From 83e27e600c5d9bf2548da561b25635e27f1e3cf5 Mon Sep 17 00:00:00 2001 From: Andrii Ostapenko Date: Tue, 16 Jun 2020 20:42:10 -0500 Subject: [PATCH] Enable key-duplicates and octal-values yamllint checks With corresponding code changes. Change-Id: I11cde8971b3effbb6eb2b69a7d31ecf12140434e --- calico/templates/daemonset-calico-node.yaml | 6 +++--- calico/templates/deployment-calico-kube-controllers.yaml | 4 +--- calico/templates/job-calico-settings.yaml | 2 +- ceph-client/templates/cronjob-checkPGs.yaml | 4 ++-- ceph-client/templates/cronjob-defragosds.yaml | 2 +- ceph-client/templates/deployment-checkdns.yaml | 2 +- ceph-client/templates/deployment-mds.yaml | 4 ++-- ceph-client/templates/deployment-mgr.yaml | 4 ++-- ceph-client/templates/job-bootstrap.yaml | 4 ++-- ceph-client/templates/job-rbd-pool.yaml | 4 ++-- ceph-client/templates/pod-helm-tests.yaml | 4 ++-- ceph-mon/templates/daemonset-mon.yaml | 4 ++-- ceph-mon/templates/deployment-moncheck.yaml | 4 ++-- ceph-mon/templates/job-bootstrap.yaml | 4 ++-- ceph-mon/templates/job-keyring.yaml | 4 ++-- ceph-mon/templates/job-storage-admin-keys.yaml | 4 ++-- ceph-osd/templates/daemonset-osd.yaml | 4 ++-- ceph-osd/templates/job-bootstrap.yaml | 4 ++-- ceph-osd/templates/job-post-apply.yaml | 4 ++-- ceph-osd/templates/pod-helm-tests.yaml | 4 ++-- .../templates/deployment-cephfs-provisioner.yaml | 2 +- .../templates/deployment-rbd-provisioner.yaml | 2 +- ceph-provisioners/templates/job-bootstrap.yaml | 4 ++-- ceph-provisioners/templates/job-cephfs-client-key.yaml | 2 +- .../templates/job-namespace-client-key-cleaner.yaml | 2 +- ceph-provisioners/templates/job-namespace-client-key.yaml | 2 +- ceph-provisioners/templates/pod-helm-tests.yaml | 2 +- ceph-rgw/templates/deployment-rgw.yaml | 4 ++-- ceph-rgw/templates/job-bootstrap.yaml | 4 ++-- ceph-rgw/templates/job-rgw-storage-init.yaml | 6 +++--- ceph-rgw/templates/job-s3-admin.yaml | 4 ++-- ceph-rgw/templates/pod-helm-tests.yaml | 4 ++-- daemonjob-controller/templates/deployment.yaml | 2 +- elastic-apm-server/templates/deployment.yaml | 2 +- elastic-filebeat/templates/daemonset.yaml | 2 +- elastic-metricbeat/templates/daemonset-node-metrics.yaml | 2 +- elastic-metricbeat/templates/deployment-modules.yaml | 2 +- elastic-packetbeat/templates/daemonset.yaml | 2 +- elasticsearch/templates/cron-job-curator.yaml | 4 ++-- elasticsearch/templates/cron-job-verify-repositories.yaml | 2 +- elasticsearch/templates/deployment-client.yaml | 4 ++-- elasticsearch/templates/deployment-gateway.yaml | 4 ++-- elasticsearch/templates/job-elasticsearch-template.yaml | 4 ++-- elasticsearch/templates/job-es-cluster-wait.yaml | 2 +- .../templates/job-register-snapshot-repository.yaml | 2 +- elasticsearch/templates/pod-helm-tests.yaml | 2 +- elasticsearch/templates/statefulset-data.yaml | 4 ++-- elasticsearch/templates/statefulset-master.yaml | 4 ++-- etcd/templates/deployment.yaml | 2 +- falco/templates/daemonset.yaml | 2 +- fluentbit/templates/daemonset-fluent-bit.yaml | 4 ++-- fluentd/templates/deployment-fluentd.yaml | 6 +++--- gnocchi/templates/cron-job-resources-cleaner.yaml | 4 ++-- gnocchi/templates/daemonset-metricd.yaml | 4 ++-- gnocchi/templates/daemonset-statsd.yaml | 4 ++-- gnocchi/templates/deployment-api.yaml | 4 ++-- gnocchi/templates/job-clean.yaml | 2 +- gnocchi/templates/job-db-init-indexer.yaml | 4 ++-- gnocchi/templates/job-db-sync.yaml | 4 ++-- gnocchi/templates/job-storage-init.yaml | 4 ++-- gnocchi/templates/pod-gnocchi-test.yaml | 4 ++-- grafana/templates/deployment.yaml | 6 +++--- grafana/templates/job-add-home-dashboard.yaml | 2 +- grafana/templates/job-db-init-session.yaml | 2 +- grafana/templates/job-db-init.yaml | 2 +- grafana/templates/job-db-session-sync.yaml | 2 +- grafana/templates/job-set-admin-user.yaml | 4 ++-- grafana/templates/pod-helm-tests.yaml | 2 +- helm-toolkit/templates/manifests/_job-bootstrap.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-db-init-mysql.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-db-sync.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-ks-endpoints.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-ks-service.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl | 4 ++-- .../templates/manifests/_job-rabbit-init.yaml.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl | 8 ++++---- helm-toolkit/templates/manifests/_job_image_repo_sync.tpl | 4 ++-- ingress/templates/deployment-ingress.yaml | 2 +- kafka/templates/job-generate-acl.yaml | 4 ++-- kafka/templates/pod-helm-test.yaml | 4 ++-- kafka/templates/statefulset.yaml | 4 ++-- kibana/templates/deployment.yaml | 4 ++-- kibana/templates/job-flush-kibana-metadata.yaml | 2 +- kibana/templates/job-register-kibana-indexes.yaml | 2 +- kubernetes-keystone-webhook/templates/deployment.yaml | 6 +++--- kubernetes-keystone-webhook/templates/pod-test.yaml | 2 +- libvirt/templates/daemonset-libvirt.yaml | 6 +++--- mariadb/templates/deployment-ingress.yaml | 4 ++-- mariadb/templates/pod-test.yaml | 4 ++-- mariadb/templates/statefulset.yaml | 6 +++--- memcached/templates/deployment.yaml | 2 +- mongodb/templates/statefulset.yaml | 2 +- nagios/templates/deployment.yaml | 4 ++-- nagios/templates/pod-helm-tests.yaml | 2 +- openvswitch/templates/daemonset-ovs-db.yaml | 2 +- openvswitch/templates/daemonset-ovs-vswitchd.yaml | 2 +- postgresql/templates/pod-test.yaml | 2 +- postgresql/templates/statefulset.yaml | 8 ++++---- powerdns/templates/deployment.yaml | 2 +- powerdns/templates/job-db-sync.yaml | 4 ++-- prometheus-alertmanager/templates/statefulset.yaml | 2 +- prometheus-kube-state-metrics/templates/deployment.yaml | 2 +- prometheus-node-exporter/templates/daemonset.yaml | 2 +- prometheus-openstack-exporter/templates/deployment.yaml | 