From 824f168efc4bef03981b19d5212c1e69eacd26dc Mon Sep 17 00:00:00 2001 From: Andrii Ostapenko Date: Mon, 6 Jul 2020 14:50:07 -0500 Subject: [PATCH] Undo octal-values restriction together with corresponding code Unrestrict octal values rule since benefits of file modes readability exceed possible issues with yaml 1.2 adoption in future k8s versions. These issues will be addressed when/if they occur. Also ensure osh-infra is a required project for lint job, that matters when running job against another project. Change-Id: Ic5e327cf40c4b09c90738baff56419a6cef132da Signed-off-by: Andrii Ostapenko --- calico/templates/daemonset-calico-node.yaml | 6 +++--- calico/templates/deployment-calico-kube-controllers.yaml | 2 +- calico/templates/job-calico-settings.yaml | 2 +- ceph-client/templates/cronjob-checkPGs.yaml | 4 ++-- ceph-client/templates/cronjob-defragosds.yaml | 2 +- ceph-client/templates/deployment-checkdns.yaml | 2 +- ceph-client/templates/deployment-mds.yaml | 4 ++-- ceph-client/templates/deployment-mgr.yaml | 4 ++-- ceph-client/templates/job-bootstrap.yaml | 4 ++-- ceph-client/templates/job-rbd-pool.yaml | 4 ++-- ceph-client/templates/pod-helm-tests.yaml | 4 ++-- ceph-mon/templates/daemonset-mon.yaml | 4 ++-- ceph-mon/templates/deployment-moncheck.yaml | 4 ++-- ceph-mon/templates/job-bootstrap.yaml | 4 ++-- ceph-mon/templates/job-keyring.yaml | 4 ++-- ceph-mon/templates/job-storage-admin-keys.yaml | 4 ++-- ceph-osd/templates/daemonset-osd.yaml | 4 ++-- ceph-osd/templates/job-bootstrap.yaml | 4 ++-- ceph-osd/templates/job-post-apply.yaml | 4 ++-- ceph-osd/templates/pod-helm-tests.yaml | 4 ++-- .../templates/deployment-cephfs-provisioner.yaml | 2 +- .../templates/deployment-rbd-provisioner.yaml | 2 +- ceph-provisioners/templates/job-bootstrap.yaml | 4 ++-- ceph-provisioners/templates/job-cephfs-client-key.yaml | 2 +- .../templates/job-namespace-client-key-cleaner.yaml | 2 +- ceph-provisioners/templates/job-namespace-client-key.yaml | 2 +- ceph-provisioners/templates/pod-helm-tests.yaml | 2 +- ceph-rgw/templates/deployment-rgw.yaml | 4 ++-- ceph-rgw/templates/job-bootstrap.yaml | 4 ++-- ceph-rgw/templates/job-rgw-storage-init.yaml | 6 +++--- ceph-rgw/templates/job-s3-admin.yaml | 4 ++-- ceph-rgw/templates/pod-helm-tests.yaml | 4 ++-- daemonjob-controller/templates/deployment.yaml | 2 +- elastic-apm-server/templates/deployment.yaml | 2 +- elastic-filebeat/templates/daemonset.yaml | 2 +- elastic-metricbeat/templates/daemonset-node-metrics.yaml | 2 +- elastic-metricbeat/templates/deployment-modules.yaml | 2 +- elastic-packetbeat/templates/daemonset.yaml | 2 +- elasticsearch/templates/cron-job-curator.yaml | 4 ++-- elasticsearch/templates/cron-job-verify-repositories.yaml | 2 +- elasticsearch/templates/deployment-client.yaml | 4 ++-- elasticsearch/templates/deployment-gateway.yaml | 4 ++-- elasticsearch/templates/job-elasticsearch-template.yaml | 4 ++-- elasticsearch/templates/job-es-cluster-wait.yaml | 2 +- .../templates/job-register-snapshot-repository.yaml | 2 +- elasticsearch/templates/pod-helm-tests.yaml | 2 +- elasticsearch/templates/statefulset-data.yaml | 4 ++-- elasticsearch/templates/statefulset-master.yaml | 4 ++-- etcd/templates/deployment.yaml | 2 +- falco/templates/daemonset.yaml | 2 +- fluentbit/templates/daemonset-fluent-bit.yaml | 4 ++-- fluentd/templates/deployment-fluentd.yaml | 6 +++--- gnocchi/templates/cron-job-resources-cleaner.yaml | 4 ++-- gnocchi/templates/daemonset-metricd.yaml | 4 ++-- gnocchi/templates/daemonset-statsd.yaml | 4 ++-- gnocchi/templates/deployment-api.yaml | 4 ++-- gnocchi/templates/job-clean.yaml | 2 +- gnocchi/templates/job-db-init-indexer.yaml | 4 ++-- gnocchi/templates/job-db-sync.yaml | 4 ++-- gnocchi/templates/job-storage-init.yaml | 4 ++-- gnocchi/templates/pod-gnocchi-test.yaml | 4 ++-- grafana/templates/deployment.yaml | 6 +++--- grafana/templates/job-add-home-dashboard.yaml | 2 +- grafana/templates/job-db-init-session.yaml | 2 +- grafana/templates/job-db-init.yaml | 2 +- grafana/templates/job-db-session-sync.yaml | 2 +- grafana/templates/job-set-admin-user.yaml | 4 ++-- grafana/templates/pod-helm-tests.yaml | 2 +- helm-toolkit/templates/manifests/_job-bootstrap.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-db-init-mysql.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-db-sync.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-ks-endpoints.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-ks-service.