From 2abf62ff4dbb2997174a1957172217c1540b9e77 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Sat, 20 Apr 2019 07:58:42 -0500 Subject: [PATCH] OSH-Infra: Add emptydirs for tmp This PS adds emptydirs backing the /tmp directory in pods, which is required in most cases for full operation when using a read only filesystem backing the container. Additionally some yaml indent issues are resolved. Change-Id: I8b7f1614da059783254aa6efc09facf23fca3cad Signed-off-by: Pete Birley --- calico/templates/daemonset-calico-etcd.yaml | 4 + calico/templates/daemonset-calico-node.yaml | 8 ++ .../deployment-calico-kube-controllers.yaml | 4 + calico/templates/job-calico-settings.yaml | 4 + ceph-client/templates/cronjob-checkPGs.yaml | 4 + .../templates/deployment-checkdns.yaml | 4 + ceph-client/templates/deployment-mds.yaml | 6 + ceph-client/templates/deployment-mgr.yaml | 6 + ceph-client/templates/job-bootstrap.yaml | 4 + ceph-client/templates/job-rbd-pool.yaml | 4 + ceph-client/templates/pod-helm-tests.yaml | 4 + ceph-mon/templates/daemonset-mon.yaml | 8 ++ ceph-mon/templates/deployment-moncheck.yaml | 4 + ceph-mon/templates/job-bootstrap.yaml | 4 + ceph-mon/templates/job-keyring.yaml | 4 + .../templates/job-storage-admin-keys.yaml | 4 + ceph-osd/templates/cronjob-defragosds.yaml | 9 +- ceph-osd/templates/daemonset-osd.yaml | 10 ++ ceph-osd/templates/job-bootstrap.yaml | 4 + ceph-osd/templates/pod-helm-tests.yaml | 4 + .../deployment-cephfs-provisioner.yaml | 4 + .../templates/deployment-rbd-provisioner.yaml | 4 + .../templates/job-bootstrap.yaml | 4 + .../templates/job-cephfs-client-key.yaml | 4 + .../job-namespace-client-key-cleaner.yaml | 4 + .../templates/job-namespace-client-key.yaml | 4 + ceph-rgw/templates/deployment-rgw.yaml | 8 ++ ceph-rgw/templates/job-rgw-storage-init.yaml | 6 + ceph-rgw/templates/job-s3-admin.yaml | 6 + ceph-rgw/templates/pod-helm-tests.yaml | 50 ++++---- elastic-apm-server/templates/deployment.yaml | 4 + elastic-filebeat/templates/daemonset.yaml | 4 + .../templates/daemonset-node-metrics.yaml | 34 +++--- .../templates/deployment-modules.yaml | 4 + elastic-packetbeat/templates/daemonset.yaml | 4 + elasticsearch/templates/cron-job-curator.yaml | 4 + .../templates/deployment-client.yaml | 6 + .../templates/deployment-master.yaml | 4 + .../templates/job-es-cluster-wait.yaml | 4 + .../job-register-snapshot-repository.yaml | 4 + .../prometheus/exporter-deployment.yaml | 4 + elasticsearch/templates/pod-helm-tests.yaml | 4 + elasticsearch/templates/statefulset-data.yaml | 4 + etcd/templates/deployment.yaml | 4 + falco/templates/daemonset.yaml | 4 + .../templates/daemonset-kube-flannel-ds.yaml | 6 + .../templates/daemonset-fluent-bit.yaml | 4 + .../templates/deployment-fluentd.yaml | 4 + .../templates/job-elasticsearch-template.yaml | 4 + .../prometheus/exporter-deployment.yaml | 4 + fluent-logging/templates/pod-helm-tests.yaml | 46 +++---- .../templates/cron-job-resources-cleaner.yaml | 48 ++++---- gnocchi/templates/daemonset-metricd.yaml | 6 + gnocchi/templates/daemonset-statsd.yaml | 6 + gnocchi/templates/deployment-api.yaml | 6 + gnocchi/templates/job-clean.yaml | 4 + gnocchi/templates/job-db-init-indexer.yaml | 4 + gnocchi/templates/job-db-sync.yaml | 6 + gnocchi/templates/job-storage-init.yaml | 6 + gnocchi/templates/pod-gnocchi-test.yaml | 4 + grafana/templates/deployment.yaml | 4 + grafana/templates/job-db-init-session.yaml | 4 + grafana/templates/job-db-init.yaml | 4 + grafana/templates/job-db-session-sync.yaml | 4 + grafana/templates/job-set-admin-user.yaml | 4 + grafana/templates/pod-helm-tests.yaml | 4 + .../templates/manifests/_job-bootstrap.tpl | 4 + .../manifests/_job-db-drop-mysql.tpl | 4 + .../manifests/_job-db-init-mysql.tpl | 4 + .../templates/manifests/_job-db-sync.tpl | 4 + .../templates/manifests/_job-ks-endpoints.tpl | 4 + .../templates/manifests/_job-ks-service.tpl | 4 + .../templates/manifests/_job-ks-user.yaml.tpl | 4 + .../manifests/_job-rabbit-init.yaml.tpl | 4 + .../manifests/_job-s3-bucket.yaml.tpl | 4 + .../templates/manifests/_job-s3-user.yaml.tpl | 6 + .../manifests/_job_image_repo_sync.tpl | 4 + ingress/templates/deployment-error.yaml | 12 +- ingress/templates/deployment-ingress.yaml | 10 ++ kibana/templates/deployment.yaml | 6 + .../job-register-kibana-indexes.yaml | 4 + kube-dns/templates/deployment-kube-dns.yaml | 16 ++- .../templates/deployment.yaml | 4 + .../templates/pod-test.yaml | 4 + ldap/templates/statefulset.yaml | 38 +++--- libvirt/templates/daemonset-libvirt.yaml | 8 ++ .../templates/cron-job-backup-mariadb.yaml | 92 +++++++------- mariadb/templates/deployment-error.yaml | 12 +- mariadb/templates/deployment-ingress.yaml | 4 + .../prometheus/exporter-deployment.yaml | 4 + .../prometheus/exporter-job-create-user.yaml | 4 + mariadb/templates/pod-test.yaml | 4 +- mariadb/templates/statefulset.yaml | 8 +- memcached/templates/deployment.yaml | 4 + .../prometheus/exporter-deployment.yaml | 4 + mongodb/templates/statefulset.yaml | 38 +++--- nagios/templates/deployment.yaml | 6 + nfs-provisioner/templates/deployment.yaml | 4 + openvswitch/templates/daemonset-ovs-db.yaml | 4 + .../templates/daemonset-ovs-vswitchd.yaml | 6 + podsecuritypolicy/values.yaml | 8 +- .../templates/cron-job-backup-postgres.yaml | 112 +++++++++--------- .../prometheus/exporter-job-create-user.yaml | 4 + postgresql/templates/pod-test.yaml | 12 +- postgresql/templates/statefulset.yaml | 6 + .../templates/statefulset.yaml | 6 + .../templates/deployment.yaml | 4 + .../templates/daemonset.yaml | 4 + .../templates/deployment.yaml | 4 + .../templates/job-ks-user.yaml | 4 + .../templates/daemonset.yaml | 4 + prometheus/templates/pod-helm-tests.yaml | 4 + prometheus/templates/statefulset.yaml | 8 ++ rabbitmq/templates/job-cluster-wait.yaml | 4 + rabbitmq/templates/pod-test.yaml | 4 + rabbitmq/templates/statefulset.yaml | 10 ++ redis/templates/pod_test.yaml | 4 + .../templates/daemonset-registry-proxy.yaml | 4 + registry/templates/deployment-registry.yaml | 24 ++-- registry/templates/job-bootstrap.yaml | 4 + 120 files changed, 796 insertions(+), 251 deletions(-) diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml index 2ede67cbc..5d937c035 100644 --- a/calico/templates/daemonset-calico-etcd.yaml +++ b/calico/templates/daemonset-calico-etcd.yaml @@ -102,6 +102,8 @@ spec: - --listen-peer-urls={{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}://0.0.0.0:{{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - --auto-compaction-retention=1 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: var-etcd mountPath: /var/etcd {{ if .Values.conf.etcd.credentials.ca }} @@ -123,6 +125,8 @@ spec: readOnly: true {{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: var-etcd hostPath: path: /var/etcd diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml index 88b0f9786..4913d33fb 100644 --- a/calico/templates/daemonset-calico-node.yaml +++ b/calico/templates/daemonset-calico-node.yaml @@ -180,6 +180,8 @@ spec: key: tls.crt {{ end }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - mountPath: /host/etc/calico name: calico-cert-dir - mountPath: /host/opt/cni/bin @@ -230,6 +232,8 @@ spec: volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cni-bin-dir mountPath: /host/opt/cni/bin - name: cni-net-dir @@ -253,6 +257,8 @@ spec: readOnly: true {{ end }} volumes: + - name: pod-tmp + emptyDir: {} # Used by calico/node. - name: lib-modules hostPath: @@ -368,6 +374,8 @@ spec: - -felix-ready periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - mountPath: /lib/modules name: lib-modules readOnly: true diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml index d88564474..39478f0de 100644 --- a/calico/templates/deployment-calico-kube-controllers.yaml +++ b/calico/templates/deployment-calico-kube-controllers.yaml @@ -144,6 +144,8 @@ spec: # etcd tls mounts volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: calico-etcd-secrets mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }} subPath: tls.ca @@ -169,6 +171,8 @@ spec: - /usr/bin/check-status - -r volumes: + - name: pod-tmp + emptyDir: {} - name: calico-etcd-secrets secret: secretName: calico-etcd-secrets diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml index 37bdf3a91..fccc40c0c 100644 --- a/calico/templates/job-calico-settings.yaml +++ b/calico/templates/job-calico-settings.yaml @@ -76,6 +76,8 @@ spec: command: - /tmp/calico-settings.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: calico-bin mountPath: /tmp/calico-settings.sh subPath: calico-settings.sh @@ -93,6 +95,8 @@ spec: subPath: tls.key readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: calico-bin configMap: name: calico-bin diff --git a/ceph-client/templates/cronjob-checkPGs.yaml b/ceph-client/templates/cronjob-checkPGs.yaml index f24a28f2b..1f1306c93 100644 --- a/ceph-client/templates/cronjob-checkPGs.yaml +++ b/ceph-client/templates/cronjob-checkPGs.yaml @@ -87,6 +87,8 @@ spec: command: - /tmp/utils-checkPGs.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/utils-checkPGs.py subPath: utils-checkPGs.py @@ -118,6 +120,8 @@ spec: restartPolicy: Never hostNetwork: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-client-bin configMap: name: ceph-client-bin diff --git a/ceph-client/templates/deployment-checkdns.yaml b/ceph-client/templates/deployment-checkdns.yaml index f3167d17e..44dc69ace 100644 --- a/ceph-client/templates/deployment-checkdns.yaml +++ b/ceph-client/templates/deployment-checkdns.yaml @@ -99,11 +99,15 @@ spec: command: - /tmp/_start.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/_start.sh subPath: utils-checkDNS_start.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-client-bin configMap: name: ceph-client-bin diff --git a/ceph-client/templates/deployment-mds.yaml b/ceph-client/templates/deployment-mds.yaml index 84c6402bd..1e2cdb15c 100644 --- a/ceph-client/templates/deployment-mds.yaml +++ b/ceph-client/templates/deployment-mds.yaml @@ -58,6 +58,8 @@ spec: - name: CLUSTER value: "ceph" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/init-dirs.sh subPath: init-dirs.sh @@ -98,6 +100,8 @@ spec: port: 6800 timeoutSeconds: 5 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/mds-start.sh subPath: mds-start.sh @@ -125,6 +129,8 @@ spec: mountPath: /run readOnly: false volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-client-etc configMap: name: ceph-client-etc diff --git a/ceph-client/templates/deployment-mgr.yaml b/ceph-client/templates/deployment-mgr.yaml index 5db807433..bce4d0c1d 100644 --- a/ceph-client/templates/deployment-mgr.yaml +++ b/ceph-client/templates/deployment-mgr.yaml @@ -61,6 +61,8 @@ spec: - name: CLUSTER value: "ceph" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/init-dirs.sh subPath: init-dirs.sh @@ -126,6 +128,8 @@ spec: initialDelaySeconds: 30 timeoutSeconds: 5 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /mgr-start.sh subPath: mgr-start.sh @@ -167,6 +171,8 @@ spec: subPath: utils-checkPGs.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceph emptyDir: {} - name: ceph-client-bin diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml index d64cee0d7..5359f4fdc 100644 --- a/ceph-client/templates/job-bootstrap.yaml +++ b/ceph-client/templates/job-bootstrap.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/bootstrap.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/bootstrap.sh subPath: bootstrap.sh @@ -58,6 +60,8 @@ spec: subPath: ceph.client.admin.keyring readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-client-bin configMap: name: ceph-client-bin diff --git a/ceph-client/templates/job-rbd-pool.yaml b/ceph-client/templates/job-rbd-pool.yaml index bc19135d9..ab96e5723 100644 --- a/ceph-client/templates/job-rbd-pool.yaml +++ b/ceph-client/templates/job-rbd-pool.yaml @@ -51,6 +51,8 @@ spec: command: - /tmp/pool-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/pool-init.sh subPath: pool-init.sh @@ -74,6 +76,8 @@ spec: mountPath: /run readOnly: false volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-client-etc configMap: name: ceph-client-etc diff --git a/ceph-client/templates/pod-helm-tests.yaml b/ceph-client/templates/pod-helm-tests.yaml index d32e8aac8..b94f1d4cd 100644 --- a/ceph-client/templates/pod-helm-tests.yaml +++ b/ceph-client/templates/pod-helm-tests.yaml @@ -58,6 +58,8 @@ spec: command: - /tmp/helm-tests.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-client-bin mountPath: /tmp/helm-tests.sh subPath: helm-tests.sh @@ -71,6 +73,8 @@ spec: subPath: ceph.conf readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-client-bin configMap: name: ceph-client-bin diff --git a/ceph-mon/templates/daemonset-mon.yaml b/ceph-mon/templates/daemonset-mon.yaml index 486f9bf02..610a08824 100644 --- a/ceph-mon/templates/daemonset-mon.yaml +++ b/ceph-mon/templates/daemonset-mon.yaml @@ -83,6 +83,8 @@ spec: - name: CLUSTER value: "ceph" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-mon-bin mountPath: /tmp/init-dirs.sh subPath: init-dirs.sh @@ -103,6 +105,8 @@ spec: - ceph:root - /var/log/ceph volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-var-log mountPath: /var/log/ceph readOnly: false @@ -164,6 +168,8 @@ spec: initialDelaySeconds: 60 periodSeconds: 60 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-mon-bin mountPath: /tmp/mon-start.sh subPath: mon-start.sh @@ -214,6 +220,8 @@ spec: mountPath: /var/log/ceph readOnly: false volumes: + - name: pod-tmp + emptyDir: {} - name: pod-var-log hostPath: path: {{ print "/var/log/ceph/" $envAll.Release.Name }} diff --git a/ceph-mon/templates/deployment-moncheck.yaml b/ceph-mon/templates/deployment-moncheck.yaml index 34f439dd2..b0b6a869c 100644 --- a/ceph-mon/templates/deployment-moncheck.yaml +++ b/ceph-mon/templates/deployment-moncheck.yaml @@ -68,6 +68,8 @@ spec: ports: - containerPort: {{ tuple "ceph_mon" "internal" "mon" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-mon-bin mountPath: /tmp/moncheck-start.sh subPath: moncheck-start.sh @@ -99,6 +101,8 @@ spec: mountPath: /run readOnly: false volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-mon-etc configMap: name: ceph-mon-etc diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml index d409e0f24..5822d5eae 100644 --- a/ceph-mon/templates/job-bootstrap.yaml +++ b/ceph-mon/templates/job-bootstrap.