 256 + defaultMode: 0400 {{- end }} diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index e9dc2e2fd..1154241ca 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -100,7 +100,7 @@ spec: - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/ceph-client/templates/cronjob-checkPGs.yaml b/ceph-client/templates/cronjob-checkPGs.yaml index 4d54a4bb2..dca1488df 100644 --- a/ceph-client/templates/cronjob-checkPGs.yaml +++ b/ceph-client/templates/cronjob-checkPGs.yaml @@ -129,11 +129,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: defaultMode: 420 diff --git a/ceph-client/templates/cronjob-defragosds.yaml b/ceph-client/templates/cronjob-defragosds.yaml index 94d20fe6b..f536dc805 100644 --- a/ceph-client/templates/cronjob-defragosds.yaml +++ b/ceph-client/templates/cronjob-defragosds.yaml @@ -106,5 +106,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-checkdns.yaml b/ceph-client/templates/deployment-checkdns.yaml index 2eec1cc7e..25b056cea 100644 --- a/ceph-client/templates/deployment-checkdns.yaml +++ b/ceph-client/templates/deployment-checkdns.yaml @@ -115,5 +115,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-mds.yaml b/ceph-client/templates/deployment-mds.yaml index a685410ad..84838b55a 100644 --- a/ceph-client/templates/deployment-mds.yaml +++ b/ceph-client/templates/deployment-mds.yaml @@ -147,11 +147,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/deployment-mgr.yaml b/ceph-client/templates/deployment-mgr.yaml index a951c4cec..13fbfe0c5 100644 --- a/ceph-client/templates/deployment-mgr.yaml +++ b/ceph-client/templates/deployment-mgr.yaml @@ -184,11 +184,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml index f2d3043c1..86191d9f5 100644 --- a/ceph-client/templates/job-bootstrap.yaml +++ b/ceph-client/templates/job-bootstrap.yaml @@ -70,11 +70,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-client/templates/job-rbd-pool.yaml b/ceph-client/templates/job-rbd-pool.yaml index 0b57913a5..351ef761d 100644 --- a/ceph-client/templates/job-rbd-pool.yaml +++ b/ceph-client/templates/job-rbd-pool.yaml @@ -89,11 +89,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: pod-run diff --git a/ceph-client/templates/pod-helm-tests.yaml b/ceph-client/templates/pod-helm-tests.yaml index 5c3c55ce0..ffad06fd3 100644 --- a/ceph-client/templates/pod-helm-tests.yaml +++ b/ceph-client/templates/pod-helm-tests.yaml @@ -81,12 +81,12 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-mon/templates/daemonset-mon.yaml b/ceph-mon/templates/daemonset-mon.yaml index 0ac03894e..d1048db3d 100644 --- a/ceph-mon/templates/daemonset-mon.yaml +++ b/ceph-mon/templates/daemonset-mon.yaml @@ -243,11 +243,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph hostPath: path: {{ .Values.conf.storage.mon.directory }} diff --git a/ceph-mon/templates/deployment-moncheck.yaml b/ceph-mon/templates/deployment-moncheck.yaml index 4cc81b3be..73d0c5fff 100644 --- a/ceph-mon/templates/deployment-moncheck.yaml +++ b/ceph-mon/templates/deployment-moncheck.yaml @@ -114,11 +114,11 @@ spec: - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml index 408f484b2..15a90569e 100644 --- a/ceph-mon/templates/job-bootstrap.yaml +++ b/ceph-mon/templates/job-bootstrap.yaml @@ -72,11 +72,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-mon/templates/job-keyring.yaml b/ceph-mon/templates/job-keyring.yaml index 1c5662137..e27ff5300 100644 --- a/ceph-mon/templates/job-keyring.yaml +++ b/ceph-mon/templates/job-keyring.yaml @@ -120,10 +120,10 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} {{- end }} diff --git a/ceph-mon/templates/job-storage-admin-keys.yaml b/ceph-mon/templates/job-storage-admin-keys.yaml index 33144c54a..77fdcd378 100644 --- a/ceph-mon/templates/job-storage-admin-keys.yaml +++ b/ceph-mon/templates/job-storage-admin-keys.yaml @@ -117,9 +117,9 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml index 970275088..5f1f221a6 100644 --- a/ceph-osd/templates/daemonset-osd.yaml +++ b/ceph-osd/templates/daemonset-osd.yaml @@ -436,11 +436,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-bootstrap-osd-keyring secret: secretName: {{ .Values.secrets.keyrings.osd }} diff --git a/ceph-osd/templates/job-bootstrap.yaml b/ceph-osd/templates/job-bootstrap.yaml index b1260a50a..46592fbee 100644 --- a/ceph-osd/templates/job-bootstrap.yaml +++ b/ceph-osd/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/job-post-apply.yaml b/ceph-osd/templates/job-post-apply.yaml index 97ff72e02..ad85d47a5 100644 --- a/ceph-osd/templates/job-post-apply.yaml +++ b/ceph-osd/templates/job-post-apply.yaml @@ -126,11 +126,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/pod-helm-tests.yaml b/ceph-osd/templates/pod-helm-tests.yaml index 01580ab7e..9ee685bcb 