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl | 4 ++-- .../templates/manifests/_job-rabbit-init.yaml.tpl | 4 ++-- helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl | 6 +++--- helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl | 8 ++++---- helm-toolkit/templates/manifests/_job_image_repo_sync.tpl | 4 ++-- ingress/templates/deployment-ingress.yaml | 2 +- kafka/templates/job-generate-acl.yaml | 4 ++-- kafka/templates/pod-helm-test.yaml | 4 ++-- kafka/templates/statefulset.yaml | 4 ++-- kibana/templates/deployment.yaml | 4 ++-- kibana/templates/job-flush-kibana-metadata.yaml | 2 +- kibana/templates/job-register-kibana-indexes.yaml | 2 +- kubernetes-keystone-webhook/templates/deployment.yaml | 6 +++--- kubernetes-keystone-webhook/templates/pod-test.yaml | 2 +- libvirt/templates/daemonset-libvirt.yaml | 6 +++--- mariadb/templates/deployment-ingress.yaml | 4 ++-- mariadb/templates/pod-test.yaml | 4 ++-- mariadb/templates/statefulset.yaml | 6 +++--- memcached/templates/deployment.yaml | 2 +- mongodb/templates/statefulset.yaml | 2 +- nagios/templates/deployment.yaml | 4 ++-- nagios/templates/pod-helm-tests.yaml | 2 +- openvswitch/templates/daemonset-ovs-db.yaml | 2 +- openvswitch/templates/daemonset-ovs-vswitchd.yaml | 2 +- postgresql/templates/pod-test.yaml | 2 +- postgresql/templates/statefulset.yaml | 8 ++++---- powerdns/templates/deployment.yaml | 2 +- powerdns/templates/job-db-sync.yaml | 4 ++-- prometheus-alertmanager/templates/statefulset.yaml | 2 +- prometheus-kube-state-metrics/templates/deployment.yaml | 2 +- prometheus-node-exporter/templates/daemonset.yaml | 2 +- prometheus-openstack-exporter/templates/deployment.yaml | 2 +- prometheus-openstack-exporter/templates/job-ks-user.yaml | 2 +- prometheus/templates/pod-helm-tests.yaml | 2 +- prometheus/templates/statefulset.yaml | 4 ++-- rabbitmq/templates/job-cluster-wait.yaml | 4 ++-- rabbitmq/templates/pod-test.yaml | 2 +- rabbitmq/templates/statefulset.yaml | 6 +++--- redis/templates/pod_test.yaml | 4 ++-- registry/templates/daemonset-registry-proxy.yaml | 4 ++-- registry/templates/deployment-registry.yaml | 4 ++-- registry/templates/job-bootstrap.yaml | 2 +- yamllint-templates.conf | 2 +- yamllint.conf | 2 +- zookeeper/templates/statefulset.yaml | 4 ++-- zuul.d/jobs.yaml | 3 +++ 120 files changed, 208 insertions(+), 205 deletions(-) diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 5476ace2a7..cb0deba524 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -285,15 +285,15 @@ spec: - name: calico-etc configMap: name: calico-etc - defaultMode: 292 + defaultMode: 0444 - name: calico-bird configMap: name: calico-bird - defaultMode: 292 + defaultMode: 0444 - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index e16b573828..1c5937d8e0 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -172,5 +172,5 @@ spec: - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets - defaultMode: 256 + defaultMode: 0400 {{- end }} diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index e9dc2e2fde..1154241ca2 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -100,7 +100,7 @@ spec: - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/ceph-client/templates/cronjob-checkPGs.yaml b/ceph-client/templates/cronjob-checkPGs.yaml index 4d54a4bb2f..dca1488df7 100644 --- a/ceph-client/templates/cronjob-checkPGs.yaml +++ b/ceph-client/templates/cronjob-checkPGs.yaml @@ -129,11 +129,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: defaultMode: 420 diff --git a/ceph-client/templates/cronjob-defragosds.yaml b/ceph-client/templates/cronjob-defragosds.yaml index 94d20fe6b4..f536dc8057 100644 --- a/ceph-client/templates/cronjob-defragosds.yaml +++ b/ceph-client/templates/cronjob-defragosds.yaml @@ -106,5 +106,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-checkdns.yaml b/ceph-client/templates/deployment-checkdns.yaml index 2eec1cc7e4..25b056cea5 100644 --- a/ceph-client/templates/deployment-checkdns.yaml +++ b/ceph-client/templates/deployment-checkdns.yaml @@ -115,5 +115,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-mds.yaml b/ceph-client/templates/deployment-mds.yaml index a685410ad8..84838b55a8 100644 --- a/ceph-client/templates/deployment-mds.yaml +++ b/ceph-client/templates/deployment-mds.yaml @@ -147,11 +147,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/deployment-mgr.yaml b/ceph-client/templates/deployment-mgr.yaml index a951c4cec3..13fbfe0c56 100644 --- a/ceph-client/templates/deployment-mgr.yaml +++ b/ceph-client/templates/deployment-mgr.yaml @@ -184,11 +184,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml index f2d3043c1d..86191d9f5e 100644 --- a/ceph-client/templates/job-bootstrap.yaml +++ b/ceph-client/templates/job-bootstrap.yaml @@ -70,11 +70,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-client/templates/job-rbd-pool.yaml b/ceph-client/templates/job-rbd-pool.yaml index 0b57913a5a..351ef761d9 100644 --- a/ceph-client/templates/job-rbd-pool.yaml +++ b/ceph-client/templates/job-rbd-pool.yaml @@ -89,11 +89,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: pod-run diff --git a/ceph-client/templates/pod-helm-tests.yaml b/ceph-client/templates/pod-helm-tests.yaml index 5c3c55ce09..ffad06fd36 100644 --- a/ceph-client/templates/pod-helm-tests.yaml +++ b/ceph-client/templates/pod-helm-tests.yaml @@ -81,12 +81,12 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-mon/templates/daemonset-mon.yaml b/ceph-mon/templates/daemonset-mon.yaml index 0ac03894e3..d1048db3df 100644 --- a/ceph-mon/templates/daemonset-mon.yaml +++ b/ceph-mon/templates/daemonset-mon.yaml @@ -243,11 +243,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph hostPath: path: {{ .Values.conf.storage.mon.directory }} diff --git a/ceph-mon/templates/deployment-moncheck.yaml b/ceph-mon/templates/deployment-moncheck.yaml index 4cc81b3be6..73d0c5fffd 100644 --- a/ceph-mon/templates/deployment-moncheck.yaml +++ b/ceph-mon/templates/deployment-moncheck.yaml @@ -114,11 +114,11 @@ spec: - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml index 408f484b24..15a90569ed 100644 --- a/ceph-mon/templates/job-bootstrap.yaml +++ b/ceph-mon/templates/job-bootstrap.yaml @@ -72,11 +72,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-mon/templates/job-keyring.yaml b/ceph-mon/templates/job-keyring.yaml index 1c56621377..e27ff53007 100644 --- a/ceph-mon/templates/job-keyring.yaml +++ b/ceph-mon/templates/job-keyring.yaml @@ -120,10 +120,10 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} {{- end }} diff --git a/ceph-mon/templates/job-storage-admin-keys.yaml b/ceph-mon/templates/job-storage-admin-keys.yaml index 33144c54a8..77fdcd3789 100644 --- a/ceph-mon/templates/job-storage-admin-keys.yaml +++ b/ceph-mon/templates/job-storage-admin-keys.yaml @@ -117,9 +117,9 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml index 9702750886..5f1f221a60 100644 --- a/ceph-osd/templates/daemonset-osd.yaml +++ b/ceph-osd/templates/daemonset-osd.yaml @@ -436,11 +436,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-bootstrap-osd-keyring secret: secretName: {{ .Values.secrets.keyrings.osd }} diff --git a/ceph-osd/templates/job-bootstrap.yaml b/ceph-osd/templates/job-bootstrap.yaml index b1260a50ac..46592fbee5 100644 --- a/ceph-osd/templates/job-bootstrap.yaml +++ b/ceph-osd/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/job-post-apply.yaml b/ceph-osd/templates/job-post-apply.yaml index 97ff72e024..ad85d47a59 100644 --- a/ceph-osd/templates/job-post-apply.yaml +++ b/ceph-osd/templates/job-post-apply.yaml @@ -126,11 +126,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/pod-helm-tests.yaml b/ceph-osd/templates/pod-helm-tests.yaml index 01580ab7e9..9ee685bcb8 100644 --- a/ceph-osd/templates/pod-helm-tests.yaml +++ b/ceph-osd/templates/pod-helm-tests.yaml @@ -72,12 +72,12 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml index 77107ebf75..e96387a640 100644 --- a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml @@ -197,5 +197,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml index a22c65e059..4e2b34fb12 100644 --- a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml @@ -187,5 +187,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-bootstrap.yaml b/ceph-provisioners/templates/job-bootstrap.yaml index d1fb89c263..dbcf1e5b0b 100644 --- a/ceph-provisioners/templates/job-bootstrap.yaml +++ b/ceph-provisioners/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.storageclass.rbd.ceph_configmap_name }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-provisioners/templates/job-cephfs-client-key.yaml b/ceph-provisioners/templates/job-cephfs-client-key.yaml index 031ec8087f..36ca2a5051 100644 --- a/ceph-provisioners/templates/job-cephfs-client-key.yaml +++ b/ceph-provisioners/templates/job-cephfs-client-key.yaml @@ -132,5 +132,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml index d73f584d9b..478530e624 100644 --- a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml @@ -97,5 +97,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key.yaml b/ceph-provisioners/templates/job-namespace-client-key.yaml index 9e3fcad747..f187630e34 100644 --- a/ceph-provisioners/templates/job-namespace-client-key.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key.yaml @@ -128,5 +128,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/pod-helm-tests.yaml b/ceph-provisioners/templates/pod-helm-tests.yaml index 1bab2be3e5..72e85ffffc 100644 --- a/ceph-provisioners/templates/pod-helm-tests.yaml +++ b/ceph-provisioners/templates/pod-helm-tests.yaml @@ -107,7 +107,7 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: pod-tmp emptyDir: {} {{- end }} diff --git a/ceph-rgw/templates/deployment-rgw.yaml b/ceph-rgw/templates/deployment-rgw.yaml index fb82e8a610..5fc76eed39 100644 --- a/ceph-rgw/templates/deployment-rgw.yaml +++ b/ceph-rgw/templates/deployment-rgw.yaml @@ -181,11 +181,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-bootstrap-rgw-keyring diff --git a/ceph-rgw/templates/job-bootstrap.yaml b/ceph-rgw/templates/job-bootstrap.yaml index f494349994..073188dcf8 100644 --- a/ceph-rgw/templates/job-bootstrap.yaml +++ b/ceph-rgw/templates/job-bootstrap.yaml @@ -118,11 +118,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-rgw-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-rgw-storage-init.yaml b/ceph-rgw/templates/job-rgw-storage-init.yaml index 24ffced7fd..6a66c62ea4 100644 --- a/ceph-rgw/templates/job-rgw-storage-init.yaml +++ b/ceph-rgw/templates/job-rgw-storage-init.yaml @@ -126,15 +126,15 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-templates configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-templates" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml index 5b9f324532..e8e8db2a67 100644 --- a/ceph-rgw/templates/job-s3-admin.yaml +++ b/ceph-rgw/templates/job-s3-admin.yaml @@ -137,11 +137,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index b073558141..a973694b85 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -104,12 +104,12 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/daemonjob-controller/templates/deployment.yaml b/daemonjob-controller/templates/deployment.yaml index f545e99b7c..33eaf10018 100644 --- a/daemonjob-controller/templates/deployment.yaml +++ b/daemonjob-controller/templates/deployment.yaml @@ -58,5 +58,5 @@ spec: - name: hooks configMap: name: daemonjob-controller-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml index d0fbf16c87..e962726c0e 100644 --- a/elastic-apm-server/templates/deployment.yaml +++ b/elastic-apm-server/templates/deployment.yaml @@ -122,7 +122,7 @@ spec: - name: elastic-apm-server-etc configMap: name: elastic-apm-server-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/elastic-apm-server diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml index 1b0bcf51f3..669b57946e 100644 --- a/elastic-filebeat/templates/daemonset.yaml +++ b/elastic-filebeat/templates/daemonset.yaml @@ -157,7 +157,7 @@ spec: - name: filebeat-etc configMap: name: filebeat-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/filebeat diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml index 8460c08462..e40e0c0961 100644 --- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml +++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml @@ -168,7 +168,7 @@ spec: path: /var/run/docker.sock - name: metricbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: metricbeat-etc - name: data emptyDir: {} diff --git a/elastic-metricbeat/templates/deployment-modules.yaml b/elastic-metricbeat/templates/deployment-modules.yaml index 5dc0e42a0e..ce4a961d1e 100644 --- a/elastic-metricbeat/templates/deployment-modules.yaml +++ b/elastic-metricbeat/templates/deployment-modules.yaml @@ -154,5 +154,5 @@ spec: - name: metricbeat-etc configMap: name: metricbeat-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml index b89bee5864..486cc7fe0e 100644 --- a/elastic-packetbeat/templates/daemonset.yaml +++ b/elastic-packetbeat/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: emptyDir: {} - name: packetbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: packetbeat-etc {{ if $mounts_packetbeat.volumes }}{{ toYaml $mounts_packetbeat.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index e845aa83f6..91c7b50296 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -86,9 +86,9 @@ spec: - name: elastic-curator-bin configMap: name: elastic-curator-bin - defaultMode: 365 + defaultMode: 0555 - name: elastic-curator-etc secret: secretName: elastic-curator-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elasticsearch/templates/cron-job-verify-repositories.yaml b/elasticsearch/templates/cron-job-verify-repositories.yaml index bbe59c93d4..b9c6b941d7 100644 --- a/elasticsearch/templates/cron-job-verify-repositories.yaml +++ b/elasticsearch/templates/cron-job-verify-repositories.yaml @@ -83,5 +83,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 290e78e6f5..0d166a1e25 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -210,11 +210,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/deployment-gateway.yaml b/elasticsearch/templates/deployment-gateway.yaml index 7df13b6d8d..3bbac928bc 100644 --- a/elasticsearch/templates/deployment-gateway.yaml +++ b/elasticsearch/templates/deployment-gateway.yaml @@ -160,11 +160,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/job-elasticsearch-template.yaml b/elasticsearch/templates/job-elasticsearch-template.yaml index e2e35fbe5a..a93ee1c793 100644 --- a/elasticsearch/templates/job-elasticsearch-template.yaml +++ b/elasticsearch/templates/job-elasticsearch-template.yaml @@ -85,10 +85,10 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-templates-etc secret: secretName: elasticsearch-templates-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch_templates.volumes }}{{ toYaml $mounts_elasticsearch_templates.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml index dbb4da6784..27b94f92b7 100644 --- a/elasticsearch/templates/job-es-cluster-wait.yaml +++ b/elasticsearch/templates/job-es-cluster-wait.yaml @@ -76,5 +76,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index 18a9a303f2..2b811ca148 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -91,5 +91,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml index 6ded8973a0..d2e8e62f5b 100644 --- a/elasticsearch/templates/pod-helm-tests.yaml +++ b/elasticsearch/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 20299041b6..ac5f769c06 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -175,11 +175,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.data.enabled }} - name: storage diff --git a/elasticsearch/templates/statefulset-master.yaml b/elasticsearch/templates/statefulset-master.yaml index 6d5201db12..34a208cdd7 100644 --- a/elasticsearch/templates/statefulset-master.yaml +++ b/elasticsearch/templates/statefulset-master.yaml @@ -168,11 +168,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.master.enabled }} - name: storage diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml index c0c3715b1f..bfb39b81eb 100644 --- a/etcd/templates/deployment.yaml +++ b/etcd/templates/deployment.yaml @@ -70,5 +70,5 @@ spec: - name: etcd-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml index ff44f28a23..dbb0df31c7 100644 --- a/falco/templates/daemonset.yaml +++ b/falco/templates/daemonset.yaml @@ -119,7 +119,7 @@ spec: - name: falco-bin configMap: name: falco-bin - defaultMode: 365 + defaultMode: 0555 - name: dshm emptyDir: medium: Memory diff --git a/fluentbit/templates/daemonset-fluent-bit.yaml b/fluentbit/templates/daemonset-fluent-bit.yaml index 22cc292718..755f7abcad 100644 --- a/fluentbit/templates/daemonset-fluent-bit.yaml +++ b/fluentbit/templates/daemonset-fluent-bit.yaml @@ -145,10 +145,10 @@ spec: - name: fluentbit-bin configMap: name: fluentbit-bin - defaultMode: 365 + defaultMode: 0555 - name: fluentbit-etc secret: secretName: fluentbit-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_fluentbit.volumes }}{{ toYaml $mounts_fluentbit.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/fluentd/templates/deployment-fluentd.yaml b/fluentd/templates/deployment-fluentd.yaml index 827b7a4cc8..b626b8feb5 100644 --- a/fluentd/templates/deployment-fluentd.yaml +++ b/fluentd/templates/deployment-fluentd.yaml @@ -226,15 +226,15 @@ spec: - name: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} - name: fluentd-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "fluentd-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: fluentd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "fluentd-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_fluentd.volumes }}{{ toYaml $mounts_fluentd.volumes | indent 8 }}{{- end }} {{- end }} diff --git a/gnocchi/templates/cron-job-resources-cleaner.yaml b/gnocchi/templates/cron-job-resources-cleaner.yaml index b727058858..115fc4ff02 100644 --- a/gnocchi/templates/cron-job-resources-cleaner.yaml +++ b/gnocchi/templates/cron-job-resources-cleaner.yaml @@ -94,10 +94,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml index df3e957332..40daa26a48 100644 --- a/gnocchi/templates/daemonset-metricd.yaml +++ b/gnocchi/templates/daemonset-metricd.yaml @@ -105,11 +105,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml index c1deaedea6..68f8f080ee 100644 --- a/gnocchi/templates/daemonset-statsd.yaml +++ b/gnocchi/templates/daemonset-statsd.yaml @@ -111,11 +111,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml index 6171ae9ec1..b41f0743f9 100644 --- a/gnocchi/templates/deployment-api.yaml +++ b/gnocchi/templates/deployment-api.yaml @@ -130,11 +130,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-clean.yaml b/gnocchi/templates/job-clean.yaml index 169bf75434..11fa3ea0d4 100644 --- a/gnocchi/templates/job-clean.yaml +++ b/gnocchi/templates/job-clean.yaml @@ -89,5 +89,5 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml index 48c38340e4..cde2c0bf49 100644 --- a/gnocchi/templates/job-db-init-indexer.yaml +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -70,11 +70,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml index 3262cb06b2..a30356c88b 100644 --- a/gnocchi/templates/job-db-sync.yaml +++ b/gnocchi/templates/job-db-sync.yaml @@ -82,11 +82,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index 08598cdda7..9e2aea42ee 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -123,13 +123,13 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.ceph_client.user_secret_name }} diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml index 66b34cb645..9ceda0143c 100644 --- a/gnocchi/templates/pod-gnocchi-test.yaml +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -74,10 +74,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_tests.volumes }}{{ toYaml $mounts_gnocchi_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 81d3b085e6..6153533503 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -133,15 +133,15 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 - name: grafana-dashboards configMap: name: grafana-dashboards - defaultMode: 365 + defaultMode: 0555 - name: data emptyDir: {} {{ if $mounts_grafana.volumes }}{{ toYaml $mounts_grafana.volumes | indent 8 }}{{ end }} diff --git a/grafana/templates/job-add-home-dashboard.yaml b/grafana/templates/job-add-home-dashboard.yaml index fe122c2d08..ac191b3843 100644 --- a/grafana/templates/job-add-home-dashboard.yaml +++ b/grafana/templates/job-add-home-dashboard.yaml @@ -74,5 +74,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} \ No newline at end of file diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index b8243e8be9..9e9785f2ff 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index 81db093711..b5ba6e65f5 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index bf2a465c0e..5b0c9be00a 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -67,5 +67,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-set-admin-user.yaml b/grafana/templates/job-set-admin-user.yaml index cb9fa8ea07..bc08c33d4a 100644 --- a/grafana/templates/job-set-admin-user.yaml +++ b/grafana/templates/job-set-admin-user.yaml @@ -77,9 +77,9 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml index 047d4119dd..b5e0a9e4b8 100644 --- a/grafana/templates/pod-helm-tests.yaml +++ b/grafana/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 318f5b57ef..ea27729551 100644 --- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -103,11 +103,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 9987793788..1b639f03c3 100644 --- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -118,11 +118,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToDrop := $dbsToDrop }} @@ -134,7 +134,7 @@ spec: - name: db-drop-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 2121408dec..73ac04d269 100644 --- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -117,11 +117,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToInit := $dbsToInit }} @@ -133,7 +133,7 @@ spec: - name: db-init-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl index 133c737bb7..0e4e3ad83f 100644 --- a/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -97,18 +97,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} - name: db-sync-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if $podVols }} {{ $podVols | toYaml | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 8ab1e051a7..a497af11f6 100644 --- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl index 49bdcd3c81..daac49c175 100644 --- a/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -88,11 +88,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index a8005c3e21..875247ecad 100644 --- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index bef1f18bfb..ef56655ffa 100644 --- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -86,10 +86,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 9eb6e45744..047a8c819e 100644 --- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -103,18 +103,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 97160dca2b..a86d4ee6af 100644 --- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -118,22 +118,22 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: ceph-keyring-sh configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl index cf514dd788..7d4b07820f 100644 --- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl @@ -84,11 +84,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: docker-socket hostPath: diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index bc31072ac8..6fa223eb21 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -358,7 +358,7 @@ spec: - name: ingress-bin configMap: name: ingress-bin - defaultMode: 365 + defaultMode: 0555 {{- if and .Values.network.host_namespace .Values.network.vip.manage }} - name: host-rootfs hostPath: diff --git a/kafka/templates/job-generate-acl.yaml b/kafka/templates/job-generate-acl.yaml index c655394f15..6a3088bc90 100644 --- a/kafka/templates/job-generate-acl.yaml +++ b/kafka/templates/job-generate-acl.yaml @@ -64,9 +64,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/pod-helm-test.yaml b/kafka/templates/pod-helm-test.yaml index 8b5cf4083b..0a84066d62 100644 --- a/kafka/templates/pod-helm-test.yaml +++ b/kafka/templates/pod-helm-test.yaml @@ -66,9 +66,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/statefulset.yaml b/kafka/templates/statefulset.yaml index a4db6f1579..0b3390b35d 100644 --- a/kafka/templates/statefulset.yaml +++ b/kafka/templates/statefulset.yaml @@ -168,11 +168,11 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_kafka.volumes }}{{ toYaml $mounts_kafka.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index e130df73b4..71c92855ab 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -167,9 +167,9 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 365 + defaultMode: 0555 - name: kibana-etc secret: secretName: kibana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kibana/templates/job-flush-kibana-metadata.yaml b/kibana/templates/job-flush-kibana-metadata.yaml index 2033b52ae3..741234bf3d 100644 --- a/kibana/templates/job-flush-kibana-metadata.yaml +++ b/kibana/templates/job-flush-kibana-metadata.yaml @@ -96,5 +96,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml index f11fb587bd..ba13c4378a 100644 --- a/kibana/templates/job-register-kibana-indexes.yaml +++ b/kibana/templates/job-register-kibana-indexes.yaml @@ -80,5 +80,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/deployment.yaml b/kubernetes-keystone-webhook/templates/deployment.yaml index 24054a6919..831abf55ed 100644 --- a/kubernetes-keystone-webhook/templates/deployment.yaml +++ b/kubernetes-keystone-webhook/templates/deployment.yaml @@ -83,13 +83,13 @@ spec: - name: key-kubernetes-keystone-webhook secret: secretName: {{ $envAll.Values.secrets.certificates.api }} - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-etc configMap: name: kubernetes-keystone-webhook-etc - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/pod-test.yaml b/kubernetes-keystone-webhook/templates/pod-test.yaml index e3ebd7a9b9..98f685555d 100644 --- a/kubernetes-keystone-webhook/templates/pod-test.yaml +++ b/kubernetes-keystone-webhook/templates/pod-test.yaml @@ -60,6 +60,6 @@ spec: - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_kubernetes_keystone_webhook_tests.volumes }}{{ toYaml $mounts_kubernetes_keystone_webhook_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index b43e8b73fe..da8f01a859 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -207,11 +207,11 @@ spec: - name: libvirt-bin configMap: name: libvirt-bin - defaultMode: 365 + defaultMode: 0555 - name: libvirt-etc secret: secretName: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 {{- if .Values.conf.ceph.enabled }} - name: etcceph hostPath: @@ -219,7 +219,7 @@ spec: - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 {{- if empty .Values.conf.ceph.cinder.keyring }} - name: ceph-keyring secret: diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml index 214186c507..72bea94af0 100644 --- a/mariadb/templates/deployment-ingress.yaml +++ b/mariadb/templates/deployment-ingress.yaml @@ -205,9 +205,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-ingress-etc configMap: name: mariadb-ingress-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml index e140b603c7..687caa0285 100644 --- a/mariadb/templates/pod-test.yaml +++ b/mariadb/templates/pod-test.yaml @@ -67,9 +67,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml index 5d55958265..70255b597c 100644 --- a/mariadb/templates/statefulset.yaml +++ b/mariadb/templates/statefulset.yaml @@ -239,15 +239,15 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-etc configMap: name: mariadb-etc - defaultMode: 292 + defaultMode: 0444 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.volume.enabled }} - name: mysql-data {{- if .Values.volume.use_local_path_for_single_pod_cluster.enabled }} diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 5222b57ad0..1b4e202775 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -86,6 +86,6 @@ spec: - name: memcached-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{ dict "envAll" $envAll "component" "memcached" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }} {{- end }} diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml index d91e252e86..e5e0b48df2 100644 --- a/mongodb/templates/statefulset.yaml +++ b/mongodb/templates/statefulset.yaml @@ -118,7 +118,7 @@ spec: - name: mongodb-bin configMap: name: mongodb-bin - defaultMode: 365 + defaultMode: 0555 {{- if not .Values.volume.enabled }} - name: mongodb-data hostPath: diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml index 79fd85932b..ca0342c981 100644 --- a/nagios/templates/deployment.yaml +++ b/nagios/templates/deployment.yaml @@ -241,9 +241,9 @@ spec: - name: nagios-etc secret: secretName: nagios-etc - defaultMode: 292 + defaultMode: 0444 - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/nagios/templates/pod-helm-tests.yaml b/nagios/templates/pod-helm-tests.yaml index cd1bada87e..e22784d8ce 100644 --- a/nagios/templates/pod-helm-tests.yaml +++ b/nagios/templates/pod-helm-tests.yaml @@ -75,5 +75,5 @@ spec: - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index c56df377be..8e8af6365a 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -108,7 +108,7 @@ spec: - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run/openvswitch diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index dfe83ec593..2f60a0db40 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -153,7 +153,7 @@ It should be handled through lcore and pmd core masks. */}} - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run diff --git a/postgresql/templates/pod-test.yaml b/postgresql/templates/pod-test.yaml index 3c8bd8bf7e..45ed8d436a 100644 --- a/postgresql/templates/pod-test.yaml +++ b/postgresql/templates/pod-test.yaml @@ -72,6 +72,6 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 ... {{- end }} diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 101ed14ee5..7c049d82df 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -416,7 +416,7 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 - name: client-certs-temp emptyDir: {} - name: server-certs-temp @@ -428,15 +428,15 @@ spec: - name: replication-pki secret: secretName: {{ .Values.secrets.postgresql.replica }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-pki secret: secretName: {{ .Values.secrets.postgresql.server }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-etc secret: secretName: postgresql-etc - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.storage.pvc.enabled }} - name: postgresql-data hostPath: diff --git a/powerdns/templates/deployment.yaml b/powerdns/templates/deployment.yaml index 2cf84dfcb8..319395156b 100644 --- a/powerdns/templates/deployment.yaml +++ b/powerdns/templates/deployment.yaml @@ -73,5 +73,5 @@ spec: - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/powerdns/templates/job-db-sync.yaml b/powerdns/templates/job-db-sync.yaml index 73454c8371..9509979af1 100644 --- a/powerdns/templates/job-db-sync.yaml +++ b/powerdns/templates/job-db-sync.yaml @@ -54,9 +54,9 @@ spec: - name: powerdns-bin configMap: name: powerdns-bin - defaultMode: 365 + defaultMode: 0555 - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index c5bb3dad86..b1f3cb70f9 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -130,7 +130,7 @@ spec: - name: alertmanager-bin configMap: name: alertmanager-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_alertmanager.volumes }}{{ toYaml $mounts_alertmanager.