diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 5476ace2a7..cb0deba524 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -285,15 +285,15 @@ spec: - name: calico-etc configMap: name: calico-etc - defaultMode: 292 + defaultMode: 0444 - name: calico-bird configMap: name: calico-bird - defaultMode: 292 + defaultMode: 0444 - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index e16b573828..1c5937d8e0 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -172,5 +172,5 @@ spec: - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets - defaultMode: 256 + defaultMode: 0400 {{- end }} diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index e9dc2e2fde..1154241ca2 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -100,7 +100,7 @@ spec: - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/ceph-client/templates/cronjob-checkPGs.yaml b/ceph-client/templates/cronjob-checkPGs.yaml index 4d54a4bb2f..dca1488df7 100644 --- a/ceph-client/templates/cronjob-checkPGs.yaml +++ b/ceph-client/templates/cronjob-checkPGs.yaml @@ -129,11 +129,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: defaultMode: 420 diff --git a/ceph-client/templates/cronjob-defragosds.yaml b/ceph-client/templates/cronjob-defragosds.yaml index 94d20fe6b4..f536dc8057 100644 --- a/ceph-client/templates/cronjob-defragosds.yaml +++ b/ceph-client/templates/cronjob-defragosds.yaml @@ -106,5 +106,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-checkdns.yaml b/ceph-client/templates/deployment-checkdns.yaml index 2eec1cc7e4..25b056cea5 100644 --- a/ceph-client/templates/deployment-checkdns.yaml +++ b/ceph-client/templates/deployment-checkdns.yaml @@ -115,5 +115,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-mds.yaml b/ceph-client/templates/deployment-mds.yaml index a685410ad8..84838b55a8 100644 --- a/ceph-client/templates/deployment-mds.yaml +++ b/ceph-client/templates/deployment-mds.yaml @@ -147,11 +147,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/deployment-mgr.yaml b/ceph-client/templates/deployment-mgr.yaml index a951c4cec3..13fbfe0c56 100644 --- a/ceph-client/templates/deployment-mgr.yaml +++ b/ceph-client/templates/deployment-mgr.yaml @@ -184,11 +184,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml index f2d3043c1d..86191d9f5e 100644 --- a/ceph-client/templates/job-bootstrap.yaml +++ b/ceph-client/templates/job-bootstrap.yaml @@ -70,11 +70,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-client/templates/job-rbd-pool.yaml b/ceph-client/templates/job-rbd-pool.yaml index 0b57913a5a..351ef761d9 100644 --- a/ceph-client/templates/job-rbd-pool.yaml +++ b/ceph-client/templates/job-rbd-pool.yaml @@ -89,11 +89,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: pod-run diff --git a/ceph-client/templates/pod-helm-tests.yaml b/ceph-client/templates/pod-helm-tests.yaml index 5c3c55ce09..ffad06fd36 100644 --- a/ceph-client/templates/pod-helm-tests.yaml +++ b/ceph-client/templates/pod-helm-tests.yaml @@ -81,12 +81,12 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-mon/templates/daemonset-mon.yaml b/ceph-mon/templates/daemonset-mon.yaml index 0ac03894e3..d1048db3df 100644 --- a/ceph-mon/templates/daemonset-mon.yaml +++ b/ceph-mon/templates/daemonset-mon.yaml @@ -243,11 +243,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph hostPath: path: {{ .Values.conf.storage.mon.directory }} diff --git a/ceph-mon/templates/deployment-moncheck.yaml b/ceph-mon/templates/deployment-moncheck.yaml index 4cc81b3be6..73d0c5fffd 100644 --- a/ceph-mon/templates/deployment-moncheck.yaml +++ b/ceph-mon/templates/deployment-moncheck.yaml @@ -114,11 +114,11 @@ spec: - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml index 408f484b24..15a90569ed 100644 --- a/ceph-mon/templates/job-bootstrap.yaml +++ b/ceph-mon/templates/job-bootstrap.yaml @@ -72,11 +72,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-mon/templates/job-keyring.yaml b/ceph-mon/templates/job-keyring.yaml index 1c56621377..e27ff53007 100644 --- a/ceph-mon/templates/job-keyring.yaml +++ b/ceph-mon/templates/job-keyring.yaml @@ -120,10 +120,10 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} {{- end }} diff --git a/ceph-mon/templates/job-storage-admin-keys.yaml b/ceph-mon/templates/job-storage-admin-keys.yaml index 33144c54a8..77fdcd3789 100644 --- a/ceph-mon/templates/job-storage-admin-keys.yaml +++ b/ceph-mon/templates/job-storage-admin-keys.yaml @@ -117,9 +117,9 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml index 9702750886..5f1f221a60 100644 --- a/ceph-osd/templates/daemonset-osd.yaml +++ b/ceph-osd/templates/daemonset-osd.yaml @@ -436,11 +436,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-bootstrap-osd-keyring secret: secretName: {{ .Values.secrets.keyrings.osd }} diff --git a/ceph-osd/templates/job-bootstrap.yaml b/ceph-osd/templates/job-bootstrap.yaml index