100644 --- a/ceph-osd/templates/pod-helm-tests.yaml +++ b/ceph-osd/templates/pod-helm-tests.yaml @@ -72,12 +72,12 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml index 77107ebf7..e96387a64 100644 --- a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml @@ -197,5 +197,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml index a22c65e05..4e2b34fb1 100644 --- a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml @@ -187,5 +187,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-bootstrap.yaml b/ceph-provisioners/templates/job-bootstrap.yaml index d1fb89c26..dbcf1e5b0 100644 --- a/ceph-provisioners/templates/job-bootstrap.yaml +++ b/ceph-provisioners/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.storageclass.rbd.ceph_configmap_name }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-provisioners/templates/job-cephfs-client-key.yaml b/ceph-provisioners/templates/job-cephfs-client-key.yaml index 031ec8087..36ca2a505 100644 --- a/ceph-provisioners/templates/job-cephfs-client-key.yaml +++ b/ceph-provisioners/templates/job-cephfs-client-key.yaml @@ -132,5 +132,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml index d73f584d9..478530e62 100644 --- a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml @@ -97,5 +97,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key.yaml b/ceph-provisioners/templates/job-namespace-client-key.yaml index 9e3fcad74..f187630e3 100644 --- a/ceph-provisioners/templates/job-namespace-client-key.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key.yaml @@ -128,5 +128,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/pod-helm-tests.yaml b/ceph-provisioners/templates/pod-helm-tests.yaml index 1bab2be3e..72e85ffff 100644 --- a/ceph-provisioners/templates/pod-helm-tests.yaml +++ b/ceph-provisioners/templates/pod-helm-tests.yaml @@ -107,7 +107,7 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: pod-tmp emptyDir: {} {{- end }} diff --git a/ceph-rgw/templates/deployment-rgw.yaml b/ceph-rgw/templates/deployment-rgw.yaml index fb82e8a61..5fc76eed3 100644 --- a/ceph-rgw/templates/deployment-rgw.yaml +++ b/ceph-rgw/templates/deployment-rgw.yaml @@ -181,11 +181,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-bootstrap-rgw-keyring diff --git a/ceph-rgw/templates/job-bootstrap.yaml b/ceph-rgw/templates/job-bootstrap.yaml index f49434999..073188dcf 100644 --- a/ceph-rgw/templates/job-bootstrap.yaml +++ b/ceph-rgw/templates/job-bootstrap.yaml @@ -118,11 +118,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-rgw-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-rgw-storage-init.yaml b/ceph-rgw/templates/job-rgw-storage-init.yaml index 24ffced7f..6a66c62ea 100644 --- a/ceph-rgw/templates/job-rgw-storage-init.yaml +++ b/ceph-rgw/templates/job-rgw-storage-init.yaml @@ -126,15 +126,15 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-templates configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-templates" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml index 5b9f32453..e8e8db2a6 100644 --- a/ceph-rgw/templates/job-s3-admin.yaml +++ b/ceph-rgw/templates/job-s3-admin.yaml @@ -137,11 +137,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index b07355814..a973694b8 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -104,12 +104,12 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/daemonjob-controller/templates/deployment.yaml b/daemonjob-controller/templates/deployment.yaml index f545e99b7..33eaf1001 100644 --- a/daemonjob-controller/templates/deployment.yaml +++ b/daemonjob-controller/templates/deployment.yaml @@ -58,5 +58,5 @@ spec: - name: hooks configMap: name: daemonjob-controller-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml index d0fbf16c8..e962726c0 100644 --- a/elastic-apm-server/templates/deployment.yaml +++ b/elastic-apm-server/templates/deployment.yaml @@ -122,7 +122,7 @@ spec: - name: elastic-apm-server-etc configMap: name: elastic-apm-server-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/elastic-apm-server diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml index 1b0bcf51f..669b57946 100644 --- a/elastic-filebeat/templates/daemonset.yaml +++ b/elastic-filebeat/templates/daemonset.yaml @@ -157,7 +157,7 @@ spec: - name: filebeat-etc configMap: name: filebeat-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/filebeat diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml index 8460c0846..e40e0c096 100644 --- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml +++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml @@ -168,7 +168,7 @@ spec: path: /var/run/docker.sock - name: metricbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: metricbeat-etc - name: data emptyDir: {} diff --git