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/bootstrap.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-mon-bin mountPath: /tmp/bootstrap.sh subPath: bootstrap.sh @@ -58,6 +60,8 @@ spec: subPath: ceph.client.admin.keyring readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-mon-bin configMap: name: ceph-mon-bin diff --git a/ceph-mon/templates/job-keyring.yaml b/ceph-mon/templates/job-keyring.yaml index d41de1ae2..b82854b88 100644 --- a/ceph-mon/templates/job-keyring.yaml +++ b/ceph-mon/templates/job-keyring.yaml @@ -96,6 +96,8 @@ spec: command: - /tmp/keys-bootstrap-keyring-manager.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-mon-bin mountPath: /tmp/keys-bootstrap-keyring-manager.sh subPath: keys-bootstrap-keyring-manager.sh @@ -108,6 +110,8 @@ spec: mountPath: /tmp/templates readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-mon-bin configMap: name: ceph-mon-bin diff --git a/ceph-mon/templates/job-storage-admin-keys.yaml b/ceph-mon/templates/job-storage-admin-keys.yaml index d311565dc..49640ec74 100644 --- a/ceph-mon/templates/job-storage-admin-keys.yaml +++ b/ceph-mon/templates/job-storage-admin-keys.yaml @@ -89,6 +89,8 @@ spec: command: - /tmp/keys-storage-keyring-manager.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-mon-bin mountPath: /tmp/keys-storage-keyring-manager.sh subPath: keys-storage-keyring-manager.sh @@ -101,6 +103,8 @@ spec: mountPath: /tmp/templates readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-mon-bin configMap: name: ceph-mon-bin diff --git a/ceph-osd/templates/cronjob-defragosds.yaml b/ceph-osd/templates/cronjob-defragosds.yaml index d57099e64..da7ba9b42 100644 --- a/ceph-osd/templates/cronjob-defragosds.yaml +++ b/ceph-osd/templates/cronjob-defragosds.yaml @@ -84,9 +84,12 @@ spec: fieldPath: metadata.namespace - name: KUBECTL_PARAM value: {{ tuple $envAll "ceph" "ceph-defragosd" | include "helm-toolkit.snippets.kubernetes_kubectl_params" | indent 10 }} - command: ["/tmp/utils-defragOSDs.sh"] - args: ["cron"] + command: + - /tmp/utils-defragOSDs.sh + - cron volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-osd-bin mountPath: /tmp/utils-defragOSDs.sh subPath: utils-defragOSDs.sh @@ -94,6 +97,8 @@ spec: restartPolicy: Never hostNetwork: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml index 69b1dff88..f4062ce1b 100644 --- a/ceph-osd/templates/daemonset-osd.yaml +++ b/ceph-osd/templates/daemonset-osd.yaml @@ -76,6 +76,8 @@ spec: - name: MON_PORT value: {{ tuple "ceph_mon" "internal" "mon" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-osd-bin mountPath: /tmp/init-dirs.sh subPath: init-dirs.sh @@ -123,6 +125,8 @@ spec: - ceph:root - /var/log/ceph volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-var-log mountPath: /var/log/ceph readOnly: false @@ -157,6 +161,8 @@ spec: command: - /tmp/osd-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-osd-bin mountPath: /tmp/osd-init.sh subPath: osd-init.sh @@ -248,6 +254,8 @@ spec: initialDelaySeconds: 60 periodSeconds: 60 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-osd-bin mountPath: /tmp/osd-start.sh subPath: osd-start.sh @@ -314,6 +322,8 @@ spec: mountPath: /var/log/ceph readOnly: false volumes: + - name: pod-tmp + emptyDir: {} - name: devices hostPath: path: /dev diff --git a/ceph-osd/templates/job-bootstrap.yaml b/ceph-osd/templates/job-bootstrap.yaml index 792558fe4..5bff221a7 100644 --- a/ceph-osd/templates/job-bootstrap.yaml +++ b/ceph-osd/templates/job-bootstrap.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/bootstrap.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-osd-bin mountPath: /tmp/bootstrap.sh subPath: bootstrap.sh @@ -58,6 +60,8 @@ spec: subPath: ceph.client.admin.keyring readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} diff --git a/ceph-osd/templates/pod-helm-tests.yaml b/ceph-osd/templates/pod-helm-tests.yaml index 1af8ad0c2..590786f2a 100644 --- a/ceph-osd/templates/pod-helm-tests.yaml +++ b/ceph-osd/templates/pod-helm-tests.yaml @@ -43,6 +43,8 @@ spec: command: - /tmp/helm-tests.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-osd-bin mountPath: /tmp/helm-tests.sh subPath: helm-tests.sh @@ -56,6 +58,8 @@ spec: subPath: ceph.conf readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-osd-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }} diff --git a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml index f0b7b2152..775f5c6ec 100644 --- a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml @@ -172,11 +172,15 @@ spec: command: - /tmp/provisioner-cephfs-start.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-provisioners-bin mountPath: /tmp/provisioner-cephfs-start.sh subPath: provisioner-cephfs-start.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} diff --git a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml index cf2e10891..086915741 100644 --- a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml +++ b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml @@ -162,11 +162,15 @@ spec: command: - /tmp/provisioner-rbd-start.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-provisioners-bin mountPath: /tmp/provisioner-rbd-start.sh subPath: provisioner-rbd-start.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} diff --git a/ceph-provisioners/templates/job-bootstrap.yaml b/ceph-provisioners/templates/job-bootstrap.yaml index d2e165977..b7f5bd856 100644 --- a/ceph-provisioners/templates/job-bootstrap.yaml +++ b/ceph-provisioners/templates/job-bootstrap.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/bootstrap.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-provisioners-bin mountPath: /tmp/bootstrap.sh subPath: bootstrap.sh @@ -58,6 +60,8 @@ spec: subPath: ceph.client.admin.keyring readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} diff --git a/ceph-provisioners/templates/job-cephfs-client-key.yaml b/ceph-provisioners/templates/job-cephfs-client-key.yaml index a5b396b66..310fb21c2 100644 --- a/ceph-provisioners/templates/job-cephfs-client-key.yaml +++ b/ceph-provisioners/templates/job-cephfs-client-key.yaml @@ -114,11 +114,15 @@ spec: command: - /tmp/provisioner-cephfs-client-key-manager.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-provisioners-bin mountPath: /tmp/provisioner-cephfs-client-key-manager.sh subPath: provisioner-cephfs-client-key-manager.