b1260a50ac..46592fbee5 100644 --- a/ceph-osd/templates/job-bootstrap.yaml +++ b/ceph-osd/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/job-post-apply.yaml b/ceph-osd/templates/job-post-apply.yaml index 97ff72e024..ad85d47a59 100644 --- a/ceph-osd/templates/job-post-apply.yaml +++ b/ceph-osd/templates/job-post-apply.yaml @@ -126,11 +126,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/pod-helm-tests.yaml b/ceph-osd/templates/pod-helm-tests.yaml index 01580ab7e9..9ee685bcb8 100644 --- a/ceph-osd/templates/pod-helm-tests.yaml +++ b/ceph-osd/templates/pod-helm-tests.yaml @@ -72,12 +72,12 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml index 77107ebf75..e96387a640 100644 --- a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml @@ -197,5 +197,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml index a22c65e059..4e2b34fb12 100644 --- a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml @@ -187,5 +187,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-bootstrap.yaml b/ceph-provisioners/templates/job-bootstrap.yaml index d1fb89c263..dbcf1e5b0b 100644 --- a/ceph-provisioners/templates/job-bootstrap.yaml +++ b/ceph-provisioners/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.storageclass.rbd.ceph_configmap_name }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-provisioners/templates/job-cephfs-client-key.yaml b/ceph-provisioners/templates/job-cephfs-client-key.yaml index 031ec8087f..36ca2a5051 100644 --- a/ceph-provisioners/templates/job-cephfs-client-key.yaml +++ b/ceph-provisioners/templates/job-cephfs-client-key.yaml @@ -132,5 +132,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml index d73f584d9b..478530e624 100644 --- a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml @@ -97,5 +97,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key.yaml b/ceph-provisioners/templates/job-namespace-client-key.yaml index 9e3fcad747..f187630e34 100644 --- a/ceph-provisioners/templates/job-namespace-client-key.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key.yaml @@ -128,5 +128,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/pod-helm-tests.yaml b/ceph-provisioners/templates/pod-helm-tests.yaml index 1bab2be3e5..72e85ffffc 100644 --- a/ceph-provisioners/templates/pod-helm-tests.yaml +++ b/ceph-provisioners/templates/pod-helm-tests.yaml @@ -107,7 +107,7 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: pod-tmp emptyDir: {} {{- end }} diff --git a/ceph-rgw/templates/deployment-rgw.yaml b/ceph-rgw/templates/deployment-rgw.yaml index fb82e8a610..5fc76eed39 100644 --- a/ceph-rgw/templates/deployment-rgw.yaml +++ b/ceph-rgw/templates/deployment-rgw.yaml @@ -181,11 +181,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-bootstrap-rgw-keyring diff --git a/ceph-rgw/templates/job-bootstrap.yaml b/ceph-rgw/templates/job-bootstrap.yaml index f494349994..073188dcf8 100644 --- a/ceph-rgw/templates/job-bootstrap.yaml +++ b/ceph-rgw/templates/job-bootstrap.yaml @@ -118,11 +118,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-rgw-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-rgw-storage-init.yaml b/ceph-rgw/templates/job-rgw-storage-init.yaml index 24ffced7fd..6a66c62ea4 100644 --- a/ceph-rgw/templates/job-rgw-storage-init.yaml +++ b/ceph-rgw/templates/job-rgw-storage-init.yaml @@ -126,15 +126,15 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-templates configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-templates" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml index 5b9f324532..e8e8db2a67 100644 --- a/ceph-rgw/templates/job-s3-admin.yaml +++ b/ceph-rgw/templates/job-s3-admin.yaml @@ -137,11 +137,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index b073558141..a973694b85 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -104,12 +104,12 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/daemonjob-controller/templates/deployment.yaml b/daemonjob-controller/templates/deployment.yaml index f545e99b7c..33eaf10018 100644 --- a/daemonjob-controller/templates/deployment.yaml +++ b/daemonjob-controller/templates/deployment.yaml @@ -58,5 +58,5 @@ spec: - name: hooks configMap: name: daemonjob-controller-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml index d0fbf16c87..e962726c0e 100644 --- a/elastic-apm-server/templates/deployment.yaml +++ b/elastic-apm-server/templates/deployment.yaml @@ -122,7 +122,7 @@ spec: - name: elastic-apm-server-etc configMap: name: elastic-apm-server-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/elastic-apm-server diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml index 1b0bcf51f3..669b57946e 100644 --- a/elastic-filebeat/templates/daemonset.yaml +++ b/elastic-filebeat/templates/daemonset.yaml @@ -157,7 +157,7 @@ spec: - name: filebeat-etc configMap: name: filebeat-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/filebeat diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml index 8460c08462..e40e0c0961 100644 --- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml +++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml @@ -168,7 +168,7 @@ spec: path: /var/run/docker.sock - name: metricbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: metricbeat-etc - name: data emptyDir: {} diff --git a/elastic-metricbeat/templates/deployment-modules.yaml b/elastic-metricbeat/templates/deployment-modules.yaml index 5dc0e42a0e..ce4a961d1e 100644 --- a/elastic-metricbeat/templates/deployment-modules.yaml +++ b/elastic-metricbeat/templates/deployment-modules.yaml @@ -154,5 +154,5 @@ spec: - name: metricbeat-etc configMap: name: metricbeat-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml index b89bee5864..486cc7fe0e 100644 --- a/elastic-packetbeat/templates/daemonset.yaml +++ b/elastic-packetbeat/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: emptyDir: {} - name: packetbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: packetbeat-etc {{ if $mounts_packetbeat.volumes }}{{ toYaml $mounts_packetbeat.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index e845aa83f6..91c7b50296 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -86,9 +86,9 @@ spec: - name: elastic-curator-bin configMap: name: elastic-curator-bin - defaultMode: 365 + defaultMode: 0555 - name: elastic-curator-etc secret: secretName: elastic-curator-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elasticsearch/templates/cron-job-verify-repositories.yaml b/elasticsearch/templates/cron-job-verify-repositories.yaml index bbe59c93d4..b9c6b941d7 100644 --- a/elasticsearch/templates/cron-job-verify-repositories.yaml +++ b/elasticsearch/templates/cron-job-verify-repositories.yaml @@ -83,5 +83,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 290e78e6f5..0d166a1e25 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -210,11 +210,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/deployment-gateway.yaml b/elasticsearch/templates/deployment-gateway.yaml index 7df13b6d8d..3bbac928bc 100644 --- a/elasticsearch/templates/deployment-gateway.yaml +++ b/elasticsearch/templates/deployment-gateway.yaml @@ -160,11 +160,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/job-elasticsearch-template.yaml b/elasticsearch/templates/job-elasticsearch-template.yaml index e2e35fbe5a..a93ee1c793 100644 --- a/elasticsearch/templates/job-elasticsearch-template.yaml +++ b/elasticsearch/templates/job-elasticsearch-template.yaml @@ -85,10 +85,10 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-templates-etc secret: secretName: elasticsearch-templates-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch_templates.volumes }}{{ toYaml $mounts_elasticsearch_templates.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml index dbb4da6784..27b94f92b7 100644 --- a/elasticsearch/templates/job-es-cluster-wait.yaml +++ b/elasticsearch/templates/job-es-cluster-wait.yaml @@ -76,5 +76,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index 18a9a303f2..2b811ca148 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -91,5 +91,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml index 6ded8973a0..d2e8e62f5b 100644 --- a/elasticsearch/templates/pod-helm-tests.yaml +++ b/elasticsearch/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 20299041b6..ac5f769c06 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -175,11 +175,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.data.enabled }} - name: storage diff --git a/elasticsearch/templates/statefulset-master.yaml b/elasticsearch/templates/statefulset-master.yaml index 6d5201db12..34a208cdd7 100644 --- a/elasticsearch/templates/statefulset-master.yaml +++ b/elasticsearch/templates/statefulset-master.yaml @@ -168,11 +168,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.master.enabled }} - name: storage diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml index c0c3715b1f..bfb39b81eb 100644 --- a/etcd/templates/deployment.yaml +++ b/etcd/templates/deployment.yaml @@ -70,5 +70,5 @@ spec: - name: etcd-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml index ff44f28a23..dbb0df31c7 100644 --- a/falco/templates/daemonset.yaml +++ b/falco/templates/daemonset.yaml @@ -119,7 +119,7 @@ spec: - name: falco-bin configMap: name: falco-bin - defaultMode: 365 + defaultMode: 0555 - name: dshm emptyDir: medium: Memory diff --git a/fluentbit/templates/daemonset-fluent-bit.yaml b/fluentbit/templates/daemonset-fluent-bit.yaml index 22cc292718..755f7abcad 100644 --- a/fluentbit/templates/daemonset-fluent-bit.yaml +++ b/fluentbit/templates/daemonset-fluent-bit.yaml @@ -145,10 +145,10 @@ spec: - name: fluentbit-bin configMap: name: fluentbit-bin - defaultMode: 365 + defaultMode: 0555 - name: fluentbit-etc secret: secretName: fluentbit-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_fluentbit.volumes }}{{ toYaml $mounts_fluentbit.