2 +- prometheus-openstack-exporter/templates/job-ks-user.yaml | 2 +- prometheus/templates/pod-helm-tests.yaml | 2 +- prometheus/templates/statefulset.yaml | 4 ++-- rabbitmq/templates/job-cluster-wait.yaml | 4 ++-- rabbitmq/templates/pod-test.yaml | 2 +- rabbitmq/templates/statefulset.yaml | 6 +++--- redis/templates/pod_test.yaml | 4 ++-- registry/templates/daemonset-registry-proxy.yaml | 4 ++-- registry/templates/deployment-registry.yaml | 4 ++-- registry/templates/job-bootstrap.yaml | 2 +- tiller/templates/deployment-tiller.yaml | 1 - yamllint-templates.conf | 4 ++-- zookeeper/templates/statefulset.yaml | 4 ++-- 119 files changed, 206 insertions(+), 209 deletions(-) diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index cb0deba52..5476ace2a 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -285,15 +285,15 @@ spec: - name: calico-etc configMap: name: calico-etc - defaultMode: 0444 + defaultMode: 292 - name: calico-bird configMap: name: calico-bird - defaultMode: 0444 + defaultMode: 292 - name: calico-bin configMap: name: calico-bin - defaultMode: 0555 + defaultMode: 365 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index 8deb9a872..e16b57382 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -77,8 +77,6 @@ spec: matchLabels: k8s-app: calico-kube-controllers {{ tuple $envAll "calico" "kube-controllers" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} - strategy: - type: Recreate {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} template: metadata: @@ -174,5 +172,5 @@ spec: - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets - defaultMode: 0400 + defaultMode: 256 {{- end }} diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index 1154241ca..e9dc2e2fd 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -100,7 +100,7 @@ spec: - name: calico-bin configMap: name: calico-bin - defaultMode: 0555 + defaultMode: 365 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/ceph-client/templates/cronjob-checkPGs.yaml b/ceph-client/templates/cronjob-checkPGs.yaml index dca1488df..4d54a4bb2 100644 --- a/ceph-client/templates/cronjob-checkPGs.yaml +++ b/ceph-client/templates/cronjob-checkPGs.yaml @@ -129,11 +129,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 0444 + defaultMode: 292 - name: ceph-client-admin-keyring secret: defaultMode: 420 diff --git a/ceph-client/templates/cronjob-defragosds.yaml b/ceph-client/templates/cronjob-defragosds.yaml index f536dc805..94d20fe6b 100644 --- a/ceph-client/templates/cronjob-defragosds.yaml +++ b/ceph-client/templates/cronjob-defragosds.yaml @@ -106,5 +106,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/ceph-client/templates/deployment-checkdns.yaml b/ceph-client/templates/deployment-checkdns.yaml index 25b056cea..2eec1cc7e 100644 --- a/ceph-client/templates/deployment-checkdns.yaml +++ b/ceph-client/templates/deployment-checkdns.yaml @@ -115,5 +115,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/ceph-client/templates/deployment-mds.yaml b/ceph-client/templates/deployment-mds.yaml index 84838b55a..a685410ad 100644 --- a/ceph-client/templates/deployment-mds.yaml +++ b/ceph-client/templates/deployment-mds.yaml @@ -147,11 +147,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 0444 + defaultMode: 292 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/deployment-mgr.yaml b/ceph-client/templates/deployment-mgr.yaml index 13fbfe0c5..a951c4cec 100644 --- a/ceph-client/templates/deployment-mgr.yaml +++ b/ceph-client/templates/deployment-mgr.yaml @@ -184,11 +184,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 0444 + defaultMode: 292 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml index 86191d9f5..f2d3043c1 100644 --- a/ceph-client/templates/job-bootstrap.yaml +++ b/ceph-client/templates/job-bootstrap.yaml @@ -70,11 +70,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 0444 + defaultMode: 292 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-client/templates/job-rbd-pool.yaml b/ceph-client/templates/job-rbd-pool.yaml index 47c8bc947..374b28b29 100644 --- a/ceph-client/templates/job-rbd-pool.yaml +++ b/ceph-client/templates/job-rbd-pool.yaml @@ -85,11 +85,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 0444 + defaultMode: 292 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 - name: pod-var-lib-ceph emptyDir: {} - name: pod-run diff --git a/ceph-client/templates/pod-helm-tests.yaml b/ceph-client/templates/pod-helm-tests.yaml index ffad06fd3..5c3c55ce0 100644 --- a/ceph-client/templates/pod-helm-tests.yaml +++ b/ceph-client/templates/pod-helm-tests.yaml @@ -81,12 +81,12 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/ceph-mon/templates/daemonset-mon.yaml b/ceph-mon/templates/daemonset-mon.yaml index d1048db3d..0ac03894e 100644 --- a/ceph-mon/templates/daemonset-mon.yaml +++ b/ceph-mon/templates/daemonset-mon.yaml @@ -243,11 +243,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 0444 + defaultMode: 292 - name: pod-var-lib-ceph hostPath: path: {{ .Values.conf.storage.mon.directory }} diff --git a/ceph-mon/templates/deployment-moncheck.yaml b/ceph-mon/templates/deployment-moncheck.yaml index 73d0c5fff..4cc81b3be 100644 --- a/ceph-mon/templates/deployment-moncheck.yaml +++ b/ceph-mon/templates/deployment-moncheck.yaml @@ -114,11 +114,11 @@ spec: - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 0444 + defaultMode: 292 - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 0555 + defaultMode: 365 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml index 15a90569e..408f484b2 100644 --- a/ceph-mon/templates/job-bootstrap.yaml +++ b/ceph-mon/templates/job-bootstrap.yaml @@ -72,11 +72,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 0444 + defaultMode: 292 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-mon/templates/job-keyring.yaml