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-provisioners-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }} diff --git a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml index 1dd5d81c0..1d24e65be 100644 --- a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml @@ -81,11 +81,15 @@ spec: command: - /tmp/provisioner-rbd-namespace-client-key-cleaner.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-provisioners-bin-clients mountPath: /tmp/provisioner-rbd-namespace-client-key-cleaner.sh subPath: provisioner-rbd-namespace-client-key-cleaner.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} diff --git a/ceph-provisioners/templates/job-namespace-client-key.yaml b/ceph-provisioners/templates/job-namespace-client-key.yaml index a15677513..907dbfa94 100644 --- a/ceph-provisioners/templates/job-namespace-client-key.yaml +++ b/ceph-provisioners/templates/job-namespace-client-key.yaml @@ -112,11 +112,15 @@ spec: command: - /tmp/provisioner-rbd-namespace-client-key-manager.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-provisioners-bin-clients mountPath: /tmp/provisioner-rbd-namespace-client-key-manager.sh subPath: provisioner-rbd-namespace-client-key-manager.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-provisioners-bin-clients configMap: name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }} diff --git a/ceph-rgw/templates/deployment-rgw.yaml b/ceph-rgw/templates/deployment-rgw.yaml index 0b59bfa83..1b2d03dfa 100644 --- a/ceph-rgw/templates/deployment-rgw.yaml +++ b/ceph-rgw/templates/deployment-rgw.yaml @@ -69,6 +69,8 @@ spec: - name: CLUSTER value: "ceph" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-rgw-bin mountPath: /tmp/init-dirs.sh subPath: init-dirs.sh @@ -102,6 +104,8 @@ spec: command: - /tmp/rgw-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-ceph mountPath: /etc/ceph - name: ceph-rgw-bin @@ -137,6 +141,8 @@ spec: port: {{ tuple "object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} timeoutSeconds: 5 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-rgw-bin mountPath: /tmp/rgw-start.sh subPath: rgw-start.sh @@ -158,6 +164,8 @@ spec: mountPath: /run readOnly: false volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceph emptyDir: {} - name: ceph-rgw-bin diff --git a/ceph-rgw/templates/job-rgw-storage-init.yaml b/ceph-rgw/templates/job-rgw-storage-init.yaml index bd382aeb2..28a4cdf9c 100644 --- a/ceph-rgw/templates/job-rgw-storage-init.yaml +++ b/ceph-rgw/templates/job-rgw-storage-init.yaml @@ -71,6 +71,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: ceph-rgw-bin @@ -95,6 +97,8 @@ spec: command: - /tmp/storage-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceph-rgw-bin mountPath: /tmp/storage-init.sh subPath: storage-init.sh @@ -113,6 +117,8 @@ spec: subPath: key readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceph-rgw-bin configMap: name: ceph-rgw-bin diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml index 2d0c173bb..701c2eebf 100644 --- a/ceph-rgw/templates/job-s3-admin.yaml +++ b/ceph-rgw/templates/job-s3-admin.yaml @@ -76,6 +76,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: ceph-rgw-bin @@ -110,6 +112,8 @@ spec: command: - /tmp/rgw-s3-admin.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: ceph-rgw-bin @@ -125,6 +129,8 @@ spec: subPath: key readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etcceph emptyDir: {} - name: ceph-rgw-bin diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index 17b117fe1..a3918607f 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -53,6 +53,8 @@ spec: command: - /tmp/helm-tests.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: ceph-rgw-bin @@ -67,7 +69,30 @@ spec: mountPath: /etc/ceph/ceph.conf subPath: ceph.conf readOnly: true +{{- end }} +{{ if .Values.conf.rgw_s3.enabled }} + - name: ceph-rgw-s3-validation +{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }} +{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} + env: +{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }} +{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }} +{{- end }} + - name: RGW_HOST + value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + command: + - /tmp/helm-tests.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: ceph-rgw-bin + mountPath: /tmp/helm-tests.sh + subPath: helm-tests.sh + readOnly: true +{{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: etcceph emptyDir: {} - name: ceph-rgw-bin @@ -82,28 +107,3 @@ spec: name: ceph-rgw-etc defaultMode: 0444 {{- end }} -{{ if .Values.conf.rgw_s3.enabled }} - containers: - - name: ceph-rgw-s3-validation -{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }} -{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} - env: -{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }} -{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }} -{{- end }} - - name: RGW_HOST - value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} - command: - - /tmp/helm-tests.sh - volumeMounts: - - name: ceph-rgw-bin - mountPath: /tmp/helm-tests.sh - subPath: helm-tests.sh - readOnly: true - volumes: - - name: ceph-rgw-bin - configMap: - name: ceph-rgw-bin - defaultMode: 0555 -{{- end }} -{{- end }} diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml index f94916828..447821b4c 100644 --- a/elastic-apm-server/templates/deployment.yaml +++ b/elastic-apm-server/templates/deployment.yaml @@ -109,6 +109,8 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elastic-apm-server-etc mountPath: /usr/share/apm-server/apm-server.yml readOnly: true @@ -117,6 +119,8 @@ spec: mountPath: /usr/share/apm-server/data {{ if $mounts_elastic_apm_server.volumeMounts }}{{ toYaml $mounts_elastic_apm_server.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: elastic-apm-server-etc configMap: name: elastic-apm-server-etc diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml index 5026ac9f8..288d36e80 100644 --- a/elastic-filebeat/templates/daemonset.yaml +++ b/elastic-filebeat/templates/daemonset.yaml @@ -127,6 +127,8 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: data mountPath: /usr/share/filebeat/data - name: varlog @@ -140,6 +142,8 @@ spec: subPath: filebeat.yml {{ if $mounts_filebeat.volumeMounts }}{{ toYaml $mounts_filebeat.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: varlog hostPath: path: /var/log diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml index ad1852717..481369e91 100644 --- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml +++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml @@ -134,6 +134,8 @@ spec: fieldRef: fieldPath: metadata.namespace volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: metricbeat-etc mountPath: /etc/metricbeat.yml subPath: metricbeat.yml @@ -156,20 +158,22 @@ spec: readOnly: true {{ if $mounts_metricbeat.volumeMounts }}{{ toYaml $mounts_metricbeat.volumeMounts | indent 12 }}{{ end }} volumes: - - name: proc - hostPath: - path: /proc - - name: cgroup - hostPath: - path: /sys/fs/cgroup - - name: dockersock - hostPath: - path: /var/run/docker.sock - - name: metricbeat-etc - configMap: - defaultMode: 0444 - name: metricbeat-etc - - name: data - emptyDir: {} + - name: pod-tmp + emptyDir: {} + - name: proc + hostPath: + path: /proc + - name: cgroup + hostPath: + path: /sys/fs/cgroup + - name: dockersock + hostPath: + path: /var/run/docker.sock + - name: metricbeat-etc + configMap: + defaultMode: 0444 + name: metricbeat-etc + - name: data + emptyDir: {} {{ if $mounts_metricbeat.volumes }}{{ toYaml $mounts_metricbeat.