diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 5476ace2a..cb0deba52 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -285,15 +285,15 @@ spec: - name: calico-etc configMap: name: calico-etc - defaultMode: 292 + defaultMode: 0444 - name: calico-bird configMap: name: calico-bird - defaultMode: 292 + defaultMode: 0444 - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index e16b57382..1c5937d8e 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -172,5 +172,5 @@ spec: - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets - defaultMode: 256 + defaultMode: 0400 {{- end }} diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index e9dc2e2fd..1154241ca 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -100,7 +100,7 @@ spec: - name: calico-bin configMap: name: calico-bin - defaultMode: 365 + defaultMode: 0555 - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/ceph-client/templates/cronjob-checkPGs.yaml b/ceph-client/templates/cronjob-checkPGs.yaml index 4d54a4bb2..dca1488df 100644 --- a/ceph-client/templates/cronjob-checkPGs.yaml +++ b/ceph-client/templates/cronjob-checkPGs.yaml @@ -129,11 +129,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: defaultMode: 420 diff --git a/ceph-client/templates/cronjob-defragosds.yaml b/ceph-client/templates/cronjob-defragosds.yaml index 94d20fe6b..f536dc805 100644 --- a/ceph-client/templates/cronjob-defragosds.yaml +++ b/ceph-client/templates/cronjob-defragosds.yaml @@ -106,5 +106,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-checkdns.yaml b/ceph-client/templates/deployment-checkdns.yaml index 2eec1cc7e..25b056cea 100644 --- a/ceph-client/templates/deployment-checkdns.yaml +++ b/ceph-client/templates/deployment-checkdns.yaml @@ -115,5 +115,5 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-client/templates/deployment-mds.yaml b/ceph-client/templates/deployment-mds.yaml index a685410ad..84838b55a 100644 --- a/ceph-client/templates/deployment-mds.yaml +++ b/ceph-client/templates/deployment-mds.yaml @@ -147,11 +147,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/deployment-mgr.yaml b/ceph-client/templates/deployment-mgr.yaml index a951c4cec..13fbfe0c5 100644 --- a/ceph-client/templates/deployment-mgr.yaml +++ b/ceph-client/templates/deployment-mgr.yaml @@ -184,11 +184,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml index f2d3043c1..86191d9f5 100644 --- a/ceph-client/templates/job-bootstrap.yaml +++ b/ceph-client/templates/job-bootstrap.yaml @@ -70,11 +70,11 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-client/templates/job-rbd-pool.yaml b/ceph-client/templates/job-rbd-pool.yaml index 0b57913a5..351ef761d 100644 --- a/ceph-client/templates/job-rbd-pool.yaml +++ b/ceph-client/templates/job-rbd-pool.yaml @@ -89,11 +89,11 @@ spec: - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: pod-run diff --git a/ceph-client/templates/pod-helm-tests.yaml b/ceph-client/templates/pod-helm-tests.yaml index 5c3c55ce0..ffad06fd3 100644 --- a/ceph-client/templates/pod-helm-tests.yaml +++ b/ceph-client/templates/pod-helm-tests.yaml @@ -81,12 +81,12 @@ spec: - name: ceph-client-bin configMap: name: ceph-client-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-client-etc configMap: name: ceph-client-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-mon/templates/daemonset-mon.yaml b/ceph-mon/templates/daemonset-mon.yaml index 0ac03894e..d1048db3d 100644 --- a/ceph-mon/templates/daemonset-mon.yaml +++ b/ceph-mon/templates/daemonset-mon.yaml @@ -243,11 +243,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph hostPath: path: {{ .Values.conf.storage.mon.directory }} diff --git a/ceph-mon/templates/deployment-moncheck.yaml b/ceph-mon/templates/deployment-moncheck.yaml index 4cc81b3be..73d0c5fff 100644 --- a/ceph-mon/templates/deployment-moncheck.yaml +++ b/ceph-mon/templates/deployment-moncheck.yaml @@ -114,11 +114,11 @@ spec: - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-client-admin-keyring diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml index 408f484b2..15a90569e 100644 --- a/ceph-mon/templates/job-bootstrap.yaml +++ b/ceph-mon/templates/job-bootstrap.yaml @@ -72,11 +72,11 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-mon-etc configMap: name: ceph-mon-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-mon/templates/job-keyring.yaml b/ceph-mon/templates/job-keyring.yaml index 1c5662137..e27ff5300 100644 --- a/ceph-mon/templates/job-keyring.yaml +++ b/ceph-mon/templates/job-keyring.yaml @@ -120,10 +120,10 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} {{- end }} diff --git a/ceph-mon/templates/job-storage-admin-keys.yaml b/ceph-mon/templates/job-storage-admin-keys.yaml index 33144c54a..77fdcd378 100644 --- a/ceph-mon/templates/job-storage-admin-keys.yaml +++ b/ceph-mon/templates/job-storage-admin-keys.yaml @@ -117,9 +117,9 @@ spec: - name: ceph-mon-bin configMap: name: ceph-mon-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-templates configMap: name: ceph-templates - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml index 970275088..5f1f221a6 100644 --- a/ceph-osd/templates/daemonset-osd.yaml +++ b/ceph-osd/templates/daemonset-osd.yaml @@ -436,11 +436,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-bootstrap-osd-keyring secret: secretName: {{ .Values.secrets.keyrings.osd }} diff --git a/ceph-osd/templates/job-bootstrap.yaml b/ceph-osd/templates/job-bootstrap.yaml index b1260a50a..46592fbee 100644 --- a/ceph-osd/templates/job-bootstrap.yaml +++ b/ceph-osd/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/job-post-apply.yaml b/ceph-osd/templates/job-post-apply.yaml index 97ff72e02..ad85d47a5 100644 --- a/ceph-osd/templates/job-post-apply.yaml +++ b/ceph-osd/templates/job-post-apply.yaml @@ -126,11 +126,11 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-osd-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-osd/templates/pod-helm-tests.yaml b/ceph-osd/templates/pod-helm-tests.yaml index 01580ab7e..9ee685bcb 100644 --- a/ceph-osd/templates/pod-helm-tests.yaml +++ b/ceph-osd/templates/pod-helm-tests.yaml @@ -72,12 +72,12 @@ spec: - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} - name: ceph-osd-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "etc" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml index 77107ebf7..e96387a64 100644 --- a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml @@ -197,5 +197,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml index a22c65e05..4e2b34fb1 100644 --- a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml @@ -187,5 +187,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-bootstrap.yaml b/ceph-provisioners/templates/job-bootstrap.yaml index d1fb89c26..dbcf1e5b0 100644 --- a/ceph-provisioners/templates/job-bootstrap.yaml +++ b/ceph-provisioners/templates/job-bootstrap.yaml @@ -69,11 +69,11 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.storageclass.rbd.ceph_configmap_name }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-client-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin }} diff --git a/ceph-provisioners/templates/job-cephfs-client-key.yaml b/ceph-provisioners/templates/job-cephfs-client-key.yaml index 031ec8087..36ca2a505 100644 --- a/ceph-provisioners/templates/job-cephfs-client-key.yaml +++ b/ceph-provisioners/templates/job-cephfs-client-key.yaml @@ -132,5 +132,5 @@ spec: - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml index d73f584d9..478530e62 100644 --- a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml @@ -97,5 +97,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/job-namespace-client-key.yaml b/ceph-provisioners/templates/job-namespace-client-key.yaml index 9e3fcad74..f187630e3 100644 --- a/ceph-provisioners/templates/job-namespace-client-key.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key.yaml @@ -128,5 +128,5 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/ceph-provisioners/templates/pod-helm-tests.yaml b/ceph-provisioners/templates/pod-helm-tests.yaml index 1bab2be3e..72e85ffff 100644 --- a/ceph-provisioners/templates/pod-helm-tests.yaml +++ b/ceph-provisioners/templates/pod-helm-tests.yaml @@ -107,7 +107,7 @@ spec: - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: pod-tmp emptyDir: {} {{- end }} diff --git a/ceph-rgw/templates/deployment-rgw.yaml b/ceph-rgw/templates/deployment-rgw.yaml index fb82e8a61..5fc76eed3 100644 --- a/ceph-rgw/templates/deployment-rgw.yaml +++ b/ceph-rgw/templates/deployment-rgw.yaml @@ -181,11 +181,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-var-lib-ceph emptyDir: {} - name: ceph-bootstrap-rgw-keyring diff --git a/ceph-rgw/templates/job-bootstrap.yaml b/ceph-rgw/templates/job-bootstrap.yaml index f49434999..073188dcf 100644 --- a/ceph-rgw/templates/job-bootstrap.yaml +++ b/ceph-rgw/templates/job-bootstrap.yaml @@ -118,11 +118,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-rgw-admin-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-rgw-storage-init.yaml b/ceph-rgw/templates/job-rgw-storage-init.yaml index 24ffced7f..6a66c62ea 100644 --- a/ceph-rgw/templates/job-rgw-storage-init.yaml +++ b/ceph-rgw/templates/job-rgw-storage-init.yaml @@ -126,15 +126,15 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-templates configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-templates" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml index 5b9f32453..e8e8db2a6 100644 --- a/ceph-rgw/templates/job-s3-admin.yaml +++ b/ceph-rgw/templates/job-s3-admin.yaml @@ -137,11 +137,11 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index b07355814..a973694b8 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -104,12 +104,12 @@ spec: - name: ceph-rgw-bin configMap: name: ceph-rgw-bin - defaultMode: 365 + defaultMode: 0555 - name: ceph-keyring secret: secretName: {{ .Values.secrets.keyrings.admin | quote }} - name: ceph-rgw-etc configMap: name: ceph-rgw-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/daemonjob-controller/templates/deployment.yaml b/daemonjob-controller/templates/deployment.yaml index f545e99b7..33eaf1001 100644 --- a/daemonjob-controller/templates/deployment.yaml +++ b/daemonjob-controller/templates/deployment.yaml @@ -58,5 +58,5 @@ spec: - name: hooks configMap: name: daemonjob-controller-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml index d0fbf16c8..e962726c0 100644 --- a/elastic-apm-server/templates/deployment.yaml +++ b/elastic-apm-server/templates/deployment.yaml @@ -122,7 +122,7 @@ spec: - name: elastic-apm-server-etc configMap: name: elastic-apm-server-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/elastic-apm-server diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml index 1b0bcf51f..669b57946 100644 --- a/elastic-filebeat/templates/daemonset.yaml +++ b/elastic-filebeat/templates/daemonset.yaml @@ -157,7 +157,7 @@ spec: - name: filebeat-etc configMap: name: filebeat-etc - defaultMode: 292 + defaultMode: 0444 - name: data hostPath: path: /var/lib/filebeat diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml index 8460c0846..e40e0c096 100644 --- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml +++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml @@ -168,7 +168,7 @@ spec: path: /var/run/docker.sock - name: metricbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: metricbeat-etc - name: data emptyDir: {} diff --git a/elastic-metricbeat/templates/deployment-modules.yaml b/elastic-metricbeat/templates/deployment-modules.yaml index 5dc0e42a0..ce4a961d1 100644 --- a/elastic-metricbeat/templates/deployment-modules.yaml +++ b/elastic-metricbeat/templates/deployment-modules.yaml @@ -154,5 +154,5 @@ spec: - name: metricbeat-etc configMap: name: metricbeat-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml index b89bee586..486cc7fe0 100644 --- a/elastic-packetbeat/templates/daemonset.yaml +++ b/elastic-packetbeat/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: emptyDir: {} - name: packetbeat-etc configMap: - defaultMode: 292 + defaultMode: 0444 name: packetbeat-etc {{ if $mounts_packetbeat.volumes }}{{ toYaml $mounts_packetbeat.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index e845aa83f..91c7b5029 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -86,9 +86,9 @@ spec: - name: elastic-curator-bin configMap: name: elastic-curator-bin - defaultMode: 365 + defaultMode: 0555 - name: elastic-curator-etc secret: secretName: elastic-curator-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/elasticsearch/templates/cron-job-verify-repositories.yaml b/elasticsearch/templates/cron-job-verify-repositories.yaml index bbe59c93d..b9c6b941d 100644 --- a/elasticsearch/templates/cron-job-verify-repositories.yaml +++ b/elasticsearch/templates/cron-job-verify-repositories.yaml @@ -83,5 +83,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 290e78e6f..0d166a1e2 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -210,11 +210,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/deployment-gateway.yaml b/elasticsearch/templates/deployment-gateway.yaml index 7df13b6d8..3bbac928b 100644 --- a/elasticsearch/templates/deployment-gateway.yaml +++ b/elasticsearch/templates/deployment-gateway.yaml @@ -160,11 +160,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 - name: storage emptyDir: {} {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} diff --git a/elasticsearch/templates/job-elasticsearch-template.yaml b/elasticsearch/templates/job-elasticsearch-template.yaml index e2e35fbe5..a93ee1c79 100644 --- a/elasticsearch/templates/job-elasticsearch-template.yaml +++ b/elasticsearch/templates/job-elasticsearch-template.yaml @@ -85,10 +85,10 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-templates-etc secret: secretName: elasticsearch-templates-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch_templates.volumes }}{{ toYaml $mounts_elasticsearch_templates.