a/elastic-metricbeat/templates/deployment-modules.yaml b/elastic-metricbeat/templates/deployment-modules.yaml index 5dc0e42a0..ce4a961d1 100644 --- a/elastic-metricbeat/templates/deployment-modules.yaml +++ b/elastic-metricbeat/templates/deployment-modules.yaml @@ -154,5 +154,5 @@ spec: - name: metricbeat-etc configMap: name: metricbeat-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml index b89bee586..486cc7fe0 100644 --- a/elastic-packetbeat/templates/daemonset.yaml +++ b/elastic-packetbeat/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: emptyDir: {} - name: packetbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: packetbeat-etc {{ if $mounts_packetbeat.volumes }}{{ toYaml $mounts_packetbeat.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index e845aa83f..91c7b5029 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -86,9 +86,9 @@ spec: - name: elastic-curator-bin configMap: name: elastic-curator-bin - defaultMode: 365 + defaultMode: 0555 - name: elastic-curator-etc secret: secretName: elastic-curator-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elasticsearch/templates/cron-job-verify-repositories.yaml b/elasticsearch/templates/cron-job-verify-repositories.yaml index bbe59c93d..b9c6b941d 100644 --- a/elasticsearch/templates/cron-job-verify-repositories.yaml +++ b/elasticsearch/templates/cron-job-verify-repositories.yaml @@ -83,5 +83,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 290e78e6f..0d166a1e2 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -210,11 +210,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/deployment-gateway.yaml b/elasticsearch/templates/deployment-gateway.yaml index 7df13b6d8..3bbac928b 100644 --- a/elasticsearch/templates/deployment-gateway.yaml +++ b/elasticsearch/templates/deployment-gateway.yaml @@ -160,11 +160,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/job-elasticsearch-template.yaml b/elasticsearch/templates/job-elasticsearch-template.yaml index e2e35fbe5..a93ee1c79 100644 --- a/elasticsearch/templates/job-elasticsearch-template.yaml +++ b/elasticsearch/templates/job-elasticsearch-template.yaml @@ -85,10 +85,10 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-templates-etc secret: secretName: elasticsearch-templates-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch_templates.volumes }}{{ toYaml $mounts_elasticsearch_templates.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml index dbb4da678..27b94f92b 100644 --- a/elasticsearch/templates/job-es-cluster-wait.yaml +++ b/elasticsearch/templates/job-es-cluster-wait.yaml @@ -76,5 +76,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index 18a9a303f..2b811ca14 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -91,5 +91,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml index 6ded8973a..d2e8e62f5 100644 --- a/elasticsearch/templates/pod-helm-tests.yaml +++ b/elasticsearch/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 20299041b..ac5f769c0 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -175,11 +175,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.data.enabled }} - name: storage diff --git a/elasticsearch/templates/statefulset-master.yaml b/elasticsearch/templates/statefulset-master.yaml index 6d5201db1..34a208cdd 100644 --- a/elasticsearch/templates/statefulset-master.yaml +++ b/elasticsearch/templates/statefulset-master.yaml @@ -168,11 +168,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.master.enabled }} - name: storage diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml index c0c3715b1..bfb39b81e 100644 --- a/etcd/templates/deployment.yaml +++ b/etcd/templates/deployment.yaml @@ -70,5 +70,5 @@ spec: - name: etcd-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml index ff44f28a2..dbb0df31c 100644 --- a/falco/templates/daemonset.yaml +++ b/falco/templates/daemonset.yaml @@ -119,7 +119,7 @@ spec: - name: falco-bin configMap: name: falco-bin - defaultMode: 365 + defaultMode: 0555 - name: dshm emptyDir: medium: Memory diff --git a/fluentbit/templates/daemonset-fluent-bit.yaml b/fluentbit/templates/daemonset-fluent-bit.yaml index 22cc29271..755f7abca 100644 --- a/fluentbit/templates/daemonset-fluent-bit.yaml +++ b/fluentbit/templates/daemonset-fluent-bit.yaml @@ -145,10 +145,10 @@ spec: - name: fluentbit-bin configMap: name: fluentbit-bin - defaultMode: 365 + defaultMode: 0555 - name: fluentbit-etc secret: secretName: fluentbit-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_fluentbit.volumes }}{{ toYaml $mounts_fluentbit.