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/elastic-metricbeat/templates/deployment-modules.yaml b/elastic-metricbeat/templates/deployment-modules.yaml index 0b7caaeb9..4e1c60236 100644 --- a/elastic-metricbeat/templates/deployment-modules.yaml +++ b/elastic-metricbeat/templates/deployment-modules.yaml @@ -83,6 +83,8 @@ spec: fieldRef: fieldPath: metadata.namespace volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: metricbeat-etc mountPath: /etc/metricbeat.yml subPath: metricbeat.yml @@ -100,6 +102,8 @@ spec: subPath: rabbitmq.yml readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: metricbeat-etc configMap: name: metricbeat-etc diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml index a3d167ad9..7e09dc2e4 100644 --- a/elastic-packetbeat/templates/daemonset.yaml +++ b/elastic-packetbeat/templates/daemonset.yaml @@ -134,12 +134,16 @@ spec: fieldRef: fieldPath: spec.nodeName volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: packetbeat-etc mountPath: /etc/packetbeat/packetbeat.yml subPath: packetbeat.yml readOnly: true {{ if $mounts_packetbeat.volumeMounts }}{{ toYaml $mounts_packetbeat.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: packetbeat-etc configMap: defaultMode: 0444 diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml index 877ee4c7c..ddb14fe32 100644 --- a/elasticsearch/templates/cron-job-curator.yaml +++ b/elasticsearch/templates/cron-job-curator.yaml @@ -59,6 +59,8 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_URI volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-curator mountPath: /etc/config - name: elasticsearch-bin @@ -74,6 +76,8 @@ spec: subPath: action_file.yml readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-curator emptyDir: {} - name: elasticsearch-bin diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml index 4d0144e1d..27a0128c4 100644 --- a/elasticsearch/templates/deployment-client.yaml +++ b/elasticsearch/templates/deployment-client.yaml @@ -130,6 +130,8 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-bin mountPath: /tmp/apache.sh subPath: apache.sh @@ -192,6 +194,8 @@ spec: - name: ES_PLUGINS_INSTALL value: "elasticsearch-s3" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-logs mountPath: {{ .Values.conf.elasticsearch.config.path.logs }} - name: elasticsearch-bin @@ -212,6 +216,8 @@ spec: mountPath: {{ .Values.conf.elasticsearch.config.path.data }} {{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: elasticsearch-config emptyDir: {} - name: elasticsearch-logs diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml index 9af21c1c4..575034363 100644 --- a/elasticsearch/templates/deployment-master.yaml +++ b/elasticsearch/templates/deployment-master.yaml @@ -150,6 +150,8 @@ spec: - name: ES_PLUGINS_INSTALL value: "elasticsearch-s3" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-logs mountPath: {{ .Values.conf.elasticsearch.config.path.logs }} - name: elasticsearch-bin @@ -170,6 +172,8 @@ spec: mountPath: {{ .Values.conf.elasticsearch.config.path.data }} {{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: elasticsearch-logs emptyDir: {} - name: elasticsearch-config diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml index e9e8a47c1..aeb30a20e 100644 --- a/elasticsearch/templates/job-es-cluster-wait.yaml +++ b/elasticsearch/templates/job-es-cluster-wait.yaml @@ -60,11 +60,15 @@ spec: command: - /tmp/es-cluster-wait.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-bin mountPath: /tmp/es-cluster-wait.sh subPath: es-cluster-wait.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: elasticsearch-bin configMap: name: elasticsearch-bin diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml index c30de45e6..7bcddfe91 100644 --- a/elasticsearch/templates/job-register-snapshot-repository.yaml +++ b/elasticsearch/templates/job-register-snapshot-repository.yaml @@ -75,11 +75,15 @@ spec: command: - /tmp/register-repository.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-bin mountPath: /tmp/register-repository.sh subPath: register-repository.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: elasticsearch-bin configMap: name: elasticsearch-bin diff --git a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml index 18253e154..84a1dfe44 100644 --- a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml @@ -77,11 +77,15 @@ spec: initialDelaySeconds: 20 periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-exporter-bin mountPath: /tmp/elasticsearch-exporter.sh subPath: elasticsearch-exporter.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: elasticsearch-exporter-bin configMap: name: elasticsearch-exporter-bin diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml index 442c87913..bee2b8c91 100644 --- a/elasticsearch/templates/pod-helm-tests.yaml +++ b/elasticsearch/templates/pod-helm-tests.yaml @@ -57,11 +57,15 @@ spec: - name: ELASTICSEARCH_ENDPOINT value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-bin mountPath: /tmp/helm-tests.sh subPath: helm-tests.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: elasticsearch-bin configMap: name: elasticsearch-bin diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml index 5db387c3f..95ee2ea10 100644 --- a/elasticsearch/templates/statefulset-data.yaml +++ b/elasticsearch/templates/statefulset-data.yaml @@ -148,6 +148,8 @@ spec: - name: ES_PLUGINS_INSTALL value: "elasticsearch-s3" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: elasticsearch-logs mountPath: {{ .Values.conf.elasticsearch.config.path.logs }} - name: elasticsearch-bin @@ -168,6 +170,8 @@ spec: mountPath: {{ .Values.conf.elasticsearch.config.path.data }} {{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: elasticsearch-logs emptyDir: {} - name: elasticsearch-config diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml index acfffd4c8..45a3a2003 100644 --- a/etcd/templates/deployment.yaml +++ b/etcd/templates/deployment.yaml @@ -60,11 +60,15 @@ spec: tcpSocket: port: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcd-bin mountPath: /tmp/etcd.sh subPath: etcd.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etcd-bin configMap: name: {{ $configMapBinName | quote }} diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml index 68dba4992..f299e1116 100644 --- a/falco/templates/daemonset.yaml +++ b/falco/templates/daemonset.yaml @@ -90,6 +90,8 @@ spec: args: - /tmp/falco.