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml index dbb4da678..27b94f92b 100644 --- a/elasticsearch/templates/job-es-cluster-wait.yaml +++ b/elasticsearch/templates/job-es-cluster-wait.yaml @@ -76,5 +76,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index 18a9a303f..2b811ca14 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -91,5 +91,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml index 6ded8973a..d2e8e62f5 100644 --- a/elasticsearch/templates/pod-helm-tests.yaml +++ b/elasticsearch/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 20299041b..ac5f769c0 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -175,11 +175,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.data.enabled }} - name: storage diff --git a/elasticsearch/templates/statefulset-master.yaml b/elasticsearch/templates/statefulset-master.yaml index 6d5201db1..34a208cdd 100644 --- a/elasticsearch/templates/statefulset-master.yaml +++ b/elasticsearch/templates/statefulset-master.yaml @@ -168,11 +168,11 @@ spec: - name: elasticsearch-bin configMap: name: elasticsearch-bin - defaultMode: 365 + defaultMode: 0555 - name: elasticsearch-etc secret: secretName: elasticsearch-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_elasticsearch.volumes }}{{ toYaml $mounts_elasticsearch.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.master.enabled }} - name: storage diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml index c0c3715b1..bfb39b81e 100644 --- a/etcd/templates/deployment.yaml +++ b/etcd/templates/deployment.yaml @@ -70,5 +70,5 @@ spec: - name: etcd-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml index ff44f28a2..dbb0df31c 100644 --- a/falco/templates/daemonset.yaml +++ b/falco/templates/daemonset.yaml @@ -119,7 +119,7 @@ spec: - name: falco-bin configMap: name: falco-bin - defaultMode: 365 + defaultMode: 0555 - name: dshm emptyDir: medium: Memory diff --git a/fluentbit/templates/daemonset-fluent-bit.yaml b/fluentbit/templates/daemonset-fluent-bit.yaml index 22cc29271..755f7abca 100644 --- a/fluentbit/templates/daemonset-fluent-bit.yaml +++ b/fluentbit/templates/daemonset-fluent-bit.yaml @@ -145,10 +145,10 @@ spec: - name: fluentbit-bin configMap: name: fluentbit-bin - defaultMode: 365 + defaultMode: 0555 - name: fluentbit-etc secret: secretName: fluentbit-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_fluentbit.volumes }}{{ toYaml $mounts_fluentbit.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/fluentd/templates/deployment-fluentd.yaml b/fluentd/templates/deployment-fluentd.yaml index 827b7a4cc..b626b8feb 100644 --- a/fluentd/templates/deployment-fluentd.yaml +++ b/fluentd/templates/deployment-fluentd.yaml @@ -226,15 +226,15 @@ spec: - name: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "env-secret" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} - name: fluentd-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "fluentd-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: fluentd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "fluentd-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_fluentd.volumes }}{{ toYaml $mounts_fluentd.volumes | indent 8 }}{{- end }} {{- end }} diff --git a/gnocchi/templates/cron-job-resources-cleaner.yaml b/gnocchi/templates/cron-job-resources-cleaner.yaml index b72705885..115fc4ff0 100644 --- a/gnocchi/templates/cron-job-resources-cleaner.yaml +++ b/gnocchi/templates/cron-job-resources-cleaner.yaml @@ -94,10 +94,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml index df3e95733..40daa26a4 100644 --- a/gnocchi/templates/daemonset-metricd.yaml +++ b/gnocchi/templates/daemonset-metricd.yaml @@ -105,11 +105,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml index c1deaedea..68f8f080e 100644 --- a/gnocchi/templates/daemonset-statsd.yaml +++ b/gnocchi/templates/daemonset-statsd.yaml @@ -111,11 +111,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml index 6171ae9ec..b41f0743f 100644 --- a/gnocchi/templates/deployment-api.yaml +++ b/gnocchi/templates/deployment-api.yaml @@ -130,11 +130,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-clean.yaml b/gnocchi/templates/job-clean.yaml index 169bf7543..11fa3ea0d 100644 --- a/gnocchi/templates/job-clean.yaml +++ b/gnocchi/templates/job-clean.yaml @@ -89,5 +89,5 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml index 48c38340e..cde2c0bf4 100644 --- a/gnocchi/templates/job-db-init-indexer.yaml +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -70,11 +70,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml index 3262cb06b..a30356c88 100644 --- a/gnocchi/templates/job-db-sync.yaml +++ b/gnocchi/templates/job-db-sync.yaml @@ -82,11 +82,11 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index 08598cdda..9e2aea42e 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -123,13 +123,13 @@ spec: - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 - name: ceph-keyring secret: secretName: {{ .Values.ceph_client.user_secret_name }} diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml index 66b34cb64..9ceda0143 100644 --- a/gnocchi/templates/pod-gnocchi-test.yaml +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -74,10 +74,10 @@ spec: - name: gnocchi-etc secret: secretName: gnocchi-etc - defaultMode: 292 + defaultMode: 0444 - name: gnocchi-bin configMap: name: gnocchi-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_gnocchi_tests.volumes }}{{ toYaml $mounts_gnocchi_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 81d3b085e..615353350 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -133,15 +133,15 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 - name: grafana-dashboards configMap: name: grafana-dashboards - defaultMode: 365 + defaultMode: 0555 - name: data emptyDir: {} {{ if $mounts_grafana.volumes }}{{ toYaml $mounts_grafana.volumes | indent 8 }}{{ end }} diff --git a/grafana/templates/job-add-home-dashboard.yaml b/grafana/templates/job-add-home-dashboard.yaml index fe122c2d0..ac191b384 100644 --- a/grafana/templates/job-add-home-dashboard.yaml +++ b/grafana/templates/job-add-home-dashboard.yaml @@ -74,5 +74,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} \ No newline at end of file diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index b8243e8be..9e9785f2f 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index 81db09371..b5ba6e65f 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -72,5 +72,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index bf2a465c0..5b0c9be00 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -67,5 +67,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/grafana/templates/job-set-admin-user.yaml b/grafana/templates/job-set-admin-user.yaml index cb9fa8ea0..bc08c33d4 100644 --- a/grafana/templates/job-set-admin-user.yaml +++ b/grafana/templates/job-set-admin-user.yaml @@ -77,9 +77,9 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 - name: grafana-etc secret: secretName: grafana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml index 047d4119d..b5e0a9e4b 100644 --- a/grafana/templates/pod-helm-tests.yaml +++ b/grafana/templates/pod-helm-tests.yaml @@ -70,5 +70,5 @@ spec: - name: grafana-bin configMap: name: grafana-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 318f5b57e..ea2772955 100644 --- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -103,11 +103,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index 998779378..1b639f03c 100644 --- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -118,11 +118,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToDrop := $dbsToDrop }} @@ -134,7 +134,7 @@ spec: - name: db-drop-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index 2121408de..73ac04d26 100644 --- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -117,11 +117,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- $local := dict "configMapBinFirst" true -}} {{- range $key1, $dbToInit := $dbsToInit }} @@ -133,7 +133,7 @@ spec: - name: db-init-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl index 133c737bb..0e4e3ad83 100644 --- a/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -97,18 +97,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etc-service emptyDir: {} - name: db-sync-conf secret: secretName: {{ $configMapEtc | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if $podVols }} {{ $podVols | toYaml | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index 8ab1e051a..a497af11f 100644 --- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl index 49bdcd3c8..daac49c17 100644 --- a/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -88,11 +88,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index a8005c3e2..875247eca 100644 --- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -94,11 +94,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index bef1f18bf..ef56655ff 100644 --- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -86,10 +86,10 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} {{- end -}} diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index 9eb6e4574..047a8c819 100644 --- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -103,18 +103,18 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 97160dca2..a86d4ee6a 100644 --- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -118,22 +118,22 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: ceph-keyring-sh configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: {{ $configMapCeph | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if empty $envAll.Values.conf.ceph.admin_keyring }} - name: ceph-keyring secret: diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl index cf514dd78..7d4b07820 100644 --- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl @@ -84,11 +84,11 @@ spec: {{- if $secretBin }} secret: secretName: {{ $secretBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- else }} configMap: name: {{ $configMapBin | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} - name: docker-socket hostPath: diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index bc31072ac..6fa223eb2 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -358,7 +358,7 @@ spec: - name: ingress-bin configMap: name: ingress-bin - defaultMode: 365 + defaultMode: 0555 {{- if and .Values.network.host_namespace .Values.network.vip.manage }} - name: host-rootfs hostPath: diff --git a/kafka/templates/job-generate-acl.yaml b/kafka/templates/job-generate-acl.yaml index c655394f1..6a3088bc9 100644 --- a/kafka/templates/job-generate-acl.yaml +++ b/kafka/templates/job-generate-acl.yaml @@ -64,9 +64,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/pod-helm-test.yaml b/kafka/templates/pod-helm-test.yaml index 8b5cf4083..0a84066d6 100644 --- a/kafka/templates/pod-helm-test.yaml +++ b/kafka/templates/pod-helm-test.yaml @@ -66,9 +66,9 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kafka/templates/statefulset.yaml b/kafka/templates/statefulset.yaml index a4db6f157..0b3390b35 100644 --- a/kafka/templates/statefulset.yaml +++ b/kafka/templates/statefulset.yaml @@ -168,11 +168,11 @@ spec: - name: kafka-bin configMap: name: kafka-bin - defaultMode: 365 + defaultMode: 0555 - name: kafka-etc secret: secretName: kafka-etc - defaultMode: 292 + defaultMode: 0444 {{ if $mounts_kafka.volumes }}{{ toYaml $mounts_kafka.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index e130df73b..71c92855a 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -167,9 +167,9 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 365 + defaultMode: 0555 - name: kibana-etc secret: secretName: kibana-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/kibana/templates/job-flush-kibana-metadata.yaml b/kibana/templates/job-flush-kibana-metadata.yaml index 2033b52ae..741234bf3 100644 --- a/kibana/templates/job-flush-kibana-metadata.yaml +++ b/kibana/templates/job-flush-kibana-metadata.yaml @@ -96,5 +96,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml index f11fb587b..ba13c4378 100644 --- a/kibana/templates/job-register-kibana-indexes.yaml +++ b/kibana/templates/job-register-kibana-indexes.yaml @@ -80,5 +80,5 @@ spec: - name: kibana-bin configMap: name: kibana-bin - defaultMode: 493 + defaultMode: 0755 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/deployment.yaml b/kubernetes-keystone-webhook/templates/deployment.yaml index 24054a691..831abf55e 100644 --- a/kubernetes-keystone-webhook/templates/deployment.yaml +++ b/kubernetes-keystone-webhook/templates/deployment.yaml @@ -83,13 +83,13 @@ spec: - name: key-kubernetes-keystone-webhook secret: secretName: {{ $envAll.Values.secrets.certificates.api }} - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-etc configMap: name: kubernetes-keystone-webhook-etc - defaultMode: 292 + defaultMode: 0444 - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/kubernetes-keystone-webhook/templates/pod-test.yaml b/kubernetes-keystone-webhook/templates/pod-test.yaml index e3ebd7a9b..98f685555 100644 --- a/kubernetes-keystone-webhook/templates/pod-test.yaml +++ b/kubernetes-keystone-webhook/templates/pod-test.yaml @@ -60,6 +60,6 @@ spec: - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_kubernetes_keystone_webhook_tests.volumes }}{{ toYaml $mounts_kubernetes_keystone_webhook_tests.volumes | indent 4 }}{{ end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index b43e8b73f..da8f01a85 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -207,11 +207,11 @@ spec: - name: libvirt-bin configMap: name: libvirt-bin - defaultMode: 365 + defaultMode: 0555 - name: libvirt-etc secret: secretName: {{ $configMapName }} - defaultMode: 292 + defaultMode: 0444 {{- if .Values.conf.ceph.enabled }} - name: etcceph hostPath: @@ -219,7 +219,7 @@ spec: - name: ceph-etc configMap: name: {{ .Values.ceph_client.configmap }} - defaultMode: 292 + defaultMode: 0444 {{- if empty .Values.conf.ceph.cinder.keyring }} - name: ceph-keyring secret: diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml index 214186c50..72bea94af 100644 --- a/mariadb/templates/deployment-ingress.yaml +++ b/mariadb/templates/deployment-ingress.yaml @@ -205,9 +205,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-ingress-etc configMap: name: mariadb-ingress-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml index e140b603c..687caa028 100644 --- a/mariadb/templates/pod-test.yaml +++ b/mariadb/templates/pod-test.yaml @@ -67,9 +67,9 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml index 5d5595826..70255b597 100644 --- a/mariadb/templates/statefulset.yaml +++ b/mariadb/templates/statefulset.yaml @@ -239,15 +239,15 @@ spec: - name: mariadb-bin configMap: name: mariadb-bin - defaultMode: 365 + defaultMode: 0555 - name: mariadb-etc configMap: name: mariadb-etc - defaultMode: 292 + defaultMode: 0444 - name: mariadb-secrets secret: secretName: mariadb-secrets - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.volume.enabled }} - name: mysql-data {{- if .Values.volume.use_local_path_for_single_pod_cluster.enabled }} diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 