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/fluentd/templates/deployment-fluentd.yaml b/fluentd/templates/deployment-fluentd.yaml index 827b7a4cc8..b626b8feb5 100644 --- a/fluentd/templates/deployment-fluentd.yaml +++ b/fluentd/templates/deployment-fluentd.yaml @@ -226,15 +226,15 @@ spec: - name: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} - name: fluentd-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "fluentd-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: fluentd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "fluentd-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_fluentd.volumes }}{{ toYaml $mounts_fluentd.volumes | indent 8 }}{{- end }} {{- end }} diff --git a/gnocchi/templates/cron-job-resources-cleaner.yaml b/gnocchi/templates/cron-job-resources-cleaner.yaml index b727058858..115fc4ff02 100644 --- a/gnocchi/templates/cron-job-resources-cleaner.yaml +++ b/gnocchi/templates/cron-job-resources-cleaner.yaml @@ -94,10 +94,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml index df3e957332..40daa26a48 100644 --- a/gnocchi/templates/daemonset-metricd.yaml +++ b/gnocchi/templates/daemonset-metricd.yaml @@ -105,11 +105,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml index c1deaedea6..68f8f080ee 100644 --- a/gnocchi/templates/daemonset-statsd.yaml +++ b/gnocchi/templates/daemonset-statsd.yaml @@ -111,11 +111,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml index 6171ae9ec1..b41f0743f9 100644 --- a/gnocchi/templates/deployment-api.yaml +++ b/gnocchi/templates/deployment-api.yaml @@ -130,11 +130,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-clean.yaml b/gnocchi/templates/job-clean.yaml index 169bf75434..11fa3ea0d4 100644 --- a/gnocchi/templates/job-clean.yaml +++ b/gnocchi/templates/job-clean.yaml @@ -89,5 +89,5 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml index 48c38340e4..cde2c0bf49 100644 --- a/gnocchi/templates/job-db-init-indexer.yaml +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -70,11 +70,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml index 3262cb06b2..a30356c88b 100644 --- a/gnocchi/templates/job-db-sync.yaml +++ b/gnocchi/templates/job-db-sync.yaml @@ -82,11 +82,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index 08598cdda7..9e2aea42ee 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -123,13 +123,13 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.ceph_client.user_secret_name }} diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml index 66b34cb645..9ceda0143c 100644 --- a/gnocchi/templates/pod-gnocchi-test.yaml +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -74,10 +74,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_tests.volumes }}{{ toYaml $mounts_gnocchi_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 81d3b085e6..6153533503 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -133,15 +133,15 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 - name: grafana-dashboards configMap: name: grafana-dashboards - defaultMode: 365 + defaultMode: 0555 - name: data emptyDir: {} {{ if $mounts_grafana.volumes }}{{ toYaml $mounts_grafana.volumes | indent 8 }}{{ end }} diff --git a/grafana/templates/job-add-home-dashboard.yaml b/grafana/templates/job-add-home-dashboard.yaml index fe122c2d08..ac191b3843 100644 --- a/grafana/templates/job-add-home-dashboard.yaml +++ b/grafana/templates/job-add-home-dashboard.yaml @@ -74,5 +74,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} \ No newline at end of file diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index b8243e8be9..9e9785f2ff 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index 81db093711..b5ba6e65f5 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index bf2a465c0e..5b0c9be00a 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -67,5 +67,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-set-admin-user.yaml b/grafana/templates/job-set-admin-user.yaml index cb9fa8ea07..bc08c33d4a 100644 --- a/grafana/templates/job-set-admin-user.yaml +++ b/grafana/templates/job-set-admin-user.yaml @@ -77,9 +77,9 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml index 047d4119dd..b5e0a9e4b8 100644 --- a/grafana/templates/pod-helm-tests.yaml +++ b/grafana/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 318f5b57ef..ea27729551 100644 --- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -103,11 +103,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 9987793788..1b639f03c3 100644 --- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -118,11 +118,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToDrop := $dbsToDrop }} @@ -134,7 +134,7 @@ spec: - name: db-drop-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 2121408dec..73ac04d269 100644 --- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -117,11 +117,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToInit := $dbsToInit }} @@ -133,7 +133,7 @@ spec: - name: db-init-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl index 133c737bb7..0e4e3ad83f 100644 --- a/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -97,18 +97,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} - name: db-sync-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if $podVols }} {{ $podVols | toYaml | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 8ab1e051a7..a497af11f6 100644 --- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl index 49bdcd3c81..daac49c175 100644 --- a/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -88,11 +88,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index a8005c3e21..875247ecad 100644 --- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index bef1f18bfb..ef56655ffa 100644 --- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -86,10 +86,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 9eb6e45744..047a8c819e 100644 --- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -103,18 +103,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 97160dca2b..a86d4ee6af 100644 --- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -118,22 +118,22 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: ceph-keyring-sh configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl index cf514dd788..7d4b07820f 100644 --- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl @@ -84,11 +84,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: docker-socket hostPath: diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index bc31072ac8..6fa223eb21 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -358,7 +358,7 @@ spec: - name: ingress-bin configMap: name: ingress-bin - defaultMode: 365 + defaultMode: 0555 {{- if and .Values.network.host_namespace .Values.network.vip.manage }} - name: host-rootfs hostPath: diff --git a/kafka/templates/job-generate-acl.yaml b/kafka/templates/job-generate-acl.yaml index c655394f15..6a3088bc90 100644 --- a/kafka/templates/job-generate-acl.yaml +++ b/kafka/templates/job-generate-acl.yaml @@ -64,9 +64,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/pod-helm-test.yaml b/kafka/templates/pod-helm-test.yaml index 8b5cf4083b..0a84066d62 100644 --- a/kafka/templates/pod-helm-test.yaml +++ b/kafka/templates/pod-helm-test.yaml @@ -66,9 +66,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/statefulset.yaml b/kafka/templates/statefulset.yaml index a4db6f1579..0b3390b35d 100644 --- a/kafka/templates/statefulset.yaml +++ b/kafka/templates/statefulset.yaml @@ -168,11 +168,11 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_kafka.volumes }}{{ toYaml $mounts_kafka.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index e130df73b4..71c92855ab 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -167,9 +167,9 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 365 + defaultMode: 0555 - name: kibana-etc secret: secretName: kibana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kibana/templates/job-flush-kibana-metadata.yaml b/kibana/templates/job-flush-kibana-metadata.yaml index 2033b52ae3..741234bf3d 100644 --- a/kibana/templates/job-flush-kibana-metadata.yaml +++ b/kibana/templates/job-flush-kibana-metadata.yaml @@ -96,5 +96,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml index f11fb587bd..ba13c4378a 100644 --- a/kibana/templates/job-register-kibana-indexes.yaml +++ b/kibana/templates/job-register-kibana-indexes.yaml @@ -80,5 +80,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/deployment.yaml b/kubernetes-keystone-webhook/templates/deployment.yaml index 24054a6919..831abf55ed 100644 --- a/kubernetes-keystone-webhook/templates/deployment.yaml +++ b/kubernetes-keystone-webhook/templates/deployment.yaml @@ -83,13 +83,13 @@ spec: - name: key-kubernetes-keystone-webhook secret: secretName: {{ $envAll.Values.secrets.certificates.api }} - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-etc configMap: name: kubernetes-keystone-webhook-etc - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/pod-test.yaml b/kubernetes-keystone-webhook/templates/pod-test.yaml index e3ebd7a9b9..98f685555d 100644 --- a/kubernetes-keystone-webhook/templates/pod-test.yaml +++ b/kubernetes-keystone-webhook/templates/pod-test.yaml @@ -60,6 +60,6 @@ spec: - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_kubernetes_keystone_webhook_tests.volumes }}{{ toYaml $mounts_kubernetes_keystone_webhook_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index b43e8b73fe..da8f01a859 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -207,11 +207,11 @@ spec: - name: libvirt-bin configMap: name: libvirt-bin - defaultMode: 365 + defaultMode: 0555 - name: libvirt-etc secret: secretName: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 {{- if .Values.conf.ceph.enabled }} - name: etcceph hostPath: @@ -219,7 +219,7 @@ spec: - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 {{- if empty .Values.conf.ceph.cinder.keyring }} - name: ceph-keyring secret: diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml index 214186c507..72bea94af0 100644 --- a/mariadb/templates/deployment-ingress.yaml +++ b/mariadb/templates/deployment-ingress.yaml @@ -205,9 +205,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-ingress-etc configMap: name: mariadb-ingress-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml index e140b603c7..687caa0285 100644 --- a/mariadb/templates/pod-test.yaml +++ b/mariadb/templates/pod-test.yaml @@ -67,9 +67,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml index 5d55958265..70255b597c 100644 --- a/mariadb/templates/statefulset.yaml +++ b/mariadb/templates/statefulset.yaml @@ -239,15 +239,15 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-etc configMap: name: mariadb-etc - defaultMode: 292 + defaultMode: 0444 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.volume.enabled }} - name: mysql-data {{- if .Values.volume.use_local_path_for_single_pod_cluster.enabled }} diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 5222b57ad0..1b4e202775 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -86,6 +86,6 @@ spec: - name: memcached-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{ dict "envAll" $envAll "component" "memcached" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }} {{- end }} diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml index d91e252e86..e5e0b48df2 100644 --- a/mongodb/templates/statefulset.yaml +++ b/mongodb/templates/statefulset.yaml @@ -118,7 +118,7 @@ spec: - name: mongodb-bin configMap: name: mongodb-bin - defaultMode: 365 + defaultMode: 0555 {{- if not .Values.volume.enabled }} - name: mongodb-data hostPath: diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml index 79fd85932b..ca0342c981 100644 --- a/nagios/templates/deployment.yaml +++ b/nagios/templates/deployment.yaml @@ -241,9 +241,9 @@ spec: - name: nagios-etc secret: secretName: nagios-etc - defaultMode: 292 + defaultMode: 0444 - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/nagios/templates/pod-helm-tests.yaml b/nagios/templates/pod-helm-tests.yaml index cd1bada87e..e22784d8ce 100644 --- a/nagios/templates/pod-helm-tests.yaml +++ b/nagios/templates/pod-helm-tests.yaml @@ -75,5 +75,5 @@ spec: - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index c56df377be..8e8af6365a 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -108,7 +108,7 @@ spec: - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run/openvswitch diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index dfe83ec593..2f60a0db40 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -153,7 +153,7 @@ It should be handled through lcore and pmd core masks. */}} - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run diff --git a/postgresql/templates/pod-test.yaml b/postgresql/templates/pod-test.yaml index 3c8bd8bf7e..45ed8d436a 100644 --- a/postgresql/templates/pod-test.yaml +++ b/postgresql/templates/pod-test.yaml @@ -72,6 +72,6 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 ... {{- end }} diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 101ed14ee5..7c049d82df 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -416,7 +416,7 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 - name: client-certs-temp emptyDir: {} - name: server-certs-temp @@ -428,15 +428,15 @@ spec: - name: replication-pki secret: secretName: {{ .Values.secrets.postgresql.replica }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-pki secret: secretName: {{ .Values.secrets.postgresql.server }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-etc secret: secretName: postgresql-etc - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.storage.pvc.enabled }} - name: postgresql-data hostPath: diff --git a/powerdns/templates/deployment.yaml b/powerdns/templates/deployment.yaml index 2cf84dfcb8..319395156b 100644 --- a/powerdns/templates/deployment.yaml +++ b/powerdns/templates/deployment.yaml @@ -73,5 +73,5 @@ spec: - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/powerdns/templates/job-db-sync.yaml b/powerdns/templates/job-db-sync.yaml index 73454c8371..9509979af1 100644 --- a/powerdns/templates/job-db-sync.yaml +++ b/powerdns/templates/job-db-sync.yaml @@ -54,9 +54,9 @@ spec: - name: powerdns-bin configMap: name: powerdns-bin - defaultMode: 365 + defaultMode: 0555 - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index c5bb3dad86..b1f3cb70f9 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -130,7 +130,7 @@ spec: - name: alertmanager-bin configMap: name: alertmanager-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_alertmanager.volumes }}{{ toYaml $mounts_alertmanager.