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: alertmanager-data diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index e8c03e4118..b4101a3c54 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -143,5 +143,5 @@ spec: - name: kube-state-metrics-bin configMap: name: kube-state-metrics-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index 59515f330b..e37cf892ce 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -119,6 +119,6 @@ spec: - name: node-exporter-bin configMap: name: node-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_node_exporter.volumes }}{{ toYaml $mounts_node_exporter.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 8453463664..05e5db9d99 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -99,5 +99,5 @@ spec: - name: prometheus-openstack-exporter-bin configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index 10218dbd35..bb08406ad1 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -66,5 +66,5 @@ spec: - name: ks-user-sh configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/pod-helm-tests.yaml b/prometheus/templates/pod-helm-tests.yaml index 7b9b425b93..3dfbfb796f 100644 --- a/prometheus/templates/pod-helm-tests.yaml +++ b/prometheus/templates/pod-helm-tests.yaml @@ -67,5 +67,5 @@ spec: - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index 35c3a8134c..becdaa9d1b 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -205,11 +205,11 @@ spec: - name: prometheus-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "prometheus-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_prometheus.volumes }}{{ toYaml $mounts_prometheus.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: storage diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml index 2b50f1b2d2..9f5b25fbe0 100644 --- a/rabbitmq/templates/job-cluster-wait.yaml +++ b/rabbitmq/templates/job-cluster-wait.yaml @@ -90,9 +90,9 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml index f68a10bb73..bcddfd3ea0 100644 --- a/rabbitmq/templates/pod-test.yaml +++ b/rabbitmq/templates/pod-test.yaml @@ -66,5 +66,5 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml index 9c53c80151..11af505d63 100644 --- a/rabbitmq/templates/statefulset.yaml +++ b/rabbitmq/templates/statefulset.yaml @@ -253,15 +253,15 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if not $envAll.Values.volume.enabled }} - name: rabbitmq-data {{- if .Values.volume.use_local_path.enabled }} diff --git a/redis/templates/pod_test.yaml b/redis/templates/pod_test.yaml index 010d0a9c19..e7152580c4 100644 --- a/redis/templates/pod_test.yaml +++ b/redis/templates/pod_test.yaml @@ -60,9 +60,9 @@ spec: - name: redis-test configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 - name: redis-python configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index b82d362f5c..d61e6ddfd4 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -71,9 +71,9 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 845aed6c8b..40d4d2e65c 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -78,11 +78,11 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 - name: docker-images persistentVolumeClaim: claimName: docker-images diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 2d9e8a233c..760fa9af11 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -63,7 +63,7 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: docker-socket hostPath: path: /var/run/docker.sock diff --git a/yamllint-templates.conf b/yamllint-templates.conf index 02836e9704..ba9fcdf012 100644 --- a/yamllint-templates.conf +++ b/yamllint-templates.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: disable new-lines: disable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: disable truthy: disable diff --git a/yamllint.conf b/yamllint.conf index fb359aef5d..382224b5ad 100644 --- a/yamllint.conf +++ b/yamllint.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: enable new-lines: enable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: enable truthy: disable diff --git a/zookeeper/templates/statefulset.yaml b/zookeeper/templates/statefulset.yaml index 59713431c0..21a00cb968 100644 --- a/zookeeper/templates/statefulset.yaml +++ b/zookeeper/templates/statefulset.yaml @@ -206,11 +206,11 @@ spec: - name: zookeeper-etc secret: secretName: zookeeper-etc - defaultMode: 292 + defaultMode: 0444 - name: zookeeper-bin configMap: name: zookeeper-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 3aa00d31fa..beba37d8fe 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -17,6 +17,9 @@ name: openstack-helm-lint run: playbooks/lint.yml nodeset: ubuntu-bionic + # NOTE(aostapenko) Required if job is run against another project + required-projects: + - openstack/openstack-helm-infra irrelevant-files: - ^.*\.rst$ - ^doc/.*$