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/fluentd/templates/deployment-fluentd.yaml b/fluentd/templates/deployment-fluentd.yaml index 827b7a4cc..b626b8feb 100644 --- a/fluentd/templates/deployment-fluentd.yaml +++ b/fluentd/templates/deployment-fluentd.yaml @@ -226,15 +226,15 @@ spec: - name: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} - name: fluentd-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "fluentd-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: fluentd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "fluentd-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_fluentd.volumes }}{{ toYaml $mounts_fluentd.volumes | indent 8 }}{{- end }} {{- end }} diff --git a/gnocchi/templates/cron-job-resources-cleaner.yaml b/gnocchi/templates/cron-job-resources-cleaner.yaml index b72705885..115fc4ff0 100644 --- a/gnocchi/templates/cron-job-resources-cleaner.yaml +++ b/gnocchi/templates/cron-job-resources-cleaner.yaml @@ -94,10 +94,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml index df3e95733..40daa26a4 100644 --- a/gnocchi/templates/daemonset-metricd.yaml +++ b/gnocchi/templates/daemonset-metricd.yaml @@ -105,11 +105,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml index c1deaedea..68f8f080e 100644 --- a/gnocchi/templates/daemonset-statsd.yaml +++ b/gnocchi/templates/daemonset-statsd.yaml @@ -111,11 +111,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml index 6171ae9ec..b41f0743f 100644 --- a/gnocchi/templates/deployment-api.yaml +++ b/gnocchi/templates/deployment-api.yaml @@ -130,11 +130,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-clean.yaml b/gnocchi/templates/job-clean.yaml index 169bf7543..11fa3ea0d 100644 --- a/gnocchi/templates/job-clean.yaml +++ b/gnocchi/templates/job-clean.yaml @@ -89,5 +89,5 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml index 48c38340e..cde2c0bf4 100644 --- a/gnocchi/templates/job-db-init-indexer.yaml +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -70,11 +70,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml index 3262cb06b..a30356c88 100644 --- a/gnocchi/templates/job-db-sync.yaml +++ b/gnocchi/templates/job-db-sync.yaml @@ -82,11 +82,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index 08598cdda..9e2aea42e 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -123,13 +123,13 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.ceph_client.user_secret_name }} diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml index 66b34cb64..9ceda0143 100644 --- a/gnocchi/templates/pod-gnocchi-test.yaml +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -74,10 +74,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_tests.volumes }}{{ toYaml $mounts_gnocchi_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 81d3b085e..615353350 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -133,15 +133,15 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 - name: grafana-dashboards configMap: name: grafana-dashboards - defaultMode: 365 + defaultMode: 0555 - name: data emptyDir: {} {{ if $mounts_grafana.volumes }}{{ toYaml $mounts_grafana.volumes | indent 8 }}{{ end }} diff --git a/grafana/templates/job-add-home-dashboard.yaml b/grafana/templates/job-add-home-dashboard.yaml index fe122c2d0..ac191b384 100644 --- a/grafana/templates/job-add-home-dashboard.yaml +++ b/grafana/templates/job-add-home-dashboard.yaml @@ -74,5 +74,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} \ No newline at end of file diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index b8243e8be..9e9785f2f 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index 81db09371..b5ba6e65f 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index bf2a465c0..5b0c9be00 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -67,5 +67,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-set-admin-user.yaml b/grafana/templates/job-set-admin-user.yaml index cb9fa8ea0..bc08c33d4 100644 --- a/grafana/templates/job-set-admin-user.yaml +++ b/grafana/templates/job-set-admin-user.yaml @@ -77,9 +77,9 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml index 047d4119d..b5e0a9e4b 100644 --- a/grafana/templates/pod-helm-tests.yaml +++ b/grafana/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 318f5b57e..ea2772955 100644 --- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -103,11 +103,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 998779378..1b639f03c 100644 --- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -118,11 +118,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToDrop := $dbsToDrop }} @@ -134,7 +134,7 @@ spec: - name: db-drop-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 2121408de..73ac04d26 100644 --- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -117,11 +117,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToInit := $dbsToInit }} @@ -133,7 +133,7 @@ spec: - name: db-init-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl index 133c737bb..0e4e3ad83 100644 --- a/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -97,18 +97,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} - name: db-sync-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if $podVols }} {{ $podVols | toYaml | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 8ab1e051a..a497af11f 100644 --- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl index 49bdcd3c8..daac49c17 100644 --- a/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -88,11 +88,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index a8005c3e2..875247eca 100644 --- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index bef1f18bf..ef56655ff 100644 --- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -86,10 +86,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 9eb6e4574..047a8c819 100644 --- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -103,18 +103,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 97160dca2..a86d4ee6a 100644 --- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -118,22 +118,22 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: ceph-keyring-sh configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl index cf514dd78..7d4b07820 100644 --- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl @@ -84,11 +84,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: docker-socket hostPath: diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index bc31072ac..6fa223eb2 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -358,7 +358,7 @@ spec: - name: ingress-bin configMap: name: ingress-bin - defaultMode: 365 + defaultMode: 0555 {{- if and .Values.network.host_namespace .Values.network.vip.manage }} - name: host-rootfs hostPath: diff --git a/kafka/templates/job-generate-acl.yaml b/kafka/templates/job-generate-acl.yaml index c655394f1..6a3088bc9 100644 --- a/kafka/templates/job-generate-acl.yaml +++ b/kafka/templates/job-generate-acl.yaml @@ -64,9 +64,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/pod-helm-test.yaml b/kafka/templates/pod-helm-test.yaml index 8b5cf4083..0a84066d6 100644 --- a/kafka/templates/pod-helm-test.yaml +++ b/kafka/templates/pod-helm-test.yaml @@ -66,9 +66,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/statefulset.yaml b/kafka/templates/statefulset.yaml index a4db6f157..0b3390b35 100644 --- a/kafka/templates/statefulset.yaml +++ b/kafka/templates/statefulset.yaml @@ -168,11 +168,11 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_kafka.volumes }}{{ toYaml $mounts_kafka.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index e130df73b..71c92855a 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -167,9 +167,9 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 365 + defaultMode: 0555 - name: kibana-etc secret: secretName: kibana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kibana/templates/job-flush-kibana-metadata.yaml b/kibana/templates/job-flush-kibana-metadata.yaml index 2033b52ae..741234bf3 100644 --- a/kibana/templates/job-flush-kibana-metadata.yaml +++ b/kibana/templates/job-flush-kibana-metadata.yaml @@ -96,5 +96,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml index f11fb587b..ba13c4378 100644 --- a/kibana/templates/job-register-kibana-indexes.yaml +++ b/kibana/templates/job-register-kibana-indexes.yaml @@ -80,5 +80,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/deployment.yaml b/kubernetes-keystone-webhook/templates/deployment.yaml index 24054a691..831abf55e 100644 --- a/kubernetes-keystone-webhook/templates/deployment.yaml +++ b/kubernetes-keystone-webhook/templates/deployment.yaml @@ -83,13 +83,13 @@ spec: - name: key-kubernetes-keystone-webhook secret: secretName: {{ $envAll.Values.secrets.certificates.api }} - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-etc configMap: name: kubernetes-keystone-webhook-etc - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/pod-test.yaml b/kubernetes-keystone-webhook/templates/pod-test.yaml index e3ebd7a9b..98f685555 100644 --- a/kubernetes-keystone-webhook/templates/pod-test.yaml +++ b/kubernetes-keystone-webhook/templates/pod-test.yaml @@ -60,6 +60,6 @@ spec: - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_kubernetes_keystone_webhook_tests.volumes }}{{ toYaml $mounts_kubernetes_keystone_webhook_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index b43e8b73f..da8f01a85 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -207,11 +207,11 @@ spec: - name: libvirt-bin configMap: name: libvirt-bin - defaultMode: 365 + defaultMode: 0555 - name: libvirt-etc secret: secretName: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 {{- if .Values.conf.ceph.enabled }} - name: etcceph hostPath: @@ -219,7 +219,7 @@ spec: - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 {{- if empty .Values.conf.ceph.cinder.keyring }} - name: ceph-keyring secret: diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml index 214186c50..72bea94af 100644 --- a/mariadb/templates/deployment-ingress.yaml +++ b/mariadb/templates/deployment-ingress.yaml @@ -205,9 +205,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-ingress-etc configMap: name: mariadb-ingress-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml index e140b603c..687caa028 100644 --- a/mariadb/templates/pod-test.yaml +++ b/mariadb/templates/pod-test.yaml @@ -67,9 +67,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml index 5d5595826..70255b597 100644 --- a/mariadb/templates/statefulset.yaml +++ b/mariadb/templates/statefulset.yaml @@ -239,15 +239,15 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-etc configMap: name: mariadb-etc - defaultMode: 292 + defaultMode: 0444 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.volume.enabled }} - name: mysql-data {{- if .Values.volume.use_local_path_for_single_pod_cluster.enabled }} diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 5222b57ad..1b4e20277 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -86,6 +86,6 @@ spec: - name: memcached-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{ dict "envAll" $envAll "component" "memcached" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }} {{- end }} diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml index d91e252e8..e5e0b48df 100644 --- a/mongodb/templates/statefulset.yaml +++ b/mongodb/templates/statefulset.yaml @@ -118,7 +118,7 @@ spec: - name: mongodb-bin configMap: name: mongodb-bin - defaultMode: 365 + defaultMode: 0555 {{- if not .Values.volume.enabled }} - name: mongodb-data hostPath: diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml index 79fd85932..ca0342c98 100644 --- a/nagios/templates/deployment.yaml +++ b/nagios/templates/deployment.yaml @@ -241,9 +241,9 @@ spec: - name: nagios-etc secret: secretName: nagios-etc - defaultMode: 292 + defaultMode: 0444 - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/nagios/templates/pod-helm-tests.yaml b/nagios/templates/pod-helm-tests.yaml index cd1bada87..e22784d8c 100644 --- a/nagios/templates/pod-helm-tests.yaml +++ b/nagios/templates/pod-helm-tests.yaml @@ -75,5 +75,5 @@ spec: - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index c56df377b..8e8af6365 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -108,7 +108,7 @@ spec: - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run/openvswitch diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index dfe83ec59..2f60a0db4 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -153,7 +153,7 @@ It should be handled through lcore and pmd core masks. */}} - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run diff --git a/postgresql/templates/pod-test.yaml b/postgresql/templates/pod-test.yaml index 3c8bd8bf7..45ed8d436 100644 --- a/postgresql/templates/pod-test.yaml +++ b/postgresql/templates/pod-test.yaml @@ -72,6 +72,6 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 ... {{- end }} diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 101ed14ee..7c049d82d 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -416,7 +416,7 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 - name: client-certs-temp emptyDir: {} - name: server-certs-temp @@ -428,15 +428,15 @@ spec: - name: replication-pki secret: secretName: {{ .Values.secrets.postgresql.replica }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-pki secret: secretName: {{ .Values.secrets.postgresql.server }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-etc secret: secretName: postgresql-etc - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.storage.pvc.enabled }} - name: postgresql-data hostPath: diff --git a/powerdns/templates/deployment.yaml b/powerdns/templates/deployment.yaml index 2cf84dfcb..319395156 100644 --- a/powerdns/templates/deployment.yaml +++ b/powerdns/templates/deployment.yaml @@ -73,5 +73,5 @@ spec: - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/powerdns/templates/job-db-sync.yaml b/powerdns/templates/job-db-sync.yaml index 73454c837..9509979af 100644 --- a/powerdns/templates/job-db-sync.yaml +++ b/powerdns/templates/job-db-sync.yaml @@ -54,9 +54,9 @@ spec: - name: powerdns-bin configMap: name: powerdns-bin - defaultMode: 365 + defaultMode: 0555 - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index c5bb3dad8..b1f3cb70f 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -130,7 +130,7 @@ spec: - name: alertmanager-bin configMap: name: alertmanager-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_alertmanager.volumes }}{{ toYaml $mounts_alertmanager.