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: alertmanager-data diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index e8c03e4118..b4101a3c54 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -143,5 +143,5 @@ spec: - name: kube-state-metrics-bin configMap: name: kube-state-metrics-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index 59515f330b..e37cf892ce 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -119,6 +119,6 @@ spec: - name: node-exporter-bin configMap: name: node-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_node_exporter.volumes }}{{ toYaml $mounts_node_exporter.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 8453463664..05e5db9d99 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -99,5 +99,5 @@ spec: - name: prometheus-openstack-exporter-bin configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index 10218dbd35..bb08406ad1 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -66,5 +66,5 @@ spec: - name: ks-user-sh configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/pod-helm-tests.yaml b/prometheus/templates/pod-helm-tests.yaml index 7b9b425b93..3dfbfb796f 100644 --- a/prometheus/templates/pod-helm-tests.yaml +++ b/prometheus/templates/pod-helm-tests.yaml @@ -67,5 +67,5 @@ spec: - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index 35c3a8134c..becdaa9d1b 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -205,11 +205,11 @@ spec: - name: prometheus-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "prometheus-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_prometheus.volumes }}{{ toYaml $mounts_prometheus.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: storage diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml index 2b50f1b2d2..9f5b25fbe0 100644 --- a/rabbitmq/templates/job-cluster-wait.yaml +++ b/rabbitmq/templates/job-cluster-wait.yaml @@ -90,9 +90,9 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml index f68a10bb73..bcddfd3ea0 100644 --- a/rabbitmq/templates/pod-test.yaml +++ b/rabbitmq/templates/pod-test.yaml @@ -66,5 +66,5 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml index 9c53c80151..11af505d63 100644 --- a/rabbitmq/templates/statefulset.yaml +++ b/rabbitmq/templates/statefulset.yaml @@ -253,15 +253,15 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if not $envAll.Values.volume.enabled }} - name: rabbitmq-data {{- if .Values.volume.use_local_path.enabled }} diff --git a/redis/templates/pod_test.yaml b/redis/templates/pod_test.yaml index 010d0a9c19..e7152580c4 100644 --- a/redis/templates/pod_test.yaml +++ b/redis/templates/pod_test.yaml @@ -60,9 +60,9 @@ spec: - name: redis-test configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 - name: redis-python configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index b82d362f5c..d61e6ddfd4 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -71,9 +71,9 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 845aed6c8b..40d4d2e65c 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -78,11 +78,11 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 - name: docker-images persistentVolumeClaim: claimName: docker-images diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 2d9e8a233c..760fa9af11 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -63,7 +63,7 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: docker-socket hostPath: path: /var/run/docker.sock diff --git a/yamllint-templates.conf b/yamllint-templates.conf index 02836e9704..ba9fcdf012 100644 --- a/yamllint-templates.conf +++ b/yamllint-templates.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: disable new-lines: disable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: disable truthy: disable diff --git a/yamllint.conf b/yamllint.conf index fb359aef5d..382224b5ad 100644 --- a/yamllint.conf +++ b/yamllint.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: enable new-lines: enable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: enable truthy: disable diff --git a/zookeeper/templates/statefulset.yaml b/zookeeper/templates/statefulset.yaml index 59713431c0..21a00cb968 100644 --- a/zookeeper/templates/statefulset.yaml +++ b/zookeeper/templates/statefulset.yaml @@ -206,11 +206,11 @@ spec: - name: zookeeper-etc secret: secretName: zookeeper-etc - defaultMode: 292 + defaultMode: 0444 - name: zookeeper-bin configMap: name: zookeeper-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 3aa00d31fa..beba37d8fe 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -17,6 +17,9 @@ name: openstack-helm-lint run: playbooks/lint.yml nodeset: ubuntu-bionic + # NOTE(aostapenko) Required if job is run against another project + required-projects: + - openstack/openstack-helm-infra irrelevant-files: - ^.*\.rst$ - ^doc/.*$