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - mountPath: /tmp/falco.sh name: falco-bin subPath: falco.sh @@ -115,6 +117,8 @@ spec: name: rules-volume {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: falco-bin configMap: name: falco-bin diff --git a/flannel/templates/daemonset-kube-flannel-ds.yaml b/flannel/templates/daemonset-kube-flannel-ds.yaml index 165edb89c..7f3524564 100644 --- a/flannel/templates/daemonset-kube-flannel-ds.yaml +++ b/flannel/templates/daemonset-kube-flannel-ds.yaml @@ -110,6 +110,8 @@ spec: fieldRef: fieldPath: metadata.namespace volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: run mountPath: /run - name: flannel-cfg @@ -118,11 +120,15 @@ spec: image: {{ .Values.images.tags.flannel }} command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ] volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: + - name: pod-tmp + emptyDir: {} - name: run hostPath: path: /run diff --git a/fluent-logging/templates/daemonset-fluent-bit.yaml b/fluent-logging/templates/daemonset-fluent-bit.yaml index fa2fd31bb..468620c58 100644 --- a/fluent-logging/templates/daemonset-fluent-bit.yaml +++ b/fluent-logging/templates/daemonset-fluent-bit.yaml @@ -118,6 +118,8 @@ spec: - name: FLUENTD_PORT value: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: fluent-logging-bin mountPath: /tmp/fluent-bit.sh subPath: fluent-bit.sh @@ -138,6 +140,8 @@ spec: readOnly: true {{ if $mounts_fluentbit.volumeMounts }}{{ toYaml $mounts_fluentbit.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: varlog hostPath: path: /var/log diff --git a/fluent-logging/templates/deployment-fluentd.yaml b/fluent-logging/templates/deployment-fluentd.yaml index 14123e446..232d9f2df 100644 --- a/fluent-logging/templates/deployment-fluentd.yaml +++ b/fluent-logging/templates/deployment-fluentd.yaml @@ -145,6 +145,8 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-fluentd mountPath: /fluentd/etc - name: fluent-logging-etc @@ -157,6 +159,8 @@ spec: readOnly: true {{- if $mounts_fluentd.volumeMounts }}{{ toYaml $mounts_fluentd.volumeMounts | indent 12 }}{{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-fluentd emptyDir: {} - name: fluent-logging-etc diff --git a/fluent-logging/templates/job-elasticsearch-template.yaml b/fluent-logging/templates/job-elasticsearch-template.yaml index ef60ecd28..ae8bf9ec6 100644 --- a/fluent-logging/templates/job-elasticsearch-template.yaml +++ b/fluent-logging/templates/job-elasticsearch-template.yaml @@ -63,6 +63,8 @@ spec: command: - /tmp/create_template.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: fluent-logging-bin mountPath: /tmp/create_template.sh subPath: create_template.sh @@ -75,6 +77,8 @@ spec: {{ end }} {{ if $mounts_elasticsearch_template.volumeMounts }}{{ toYaml $mounts_elasticsearch_template.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: fluent-logging-bin configMap: name: fluent-logging-bin diff --git a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml index 65caec9bc..bf0ed53af 100644 --- a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml @@ -68,11 +68,15 @@ spec: - name: FLUENTD_METRICS_HOST value: {{ $fluentd_metrics_host }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: fluentd-exporter-bin mountPath: /tmp/fluentd-exporter.sh subPath: fluentd-exporter.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: fluentd-exporter-bin configMap: name: fluentd-exporter-bin diff --git a/fluent-logging/templates/pod-helm-tests.yaml b/fluent-logging/templates/pod-helm-tests.yaml index 74853e5d5..992c0b019 100644 --- a/fluent-logging/templates/pod-helm-tests.yaml +++ b/fluent-logging/templates/pod-helm-tests.yaml @@ -42,28 +42,32 @@ spec: {{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} command: - - /tmp/helm-tests.sh + - /tmp/helm-tests.sh env: - - name: ELASTICSEARCH_USERNAME - valueFrom: - secretKeyRef: - name: {{ $esUserSecret }} - key: ELASTICSEARCH_USERNAME - - name: ELASTICSEARCH_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $esUserSecret }} - key: ELASTICSEARCH_PASSWORD - - name: ELASTICSEARCH_ENDPOINT - value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} + - name: ELASTICSEARCH_USERNAME + valueFrom: + secretKeyRef: + name: {{ $esUserSecret }} + key: ELASTICSEARCH_USERNAME + - name: ELASTICSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $esUserSecret }} + key: ELASTICSEARCH_PASSWORD + - name: ELASTICSEARCH_ENDPOINT + value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: - - name: fluent-logging-bin - mountPath: /tmp/helm-tests.sh - subPath: helm-tests.sh - readOnly: true + - name: pod-tmp + mountPath: /tmp + - name: fluent-logging-bin + mountPath: /tmp/helm-tests.sh + subPath: helm-tests.sh + readOnly: true volumes: - - name: fluent-logging-bin - configMap: - name: fluent-logging-bin - defaultMode: 0555 + - name: pod-tmp + emptyDir: {} + - name: fluent-logging-bin + configMap: + name: fluent-logging-bin + defaultMode: 0555 {{- end }} diff --git a/gnocchi/templates/cron-job-resources-cleaner.yaml b/gnocchi/templates/cron-job-resources-cleaner.yaml index 01f7beb9b..3417e07e9 100644 --- a/gnocchi/templates/cron-job-resources-cleaner.yaml +++ b/gnocchi/templates/cron-job-resources-cleaner.yaml @@ -70,27 +70,31 @@ spec: command: - /tmp/gnocchi-resources-cleaner.sh volumeMounts: - - name: gnocchi-bin - mountPath: /tmp/gnocchi-resources-cleaner.sh - subPath: gnocchi-resources-cleaner.sh - readOnly: true - - name: pod-etc-gnocchi - mountPath: /etc/gnocchi - - name: gnocchi-etc - mountPath: /etc/gnocchi/gnocchi.conf - subPath: gnocchi.conf - readOnly: true -{{ if $mounts_gnocchi_resources_cleaner.volumeMounts }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumeMounts | indent 14 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: gnocchi-bin + mountPath: /tmp/gnocchi-resources-cleaner.sh + subPath: gnocchi-resources-cleaner.sh + readOnly: true + - name: pod-etc-gnocchi + mountPath: /etc/gnocchi + - name: gnocchi-etc + mountPath: /etc/gnocchi/gnocchi.conf + subPath: gnocchi.conf + readOnly: true +{{ if $mounts_gnocchi_resources_cleaner.volumeMounts }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumeMounts | indent 16 }}{{ end }} volumes: - - name: pod-etc-gnocchi - emptyDir: {} - - name: gnocchi-etc - secret: - secretName: gnocchi-etc - defaultMode: 0444 - - name: gnocchi-bin - configMap: - name: gnocchi-bin - defaultMode: 0555 -{{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: pod-etc-gnocchi + emptyDir: {} + - name: gnocchi-etc + secret: + secretName: gnocchi-etc + defaultMode: 0444 + - name: gnocchi-bin + configMap: + name: gnocchi-bin + defaultMode: 0555 +{{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml index 0bbb233da..a77549a3f 100644 --- a/gnocchi/templates/daemonset-metricd.yaml +++ b/gnocchi/templates/daemonset-metricd.yaml @@ -53,6 +53,8 @@ spec: command: - /tmp/ceph-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: gnocchi-bin @@ -70,6 +72,8 @@ spec: command: - /tmp/gnocchi-metricd.