b/ceph-mon/templates/job-keyring.yaml index e27ff5300..1c5662137 100644 --- a/ceph-mon/templates/job-keyring.yaml +++ b/ceph-mon/templates/job-keyring.yaml @@ -120,10 +120,10 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 0444 + defaultMode: 292 {{- end }} {{- end }} diff --git a/ceph-mon/templates/job-storage-admin-keys.yaml b/ceph-mon/templates/job-storage-admin-keys.yaml index 77fdcd378..33144c54a 100644 --- a/ceph-mon/templates/job-storage-admin-keys.yaml +++ b/ceph-mon/templates/job-storage-admin-keys.yaml @@ -117,9 +117,9 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml index ab2b2d7d7..d46b29d91 100644 --- a/ceph-osd/templates/daemonset-osd.yaml +++ b/ceph-osd/templates/daemonset-osd.yaml @@ -433,11 +433,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: ceph-osd-etc configMap: name: {{ $configMapName }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-bootstrap-osd-keyring secret: secretName: {{ .Values.secrets.keyrings.osd }} diff --git a/ceph-osd/templates/job-bootstrap.yaml b/ceph-osd/templates/job-bootstrap.yaml index 46592fbee..b1260a50a 100644 --- a/ceph-osd/templates/job-bootstrap.yaml +++ b/ceph-osd/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/job-post-apply.yaml b/ceph-osd/templates/job-post-apply.yaml index ad85d47a5..97ff72e02 100644 --- a/ceph-osd/templates/job-post-apply.yaml +++ b/ceph-osd/templates/job-post-apply.yaml @@ -126,11 +126,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/pod-helm-tests.yaml b/ceph-osd/templates/pod-helm-tests.yaml index 9ee685bcb..01580ab7e 100644 --- a/ceph-osd/templates/pod-helm-tests.yaml +++ b/ceph-osd/templates/pod-helm-tests.yaml @@ -72,12 +72,12 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml index e96387a64..77107ebf7 100644 --- a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml @@ -197,5 +197,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml index 4e2b34fb1..a22c65e05 100644 --- a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml @@ -187,5 +187,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/ceph-provisioners/templates/job-bootstrap.yaml b/ceph-provisioners/templates/job-bootstrap.yaml index dbcf1e5b0..d1fb89c26 100644 --- a/ceph-provisioners/templates/job-bootstrap.yaml +++ b/ceph-provisioners/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: ceph-etc configMap: name: {{ .Values.storageclass.rbd.ceph_configmap_name }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-provisioners/templates/job-cephfs-client-key.yaml b/ceph-provisioners/templates/job-cephfs-client-key.yaml index 36ca2a505..031ec8087 100644 --- a/ceph-provisioners/templates/job-cephfs-client-key.yaml +++ b/ceph-provisioners/templates/job-cephfs-client-key.yaml @@ -132,5 +132,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml index 478530e62..d73f584d9 100644 --- a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml @@ -97,5 +97,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key.yaml b/ceph-provisioners/templates/job-namespace-client-key.yaml index f187630e3..9e3fcad74 100644 --- a/ceph-provisioners/templates/job-namespace-client-key.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key.yaml @@ -128,5 +128,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/ceph-provisioners/templates/pod-helm-tests.yaml b/ceph-provisioners/templates/pod-helm-tests.yaml index 72e85ffff..1bab2be3e 100644 --- a/ceph-provisioners/templates/pod-helm-tests.yaml +++ b/ceph-provisioners/templates/pod-helm-tests.yaml @@ -107,7 +107,7 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: pod-tmp emptyDir: {} {{- end }} diff --git a/ceph-rgw/templates/deployment-rgw.yaml b/ceph-rgw/templates/deployment-rgw.yaml index 5fc76eed3..fb82e8a61 100644 --- a/ceph-rgw/templates/deployment-rgw.yaml +++ b/ceph-rgw/templates/deployment-rgw.yaml @@ -181,11 +181,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 0444 + defaultMode: 292 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-bootstrap-rgw-keyring diff --git a/ceph-rgw/templates/job-bootstrap.yaml b/ceph-rgw/templates/job-bootstrap.yaml index 073188dcf..f49434999 100644 --- a/ceph-rgw/templates/job-bootstrap.yaml +++ b/ceph-rgw/templates/job-bootstrap.yaml @@ -118,11 +118,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-rgw-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-rgw-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-rgw-storage-init.yaml b/ceph-rgw/templates/job-rgw-storage-init.yaml index 6a66c62ea..24ffced7f 100644 --- a/ceph-rgw/templates/job-rgw-storage-init.yaml +++ b/ceph-rgw/templates/job-rgw-storage-init.yaml @@ -126,15 +126,15 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-templates configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-templates" | quote }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml index e8e8db2a6..5b9f32453 100644 --- a/ceph-rgw/templates/job-s3-admin.yaml +++ b/ceph-rgw/templates/job-s3-admin.yaml @@ -137,11 +137,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 0444 + defaultMode: 292 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index a973694b8..b07355814 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -104,12 +104,12 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 0555 + defaultMode: 365 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/daemonjob-controller/templates/deployment.yaml b/daemonjob-controller/templates/deployment.yaml index 33eaf1001..f545e99b7 100644 --- a/daemonjob-controller/templates/deployment.yaml +++ b/daemonjob-controller/templates/deployment.yaml @@ -58,5 +58,5 @@ spec: - name: hooks configMap: name: daemonjob-controller-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml index e962726c0..d0fbf16c8 100644 --- a/elastic-apm-server/templates/deployment.yaml +++ b/elastic-apm-server/templates/deployment.yaml @@ -122,7 +122,7 @@ spec: - name: elastic-apm-server-etc configMap: name: elastic-apm-server-etc - defaultMode: 0444 + defaultMode: 292 - name: data hostPath: path: /var/lib/elastic-apm-server diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml index 669b57946..1b0bcf51f 100644 --- a/elastic-filebeat/templates/daemonset.yaml +++ b/elastic-filebeat/templates/daemonset.yaml @@ -157,7 +157,7 @@ spec: - name: filebeat-etc configMap: name: filebeat-etc - defaultMode: 0444 + defaultMode: 292 - name: data hostPath: path: /var/lib/filebeat diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml index e40e0c096..8460c0846 100644 --- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml +++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml @@ -168,7 +168,7 @@ spec: path: /var/run/docker.sock - name: metricbeat-etc configMap: - defaultMode: 0444 + defaultMode: 292 name: metricbeat-etc - name: data emptyDir: {} diff --git a/elastic-metricbeat/templates/deployment-modules.yaml b/elastic-metricbeat/templates/deployment-modules.yaml index ce4a961d1..5dc0e42a0 100644 --- a/elastic-metricbeat/templates/deployment-modules.yaml +++ b/elastic-metricbeat/templates/deployment-modules.yaml @@ -154,5 +154,5 @@ spec: - name: metricbeat-etc configMap: name: metricbeat-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml index 486cc7fe0..b89bee586 100644 --- a/elastic-packetbeat/templates/daemonset.yaml +++ b/elastic-packetbeat/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: emptyDir: {} - name: packetbeat-etc configMap: - defaultMode: 0444 + defaultMode: 292 name: packetbeat-etc {{ if $mounts_packetbeat.volumes }}{{ toYaml $mounts_packetbeat.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index 91c7b5029..e845aa83f 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -86,9 +86,9 @@ spec: - name: elastic-curator-bin configMap: name: elastic-curator-bin - defaultMode: 0555 + defaultMode: 365 - name: elastic-curator-etc secret: secretName: elastic-curator-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/elasticsearch/templates/cron-job-verify-repositories.yaml b/elasticsearch/templates/cron-job-verify-repositories.yaml index b9c6b941d..bbe59c93d 100644 --- a/elasticsearch/templates/cron-job-verify-repositories.yaml +++ b/elasticsearch/templates/cron-job-verify-repositories.yaml @@ -83,5 +83,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 0d166a1e2..290e78e6f 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -210,11 +210,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 0444 + defaultMode: 292 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/deployment-gateway.yaml b/elasticsearch/templates/deployment-gateway.yaml index 3bbac928b..7df13b6d8 100644 --- a/elasticsearch/templates/deployment-gateway.yaml +++ b/elasticsearch/templates/deployment-gateway.yaml @@ -160,11 +160,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 0444 + defaultMode: 292 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/job-elasticsearch-template.yaml b/elasticsearch/templates/job-elasticsearch-template.yaml index a93ee1c79..e2e35fbe5 100644 --- a/elasticsearch/templates/job-elasticsearch-template.yaml +++ b/elasticsearch/templates/job-elasticsearch-template.yaml @@ -85,10 +85,10 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 - name: elasticsearch-templates-etc secret: secretName: elasticsearch-templates-etc - defaultMode: 0444 + defaultMode: 292 {{ if $mounts_elasticsearch_templates.volumes }}{{ toYaml $mounts_elasticsearch_templates.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml index 27b94f92b..dbb4da678 100644 --- a/elasticsearch/templates/job-es-cluster-wait.yaml +++ b/elasticsearch/templates/job-es-cluster-wait.yaml @@ -76,5 +76,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index 2b811ca14..18a9a303f 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -91,5 +91,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml index d2e8e62f5..6ded8973a 100644 --- a/elasticsearch/templates/pod-helm-tests.yaml +++ b/elasticsearch/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index ac5f769c0..20299041b 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -175,11 +175,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 0444 + defaultMode: 292 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.data.enabled }} - name: storage diff --git a/elasticsearch/templates/statefulset-master.yaml b/elasticsearch/templates/statefulset-master.yaml index 34a208cdd..6d5201db1 100644 --- a/elasticsearch/templates/statefulset-master.yaml +++ b/elasticsearch/templates/statefulset-master.yaml @@ -168,11 +168,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 0555 + defaultMode: 365 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 0444 + defaultMode: 292 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.master.enabled }} - name: storage diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml index bfb39b81e..c0c3715b1 100644 --- a/etcd/templates/deployment.yaml +++ b/etcd/templates/deployment.yaml @@ -70,5 +70,5 @@ spec: - name: etcd-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml index dbb0df31c..ff44f28a2 100644 --- a/falco/templates/daemonset.yaml +++ b/falco/templates/daemonset.yaml @@ -119,7 +119,7 @@ spec: - name: falco-bin configMap: name: falco-bin - defaultMode: 0555 + defaultMode: 365 - name: dshm emptyDir: medium: Memory diff --git a/fluentbit/templates/daemonset-fluent-bit.yaml b/fluentbit/templates/daemonset-fluent-bit.yaml index 755f7abca..22cc29271 100644 --- a/fluentbit/templates/daemonset-fluent-bit.yaml +++ b/fluentbit/templates/daemonset-fluent-bit.yaml @@ -145,10 +145,10 @@ spec: - name: fluentbit-bin configMap: name: fluentbit-bin - defaultMode: 0555 + defaultMode: 365 - name: fluentbit-etc secret: secretName: fluentbit-etc - defaultMode: 0444 + defaultMode: 292 {{ if $mounts_fluentbit.volumes }}{{ toYaml $mounts_fluentbit.