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: alertmanager-data diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index e8c03e411..b4101a3c5 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -143,5 +143,5 @@ spec: - name: kube-state-metrics-bin configMap: name: kube-state-metrics-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index 59515f330..e37cf892c 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -119,6 +119,6 @@ spec: - name: node-exporter-bin configMap: name: node-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_node_exporter.volumes }}{{ toYaml $mounts_node_exporter.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 845346366..05e5db9d9 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -99,5 +99,5 @@ spec: - name: prometheus-openstack-exporter-bin configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index 10218dbd3..bb08406ad 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -66,5 +66,5 @@ spec: - name: ks-user-sh configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/pod-helm-tests.yaml b/prometheus/templates/pod-helm-tests.yaml index 7b9b425b9..3dfbfb796 100644 --- a/prometheus/templates/pod-helm-tests.yaml +++ b/prometheus/templates/pod-helm-tests.yaml @@ -67,5 +67,5 @@ spec: - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index 35c3a8134..becdaa9d1 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -205,11 +205,11 @@ spec: - name: prometheus-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "prometheus-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_prometheus.volumes }}{{ toYaml $mounts_prometheus.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: storage diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml index 2b50f1b2d..9f5b25fbe 100644 --- a/rabbitmq/templates/job-cluster-wait.yaml +++ b/rabbitmq/templates/job-cluster-wait.yaml @@ -90,9 +90,9 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml index f68a10bb7..bcddfd3ea 100644 --- a/rabbitmq/templates/pod-test.yaml +++ b/rabbitmq/templates/pod-test.yaml @@ -66,5 +66,5 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml index 9c53c8015..11af505d6 100644 --- a/rabbitmq/templates/statefulset.yaml +++ b/rabbitmq/templates/statefulset.yaml @@ -253,15 +253,15 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if not $envAll.Values.volume.enabled }} - name: rabbitmq-data {{- if .Values.volume.use_local_path.enabled }} diff --git a/redis/templates/pod_test.yaml b/redis/templates/pod_test.yaml index 010d0a9c1..e7152580c 100644 --- a/redis/templates/pod_test.yaml +++ b/redis/templates/pod_test.yaml @@ -60,9 +60,9 @@ spec: - name: redis-test configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 - name: redis-python configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index b82d362f5..d61e6ddfd 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -71,9 +71,9 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 845aed6c8..40d4d2e65 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -78,11 +78,11 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 - name: docker-images persistentVolumeClaim: claimName: docker-images diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 2d9e8a233..760fa9af1 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -63,7 +63,7 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: docker-socket hostPath: path: /var/run/docker.sock diff --git a/yamllint-templates.conf b/yamllint-templates.conf index 02836e970..ba9fcdf01 100644 --- a/yamllint-templates.conf +++ b/yamllint-templates.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: disable new-lines: disable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: disable truthy: disable diff --git a/yamllint.conf b/yamllint.conf index fb359aef5..382224b5a 100644 --- a/yamllint.conf +++ b/yamllint.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: enable new-lines: enable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: enable truthy: disable diff --git a/zookeeper/templates/statefulset.yaml b/zookeeper/templates/statefulset.yaml index 59713431c..21a00cb96 100644 --- a/zookeeper/templates/statefulset.yaml +++ b/zookeeper/templates/statefulset.yaml @@ -206,11 +206,11 @@ spec: - name: zookeeper-etc secret: secretName: zookeeper-etc - defaultMode: 292 + defaultMode: 0444 - name: zookeeper-bin configMap: name: zookeeper-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 3aa00d31f..beba37d8f 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -17,6 +17,9 @@ name: openstack-helm-lint run: playbooks/lint.yml nodeset: ubuntu-bionic + # NOTE(aostapenko) Required if job is run against another project + required-projects: + - openstack/openstack-helm-infra irrelevant-files: - ^.*\.rst$ - ^doc/.*$