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-gnocchi mountPath: /etc/gnocchi - name: gnocchi-etc @@ -96,6 +100,8 @@ spec: readOnly: true {{ if $mounts_gnocchi_metricd.volumeMounts }}{{ toYaml $mounts_gnocchi_metricd.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-etc diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml index 733419d7b..fd63ed010 100644 --- a/gnocchi/templates/daemonset-statsd.yaml +++ b/gnocchi/templates/daemonset-statsd.yaml @@ -52,6 +52,8 @@ spec: command: - /tmp/ceph-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: gnocchi-bin @@ -72,6 +74,8 @@ spec: - name: gn-stats containerPort: {{ tuple "metric_statsd" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-gnocchi mountPath: /etc/gnocchi - name: gnocchi-etc @@ -102,6 +106,8 @@ spec: readOnly: true {{ if $mounts_gnocchi_statsd.volumeMounts }}{{ toYaml $mounts_gnocchi_statsd.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-etc diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml index 031d24d13..1c1f5e499 100644 --- a/gnocchi/templates/deployment-api.yaml +++ b/gnocchi/templates/deployment-api.yaml @@ -57,6 +57,8 @@ spec: command: - /tmp/ceph-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: gnocchi-bin @@ -87,6 +89,8 @@ spec: tcpSocket: port: {{ tuple "metric" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-gnocchi mountPath: /etc/gnocchi - name: gnocchi-etc @@ -121,6 +125,8 @@ spec: readOnly: true {{ if $mounts_gnocchi_api.volumeMounts }}{{ toYaml $mounts_gnocchi_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-gnocchi emptyDir: {} - name: gnocchi-etc diff --git a/gnocchi/templates/job-clean.yaml b/gnocchi/templates/job-clean.yaml index 6ff83aa66..e16b2472a 100644 --- a/gnocchi/templates/job-clean.yaml +++ b/gnocchi/templates/job-clean.yaml @@ -79,11 +79,15 @@ spec: command: - /tmp/clean-secrets.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: gnocchi-bin mountPath: /tmp/clean-secrets.sh subPath: clean-secrets.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: gnocchi-bin configMap: name: gnocchi-bin diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml index ad472908d..660527653 100644 --- a/gnocchi/templates/job-db-init-indexer.yaml +++ b/gnocchi/templates/job-db-init-indexer.yaml @@ -55,6 +55,8 @@ spec: command: - /tmp/db-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: gnocchi-etc mountPath: /etc/gnocchi/gnocchi.conf subPath: gnocchi.conf @@ -65,6 +67,8 @@ spec: subPath: db-init.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: gnocchi-etc secret: secretName: gnocchi-etc diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml index bdb0f95b6..301229c09 100644 --- a/gnocchi/templates/job-db-sync.yaml +++ b/gnocchi/templates/job-db-sync.yaml @@ -41,6 +41,8 @@ spec: command: - /tmp/ceph-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: gnocchi-bin @@ -58,6 +60,8 @@ spec: command: - /tmp/db-sync.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: gnocchi-etc mountPath: /etc/gnocchi/gnocchi.conf subPath: gnocchi.conf @@ -75,6 +79,8 @@ spec: subPath: key readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: gnocchi-etc secret: secretName: gnocchi-etc diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml index ae5046b2f..8b43e707f 100644 --- a/gnocchi/templates/job-storage-init.yaml +++ b/gnocchi/templates/job-storage-init.yaml @@ -71,6 +71,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: gnocchi-bin @@ -101,6 +103,8 @@ spec: command: - /tmp/storage-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: gnocchi-bin mountPath: /tmp/storage-init.sh subPath: storage-init.sh @@ -116,6 +120,8 @@ spec: subPath: key readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: gnocchi-bin configMap: name: gnocchi-bin diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml index df02983ce..b1186e800 100644 --- a/gnocchi/templates/pod-gnocchi-test.yaml +++ b/gnocchi/templates/pod-gnocchi-test.yaml @@ -59,6 +59,8 @@ spec: command: - /tmp/gnocchi-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: gnocchi-etc mountPath: /etc/gnocchi/gnocchi.conf subPath: gnocchi.conf @@ -69,6 +71,8 @@ spec: readOnly: true {{ if $mounts_gnocchi_tests.volumeMounts }}{{ toYaml $mounts_gnocchi_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: gnocchi-etc secret: secretName: gnocchi-etc diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml index 32424a477..6e92f6ef2 100644 --- a/grafana/templates/deployment.yaml +++ b/grafana/templates/deployment.yaml @@ -82,6 +82,8 @@ spec: - name: PROMETHEUS_URL value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-grafana mountPath: /etc/grafana - name: pod-provisioning-grafana @@ -111,6 +113,8 @@ spec: {{- end }} {{ if $mounts_grafana.volumeMounts }}{{ toYaml $mounts_grafana.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-grafana emptyDir: {} - name: pod-provisioning-grafana diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml index 1b159fb09..3da57de84 100644 --- a/grafana/templates/job-db-init-session.yaml +++ b/grafana/templates/job-db-init-session.yaml @@ -56,11 +56,15 @@ spec: command: - /tmp/db-init.py volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: grafana-bin mountPath: /tmp/db-init.py subPath: db-init.py readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: grafana-bin configMap: name: grafana-bin diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml index 4a89572b8..bc8523a86 100644 --- a/grafana/templates/job-db-init.yaml +++ b/grafana/templates/job-db-init.yaml @@ -56,11 +56,15 @@ spec: command: - /tmp/db-init.py volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: grafana-bin mountPath: /tmp/db-init.py subPath: db-init.py readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: grafana-bin configMap: name: grafana-bin diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml index 6db743478..2e4832235 100644 --- a/grafana/templates/job-db-session-sync.yaml +++ b/grafana/templates/job-db-session-sync.yaml @@ -51,11 +51,15 @@ spec: command: - /tmp/db-session-sync.py volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: grafana-bin mountPath: /tmp/db-session-sync.py subPath: db-session-sync.py readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: grafana-bin configMap: name: grafana-bin diff --git a/grafana/templates/job-set-admin-user.yaml b/grafana/templates/job-set-admin-user.yaml index 3fbd542b3..ad39a184e 100644 --- a/grafana/templates/job-set-admin-user.yaml +++ b/grafana/templates/job-set-admin-user.yaml @@ -58,6 +58,8 @@ spec: name: grafana-admin-creds key: GRAFANA_ADMIN_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: grafana-etc mountPath: /etc/grafana/grafana.ini subPath: grafana.ini @@ -66,6 +68,8 @@ spec: subPath: set-admin-password.