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/fluentd/templates/deployment-fluentd.yaml b/fluentd/templates/deployment-fluentd.yaml index b626b8feb..827b7a4cc 100644 --- a/fluentd/templates/deployment-fluentd.yaml +++ b/fluentd/templates/deployment-fluentd.yaml @@ -226,15 +226,15 @@ spec: - name: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} - defaultMode: 0444 + defaultMode: 292 {{- end }} - name: fluentd-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "fluentd-etc" | quote }} - defaultMode: 0444 + defaultMode: 292 - name: fluentd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "fluentd-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_fluentd.volumes }}{{ toYaml $mounts_fluentd.volumes | indent 8 }}{{- end }} {{- end }} diff --git a/gnocchi/templates/cron-job-resources-cleaner.yaml b/gnocchi/templates/cron-job-resources-cleaner.yaml index 115fc4ff0..b72705885 100644 --- a/gnocchi/templates/cron-job-resources-cleaner.yaml +++ b/gnocchi/templates/cron-job-resources-cleaner.yaml @@ -94,10 +94,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 0444 + defaultMode: 292 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml index 40daa26a4..df3e95733 100644 --- a/gnocchi/templates/daemonset-metricd.yaml +++ b/gnocchi/templates/daemonset-metricd.yaml @@ -105,11 +105,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 0444 + defaultMode: 292 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml index 68f8f080e..c1deaedea 100644 --- a/gnocchi/templates/daemonset-statsd.yaml +++ b/gnocchi/templates/daemonset-statsd.yaml @@ -111,11 +111,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 0444 + defaultMode: 292 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml index b41f0743f..6171ae9ec 100644 --- a/gnocchi/templates/deployment-api.yaml +++ b/gnocchi/templates/deployment-api.yaml @@ -130,11 +130,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 0444 + defaultMode: 292 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-clean.yaml b/gnocchi/templates/job-clean.yaml index 11fa3ea0d..169bf7543 100644 --- a/gnocchi/templates/job-clean.yaml +++ b/gnocchi/templates/job-clean.yaml @@ -89,5 +89,5 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml index cde2c0bf4..48c38340e 100644 --- a/gnocchi/templates/job-db-init-indexer.yaml +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -70,11 +70,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 0444 + defaultMode: 292 - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml index a30356c88..3262cb06b 100644 --- a/gnocchi/templates/job-db-sync.yaml +++ b/gnocchi/templates/job-db-sync.yaml @@ -82,11 +82,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 0444 + defaultMode: 292 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index 9e2aea42e..08598cdda 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -123,13 +123,13 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 0444 + defaultMode: 292 - name: ceph-keyring secret: secretName: {{ .Values.ceph_client.user_secret_name }} diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml index 9ceda0143..66b34cb64 100644 --- a/gnocchi/templates/pod-gnocchi-test.yaml +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -74,10 +74,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 0444 + defaultMode: 292 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_gnocchi_tests.volumes }}{{ toYaml $mounts_gnocchi_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 615353350..81d3b085e 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -133,15 +133,15 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 0555 + defaultMode: 365 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 0444 + defaultMode: 292 - name: grafana-dashboards configMap: name: grafana-dashboards - defaultMode: 0555 + defaultMode: 365 - name: data emptyDir: {} {{ if $mounts_grafana.volumes }}{{ toYaml $mounts_grafana.volumes | indent 8 }}{{ end }} diff --git a/grafana/templates/job-add-home-dashboard.yaml b/grafana/templates/job-add-home-dashboard.yaml index ac191b384..fe122c2d0 100644 --- a/grafana/templates/job-add-home-dashboard.yaml +++ b/grafana/templates/job-add-home-dashboard.yaml @@ -74,5 +74,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} \ No newline at end of file diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index 9e9785f2f..b8243e8be 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index b5ba6e65f..81db09371 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index 5b0c9be00..bf2a465c0 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -67,5 +67,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/grafana/templates/job-set-admin-user.yaml b/grafana/templates/job-set-admin-user.yaml index bc08c33d4..cb9fa8ea0 100644 --- a/grafana/templates/job-set-admin-user.yaml +++ b/grafana/templates/job-set-admin-user.yaml @@ -77,9 +77,9 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 0555 + defaultMode: 365 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml index b5e0a9e4b..047d4119d 100644 --- a/grafana/templates/pod-helm-tests.yaml +++ b/grafana/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl index b0f46d40a..2d5e76797 100644 --- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -101,18 +101,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} - name: etc-service emptyDir: {} - name: bootstrap-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 0444 + defaultMode: 292 {{- if $podVols }} {{ $podVols | toYaml | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 1b639f03c..998779378 100644 --- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -118,11 +118,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToDrop := $dbsToDrop }} @@ -134,7 +134,7 @@ spec: - name: db-drop-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 0444 + defaultMode: 292 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 73ac04d26..2121408de 100644 --- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -117,11 +117,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToInit := $dbsToInit }} @@ -133,7 +133,7 @@ spec: - name: db-init-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 0444 + defaultMode: 292 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl index 0e4e3ad83..133c737bb 100644 --- a/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -97,18 +97,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} - name: etc-service emptyDir: {} - name: db-sync-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 0444 + defaultMode: 292 {{- if $podVols }} {{ $podVols | toYaml | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 767a100d7..d22a4f202 100644 --- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -92,10 +92,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl index 8c7ca9e85..965744e90 100644 --- a/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -86,10 +86,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 89e6f35ce..25f1068a1 100644 --- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -92,10 +92,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index ef56655ff..bef1f18bf 100644 --- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -86,10 +86,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 047a8c819..9eb6e4574 100644 --- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -103,18 +103,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 0444 + defaultMode: 292 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index a86d4ee6a..97160dca2 100644 --- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -118,22 +118,22 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} - name: ceph-keyring-sh configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 0444 + defaultMode: 292 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl index 7d4b07820..cf514dd78 100644 --- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl @@ -84,11 +84,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} - name: docker-socket hostPath: diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index 6fa223eb2..bc31072ac 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -358,7 +358,7 @@ spec: - name: ingress-bin configMap: name: ingress-bin - defaultMode: 0555 + defaultMode: 365 {{- if and .Values.network.host_namespace .Values.network.vip.manage }} - name: host-rootfs hostPath: diff --git a/kafka/templates/job-generate-acl.yaml b/kafka/templates/job-generate-acl.yaml index 6a3088bc9..c655394f1 100644 --- a/kafka/templates/job-generate-acl.yaml +++ b/kafka/templates/job-generate-acl.yaml @@ -64,9 +64,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 0555 + defaultMode: 365 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/kafka/templates/pod-helm-test.yaml b/kafka/templates/pod-helm-test.yaml index 0a84066d6..8b5cf4083 100644 --- a/kafka/templates/pod-helm-test.yaml +++ b/kafka/templates/pod-helm-test.yaml @@ -66,9 +66,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 0555 + defaultMode: 365 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/kafka/templates/statefulset.yaml b/kafka/templates/statefulset.yaml index 0b3390b35..a4db6f157 100644 --- a/kafka/templates/statefulset.yaml +++ b/kafka/templates/statefulset.yaml @@ -168,11 +168,11 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 0555 + defaultMode: 365 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 0444 + defaultMode: 292 {{ if $mounts_kafka.volumes }}{{ toYaml $mounts_kafka.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index 71c92855a..e130df73b 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -167,9 +167,9 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 0555 + defaultMode: 365 - name: kibana-etc secret: secretName: kibana-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/kibana/templates/job-flush-kibana-metadata.yaml b/kibana/templates/job-flush-kibana-metadata.yaml index 741234bf3..2033b52ae 100644 --- a/kibana/templates/job-flush-kibana-metadata.yaml +++ b/kibana/templates/job-flush-kibana-metadata.yaml @@ -96,5 +96,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 0755 + defaultMode: 493 {{- end }} diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml index ba13c4378..f11fb587b 100644 --- a/kibana/templates/job-register-kibana-indexes.yaml +++ b/kibana/templates/job-register-kibana-indexes.yaml @@ -80,5 +80,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 0755 + defaultMode: 493 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/deployment.yaml b/kubernetes-keystone-webhook/templates/deployment.yaml index 831abf55e..24054a691 100644 --- a/kubernetes-keystone-webhook/templates/deployment.yaml +++ b/kubernetes-keystone-webhook/templates/deployment.yaml @@ -83,13 +83,13 @@ spec: - name: key-kubernetes-keystone-webhook secret: secretName: {{ $envAll.Values.secrets.certificates.api }} - defaultMode: 0444 + defaultMode: 292 - name: kubernetes-keystone-webhook-etc configMap: name: kubernetes-keystone-webhook-etc - defaultMode: 0444 + defaultMode: 292 - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/pod-test.yaml b/kubernetes-keystone-webhook/templates/pod-test.yaml index 98f685555..e3ebd7a9b 100644 --- a/kubernetes-keystone-webhook/templates/pod-test.yaml +++ b/kubernetes-keystone-webhook/templates/pod-test.yaml @@ -60,6 +60,6 @@ spec: - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_kubernetes_keystone_webhook_tests.volumes }}{{ toYaml $mounts_kubernetes_keystone_webhook_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index da8f01a85..b43e8b73f 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -207,11 +207,11 @@ spec: - name: libvirt-bin configMap: name: libvirt-bin - defaultMode: 0555 + defaultMode: 365 - name: libvirt-etc secret: secretName: {{ $configMapName }} - defaultMode: 0444 + defaultMode: 292 {{- if .Values.conf.ceph.enabled }} - name: etcceph hostPath: @@ -219,7 +219,7 @@ spec: - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 0444 + defaultMode: 292 {{- if empty .Values.conf.ceph.cinder.keyring }} - name: ceph-keyring secret: diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml index 72bea94af..214186c50 100644 --- a/mariadb/templates/deployment-ingress.yaml +++ b/mariadb/templates/deployment-ingress.yaml @@ -205,9 +205,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 0555 + defaultMode: 365 - name: mariadb-ingress-etc configMap: name: mariadb-ingress-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml index 687caa028..e140b603c 100644 --- a/mariadb/templates/pod-test.yaml +++ b/mariadb/templates/pod-test.yaml @@ -67,9 +67,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 0555 + defaultMode: 365 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml index 70255b597..5d5595826 100644 --- a/mariadb/templates/statefulset.yaml +++ b/mariadb/templates/statefulset.yaml @@ -239,15 +239,15 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 0555 + defaultMode: 365 - name: mariadb-etc configMap: name: mariadb-etc - defaultMode: 0444 + defaultMode: 292 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 0444 + defaultMode: 292 {{- if not .Values.volume.enabled }} - name: mysql-data {{- if .Values.volume.use_local_path_for_single_pod_cluster.enabled }} diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 1b4e20277..5222b57ad 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -86,6 +86,6 @@ spec: - name: memcached-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 0555 + defaultMode: 365 {{ dict "envAll" $envAll "component" "memcached" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }} {{- end }} diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml index e5e0b48df..d91e252e8 100644 --- a/mongodb/templates/statefulset.yaml +++ b/mongodb/templates/statefulset.yaml @@ -118,7 +118,7 @@ spec: - name: mongodb-bin configMap: name: mongodb-bin - defaultMode: 0555 + defaultMode: 365 {{- if not .Values.volume.enabled }} - name: mongodb-data hostPath: diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml index 6af119777..98075ee62 100644 --- a/nagios/templates/deployment.yaml +++ b/nagios/templates/deployment.yaml @@ -238,9 +238,9 @@ spec: - name: nagios-etc secret: secretName: nagios-etc - defaultMode: 0444 + defaultMode: 292 - name: nagios-bin configMap: name: nagios-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/nagios/templates/pod-helm-tests.yaml b/nagios/templates/pod-helm-tests.yaml index e22784d8c..cd1bada87 100644 --- a/nagios/templates/pod-helm-tests.yaml +++ b/nagios/templates/pod-helm-tests.yaml @@ -75,5 +75,5 @@ spec: - name: nagios-bin configMap: name: nagios-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index 8e8af6365..c56df377b 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -108,7 +108,7 @@ spec: - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 0555 + defaultMode: 365 - name: run hostPath: path: /run/openvswitch diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index 2f60a0db4..dfe83ec59 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -153,7 +153,7 @@ It should be handled through lcore and pmd core masks. */}} - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 0555 + defaultMode: 365 - name: run hostPath: path: /run diff --git a/postgresql/templates/pod-test.yaml b/postgresql/templates/pod-test.yaml index 45ed8d436..3c8bd8bf7 100644 --- a/postgresql/templates/pod-test.yaml +++ b/postgresql/templates/pod-test.yaml @@ -72,6 +72,6 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 0555 + defaultMode: 365 ... {{- end }} diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 7c049d82d..101ed14ee 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -416,7 +416,7 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 0555 + defaultMode: 365 - name: client-certs-temp emptyDir: {} - name: server-certs-temp @@ -428,15 +428,15 @@ spec: - name: replication-pki secret: secretName: {{ .Values.secrets.postgresql.replica }} - defaultMode: 0640 + defaultMode: 416 - name: postgresql-pki secret: secretName: {{ .Values.secrets.postgresql.server }} - defaultMode: 0640 + defaultMode: 416 - name: postgresql-etc secret: secretName: postgresql-etc - defaultMode: 0444 + defaultMode: 292 {{- if not .Values.storage.pvc.enabled }} - name: postgresql-data hostPath: diff --git a/powerdns/templates/deployment.yaml b/powerdns/templates/deployment.yaml index 319395156..2cf84dfcb 100644 --- a/powerdns/templates/deployment.yaml +++ b/powerdns/templates/deployment.yaml @@ -73,5 +73,5 @@ spec: - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/powerdns/templates/job-db-sync.yaml b/powerdns/templates/job-db-sync.yaml index 9509979af..73454c837 100644 --- a/powerdns/templates/job-db-sync.yaml +++ b/powerdns/templates/job-db-sync.yaml @@ -54,9 +54,9 @@ spec: - name: powerdns-bin configMap: name: powerdns-bin - defaultMode: 0555 + defaultMode: 365 - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index b1f3cb70f..c5bb3dad8 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -130,7 +130,7 @@ spec: - name: alertmanager-bin configMap: name: alertmanager-bin - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_alertmanager.volumes }}{{ toYaml $mounts_alertmanager.