5222b57ad..1b4e20277 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -86,6 +86,6 @@ spec: - name: memcached-bin configMap: name: {{ $configMapBinName | quote }} - defaultMode: 365 + defaultMode: 0555 {{ dict "envAll" $envAll "component" "memcached" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }} {{- end }} diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml index d91e252e8..e5e0b48df 100644 --- a/mongodb/templates/statefulset.yaml +++ b/mongodb/templates/statefulset.yaml @@ -118,7 +118,7 @@ spec: - name: mongodb-bin configMap: name: mongodb-bin - defaultMode: 365 + defaultMode: 0555 {{- if not .Values.volume.enabled }} - name: mongodb-data hostPath: diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml index 79fd85932..ca0342c98 100644 --- a/nagios/templates/deployment.yaml +++ b/nagios/templates/deployment.yaml @@ -241,9 +241,9 @@ spec: - name: nagios-etc secret: secretName: nagios-etc - defaultMode: 292 + defaultMode: 0444 - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/nagios/templates/pod-helm-tests.yaml b/nagios/templates/pod-helm-tests.yaml index cd1bada87..e22784d8c 100644 --- a/nagios/templates/pod-helm-tests.yaml +++ b/nagios/templates/pod-helm-tests.yaml @@ -75,5 +75,5 @@ spec: - name: nagios-bin configMap: name: nagios-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index c56df377b..8e8af6365 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -108,7 +108,7 @@ spec: - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run/openvswitch diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index dfe83ec59..2f60a0db4 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -153,7 +153,7 @@ It should be handled through lcore and pmd core masks. */}} - name: openvswitch-bin configMap: name: openvswitch-bin - defaultMode: 365 + defaultMode: 0555 - name: run hostPath: path: /run diff --git a/postgresql/templates/pod-test.yaml b/postgresql/templates/pod-test.yaml index 3c8bd8bf7..45ed8d436 100644 --- a/postgresql/templates/pod-test.yaml +++ b/postgresql/templates/pod-test.yaml @@ -72,6 +72,6 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 ... {{- end }} diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 101ed14ee..7c049d82d 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -416,7 +416,7 @@ spec: - name: postgresql-bin secret: secretName: postgresql-bin - defaultMode: 365 + defaultMode: 0555 - name: client-certs-temp emptyDir: {} - name: server-certs-temp @@ -428,15 +428,15 @@ spec: - name: replication-pki secret: secretName: {{ .Values.secrets.postgresql.replica }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-pki secret: secretName: {{ .Values.secrets.postgresql.server }} - defaultMode: 416 + defaultMode: 0640 - name: postgresql-etc secret: secretName: postgresql-etc - defaultMode: 292 + defaultMode: 0444 {{- if not .Values.storage.pvc.enabled }} - name: postgresql-data hostPath: diff --git a/powerdns/templates/deployment.yaml b/powerdns/templates/deployment.yaml index 2cf84dfcb..319395156 100644 --- a/powerdns/templates/deployment.yaml +++ b/powerdns/templates/deployment.yaml @@ -73,5 +73,5 @@ spec: - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/powerdns/templates/job-db-sync.yaml b/powerdns/templates/job-db-sync.yaml index 73454c837..9509979af 100644 --- a/powerdns/templates/job-db-sync.yaml +++ b/powerdns/templates/job-db-sync.yaml @@ -54,9 +54,9 @@ spec: - name: powerdns-bin configMap: name: powerdns-bin - defaultMode: 365 + defaultMode: 0555 - name: powerdns-etc secret: secretName: powerdns-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index c5bb3dad8..b1f3cb70f 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -130,7 +130,7 @@ spec: - name: alertmanager-bin configMap: name: alertmanager-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_alertmanager.volumes }}{{ toYaml $mounts_alertmanager.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: alertmanager-data diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index e8c03e411..b4101a3c5 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -143,5 +143,5 @@ spec: - name: kube-state-metrics-bin configMap: name: kube-state-metrics-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index 59515f330..e37cf892c 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -119,6 +119,6 @@ spec: - name: node-exporter-bin configMap: name: node-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_node_exporter.volumes }}{{ toYaml $mounts_node_exporter.