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: alertmanager-data diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index b4101a3c5..e8c03e411 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -143,5 +143,5 @@ spec: - name: kube-state-metrics-bin configMap: name: kube-state-metrics-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index e37cf892c..59515f330 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -119,6 +119,6 @@ spec: - name: node-exporter-bin configMap: name: node-exporter-bin - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_node_exporter.volumes }}{{ toYaml $mounts_node_exporter.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 05e5db9d9..845346366 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -99,5 +99,5 @@ spec: - name: prometheus-openstack-exporter-bin configMap: name: prometheus-openstack-exporter-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index bb08406ad..10218dbd3 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -66,5 +66,5 @@ spec: - name: ks-user-sh configMap: name: prometheus-openstack-exporter-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/prometheus/templates/pod-helm-tests.yaml b/prometheus/templates/pod-helm-tests.yaml index 3dfbfb796..7b9b425b9 100644 --- a/prometheus/templates/pod-helm-tests.yaml +++ b/prometheus/templates/pod-helm-tests.yaml @@ -67,5 +67,5 @@ spec: - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index becdaa9d1..35c3a8134 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -205,11 +205,11 @@ spec: - name: prometheus-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "prometheus-etc" | quote }} - defaultMode: 0444 + defaultMode: 292 - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_prometheus.volumes }}{{ toYaml $mounts_prometheus.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: storage diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml index 9f5b25fbe..2b50f1b2d 100644 --- a/rabbitmq/templates/job-cluster-wait.yaml +++ b/rabbitmq/templates/job-cluster-wait.yaml @@ -90,9 +90,9 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml index bcddfd3ea..f68a10bb7 100644 --- a/rabbitmq/templates/pod-test.yaml +++ b/rabbitmq/templates/pod-test.yaml @@ -66,5 +66,5 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml index 11af505d6..9c53c8015 100644 --- a/rabbitmq/templates/statefulset.yaml +++ b/rabbitmq/templates/statefulset.yaml @@ -253,15 +253,15 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 0555 + defaultMode: 365 - name: rabbitmq-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-etc" | quote }} - defaultMode: 0444 + defaultMode: 292 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 0444 + defaultMode: 292 {{- if not $envAll.Values.volume.enabled }} - name: rabbitmq-data {{- if .Values.volume.use_local_path.enabled }} diff --git a/redis/templates/pod_test.yaml b/redis/templates/pod_test.yaml index e7152580c..010d0a9c1 100644 --- a/redis/templates/pod_test.yaml +++ b/redis/templates/pod_test.yaml @@ -60,9 +60,9 @@ spec: - name: redis-test configMap: name: redis-bin - defaultMode: 0555 + defaultMode: 365 - name: redis-python configMap: name: redis-bin - defaultMode: 0555 + defaultMode: 365 {{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index d61e6ddfd..b82d362f5 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -71,9 +71,9 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 0555 + defaultMode: 365 - name: registry-etc configMap: name: registry-etc - defaultMode: 0444 + defaultMode: 292 {{- end }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 40d4d2e65..845aed6c8 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -78,11 +78,11 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 0555 + defaultMode: 365 - name: registry-etc configMap: name: registry-etc - defaultMode: 0444 + defaultMode: 292 - name: docker-images persistentVolumeClaim: claimName: docker-images diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 760fa9af1..2d9e8a233 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -63,7 +63,7 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 0555 + defaultMode: 365 - name: docker-socket hostPath: path: /var/run/docker.sock diff --git a/tiller/templates/deployment-tiller.yaml b/tiller/templates/deployment-tiller.yaml index 2ca1d9374..7cacc69cd 100644 --- a/tiller/templates/deployment-tiller.yaml +++ b/tiller/templates/deployment-tiller.yaml @@ -105,7 +105,6 @@ spec: dnsPolicy: {{ .Values.pod.dns_policy }} restartPolicy: Always schedulerName: default-scheduler - securityContext: {} serviceAccount: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }} terminationGracePeriodSeconds: 30 diff --git a/yamllint-templates.conf b/yamllint-templates.conf index 12d5bc41a..02836e970 100644 --- a/yamllint-templates.conf +++ b/yamllint-templates.conf @@ -20,12 +20,12 @@ rules: indentation: spaces: 2 indent-sequences: whatever - key-duplicates: disable + key-duplicates: enable key-ordering: disable line-length: disable new-line-at-end-of-file: disable new-lines: disable - octal-values: disable + octal-values: enable quoted-strings: disable trailing-spaces: disable truthy: disable diff --git a/zookeeper/templates/statefulset.yaml b/zookeeper/templates/statefulset.yaml index 21a00cb96..59713431c 100644 --- a/zookeeper/templates/statefulset.yaml +++ b/zookeeper/templates/statefulset.yaml @@ -206,11 +206,11 @@ spec: - name: zookeeper-etc secret: secretName: zookeeper-etc - defaultMode: 0444 + defaultMode: 292 - name: zookeeper-bin configMap: name: zookeeper-bin - defaultMode: 0555 + defaultMode: 365 {{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data