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 845346366..05e5db9d9 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -99,5 +99,5 @@ spec: - name: prometheus-openstack-exporter-bin configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index 10218dbd3..bb08406ad 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -66,5 +66,5 @@ spec: - name: ks-user-sh configMap: name: prometheus-openstack-exporter-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/pod-helm-tests.yaml b/prometheus/templates/pod-helm-tests.yaml index 7b9b425b9..3dfbfb796 100644 --- a/prometheus/templates/pod-helm-tests.yaml +++ b/prometheus/templates/pod-helm-tests.yaml @@ -67,5 +67,5 @@ spec: - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index 35c3a8134..becdaa9d1 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -205,11 +205,11 @@ spec: - name: prometheus-etc secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "prometheus-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: prometheus-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "prometheus-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_prometheus.volumes }}{{ toYaml $mounts_prometheus.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: storage diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml index 2b50f1b2d..9f5b25fbe 100644 --- a/rabbitmq/templates/job-cluster-wait.yaml +++ b/rabbitmq/templates/job-cluster-wait.yaml @@ -90,9 +90,9 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml index f68a10bb7..bcddfd3ea 100644 --- a/rabbitmq/templates/pod-test.yaml +++ b/rabbitmq/templates/pod-test.yaml @@ -66,5 +66,5 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml index 9c53c8015..11af505d6 100644 --- a/rabbitmq/templates/statefulset.yaml +++ b/rabbitmq/templates/statefulset.yaml @@ -253,15 +253,15 @@ spec: - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} - defaultMode: 365 + defaultMode: 0555 - name: rabbitmq-etc configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-etc" | quote }} - defaultMode: 292 + defaultMode: 0444 - name: rabbitmq-erlang-cookie secret: secretName: {{ printf "%s-%s" $envAll.Release.Name "erlang-cookie" | quote }} - defaultMode: 292 + defaultMode: 0444 {{- if not $envAll.Values.volume.enabled }} - name: rabbitmq-data {{- if .Values.volume.use_local_path.enabled }} diff --git a/redis/templates/pod_test.yaml b/redis/templates/pod_test.yaml index 010d0a9c1..e7152580c 100644 --- a/redis/templates/pod_test.yaml +++ b/redis/templates/pod_test.yaml @@ -60,9 +60,9 @@ spec: - name: redis-test configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 - name: redis-python configMap: name: redis-bin - defaultMode: 365 + defaultMode: 0555 {{- end }} diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index b82d362f5..d61e6ddfd 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -71,9 +71,9 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 {{- end }} diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index 845aed6c8..40d4d2e65 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -78,11 +78,11 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: registry-etc configMap: name: registry-etc - defaultMode: 292 + defaultMode: 0444 - name: docker-images persistentVolumeClaim: claimName: docker-images diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 2d9e8a233..760fa9af1 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -63,7 +63,7 @@ spec: - name: registry-bin configMap: name: registry-bin - defaultMode: 365 + defaultMode: 0555 - name: docker-socket hostPath: path: /var/run/docker.sock diff --git a/yamllint-templates.conf b/yamllint-templates.conf index 02836e970..ba9fcdf01 100644 --- a/yamllint-templates.conf +++ b/yamllint-templates.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: disable new-lines: disable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: disable truthy: disable diff --git a/yamllint.conf b/yamllint.conf index fb359aef5..382224b5a 100644 --- a/yamllint.conf +++ b/yamllint.conf @@ -25,7 +25,7 @@ rules: line-length: disable new-line-at-end-of-file: enable new-lines: enable - octal-values: enable + octal-values: disable quoted-strings: disable trailing-spaces: enable truthy: disable diff --git a/zookeeper/templates/statefulset.yaml b/zookeeper/templates/statefulset.yaml index 59713431c..21a00cb96 100644 --- a/zookeeper/templates/statefulset.yaml +++ b/zookeeper/templates/statefulset.yaml @@ -206,11 +206,11 @@ spec: - name: zookeeper-etc secret: secretName: zookeeper-etc - defaultMode: 292 + defaultMode: 0444 - name: zookeeper-bin configMap: name: zookeeper-bin - defaultMode: 365 + defaultMode: 0555 {{ if $mounts_zookeeper.volumes }}{{ toYaml $mounts_zookeeper.volumes | indent 8 }}{{ end }} {{- if not .Values.storage.enabled }} - name: data diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 3aa00d31f..beba37d8f 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -17,6 +17,9 @@ name: openstack-helm-lint run: playbooks/lint.yml nodeset: ubuntu-bionic + # NOTE(aostapenko) Required if job is run against another project + required-projects: + - openstack/openstack-helm-infra irrelevant-files: - ^.*\.rst$ - ^doc/.*$