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-grafana emptyDir: {} - name: grafana-bin diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml index b887b1fef..da7fe85e5 100644 --- a/grafana/templates/pod-helm-tests.yaml +++ b/grafana/templates/pod-helm-tests.yaml @@ -59,11 +59,15 @@ spec: - name: GRAFANA_ENDPOINT value: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: grafana-bin mountPath: /tmp/helm-tests.sh subPath: helm-tests.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: grafana-bin configMap: name: grafana-bin diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl index 8afc50ee6..01552de3b 100644 --- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl +++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl @@ -67,6 +67,8 @@ spec: command: - /tmp/bootstrap.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: bootstrap-sh mountPath: /tmp/bootstrap.sh subPath: bootstrap.sh @@ -85,6 +87,8 @@ spec: {{ $podVolMounts | toYaml | indent 12 }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: bootstrap-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl index e813c328d..d5b1f6a3d 100644 --- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl @@ -88,6 +88,8 @@ spec: command: - /tmp/db-drop.py volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: db-drop-sh mountPath: /tmp/db-drop.py subPath: db-drop.py @@ -106,6 +108,8 @@ spec: {{- end }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: db-drop-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl index dea58646e..e01445ca7 100644 --- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl @@ -85,6 +85,8 @@ spec: command: - /tmp/db-init.py volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: db-init-sh mountPath: /tmp/db-init.py subPath: db-init.py @@ -103,6 +105,8 @@ spec: {{- end }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: db-init-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl index 134e99bd8..6e74932ce 100644 --- a/helm-toolkit/templates/manifests/_job-db-sync.tpl +++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl @@ -63,6 +63,8 @@ spec: command: - /tmp/db-sync.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: db-sync-sh mountPath: /tmp/db-sync.sh subPath: db-sync.sh @@ -81,6 +83,8 @@ spec: {{ $podVolMounts | toYaml | indent 12 }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: db-sync-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl index f07cb630b..70871220d 100644 --- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl @@ -56,6 +56,8 @@ spec: command: - /tmp/ks-endpoints.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-endpoints-sh mountPath: /tmp/ks-endpoints.sh subPath: ks-endpoints.sh @@ -75,6 +77,8 @@ spec: {{- end }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-endpoints-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl index 628b24cac..7d81411a5 100644 --- a/helm-toolkit/templates/manifests/_job-ks-service.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl @@ -55,6 +55,8 @@ spec: command: - /tmp/ks-service.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-service-sh mountPath: /tmp/ks-service.sh subPath: ks-service.sh @@ -69,6 +71,8 @@ spec: value: {{ $osServiceType | quote }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-service-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl index 1a79094cc..2aa659b5b 100644 --- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -54,6 +54,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -75,6 +77,8 @@ spec: value: {{ $serviceOsRoles | quote }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-user-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl index 9224458b4..967bb4bda 100644 --- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl @@ -49,6 +49,8 @@ spec: command: - /tmp/rabbit-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rabbit-init-sh mountPath: /tmp/rabbit-init.sh subPath: rabbit-init.sh @@ -69,6 +71,8 @@ spec: value: {{ toJson $envAll.Values.conf.rabbitmq | quote }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: rabbit-init-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl index a8c064fac..201e5a5a2 100644 --- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl @@ -71,6 +71,8 @@ spec: - name: RGW_PROTO value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: s3-bucket-sh mountPath: /tmp/create-s3-bucket.sh subPath: create-s3-bucket.sh @@ -88,6 +90,8 @@ spec: readOnly: true {{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: s3-bucket-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl index 6d2378ed4..322cd402c 100644 --- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl @@ -55,6 +55,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: ceph-keyring-sh @@ -84,6 +86,8 @@ spec: - name: RGW_HOST value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: create-s3-user-sh mountPath: /tmp/create-s3-user.sh subPath: create-s3-user.sh @@ -101,6 +105,8 @@ spec: readOnly: true {{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: create-s3-user-sh configMap: name: {{ $configMapBin | quote }} diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl index 514fa59dd..6a0519f1b 100644 --- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl @@ -60,6 +60,8 @@ spec: command: - /tmp/image-repo-sync.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: bootstrap-sh mountPath: /tmp/image-repo-sync.sh subPath: image-repo-sync.sh @@ -70,6 +72,8 @@ spec: {{ $podVolMounts | toYaml | indent 12 }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: bootstrap-sh configMap: name: {{ $configMapBin | quote }} diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml index b41472da1..dbf63de35 100644 --- a/ingress/templates/deployment-error.yaml +++ b/ingress/templates/deployment-error.yaml @@ -75,13 +75,17 @@ spec: - /tmp/ingress-error-pages.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ingress-bin mountPath: /tmp/ingress-error-pages.sh subPath: ingress-error-pages.sh readOnly: true volumes: - - name: ingress-bin - configMap: - name: ingress-bin - defaultMode: 0555 + - name: pod-tmp + emptyDir: {} + - name: ingress-bin + configMap: + name: ingress-bin + defaultMode: 0555 {{- end }} diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index 369f35f7f..9ffaf1a6e 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -208,6 +208,8 @@ spec: - /tmp/ingress-vip.sh - kernel_modules volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ingress-bin mountPath: /tmp/ingress-vip.sh subPath: ingress-vip.sh @@ -228,6 +230,8 @@ spec: - /tmp/ingress-vip.sh - start volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ingress-bin mountPath: /tmp/ingress-vip.sh subPath: ingress-vip.sh @@ -304,6 +308,8 @@ spec: - /tmp/ingress-controller.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ingress-bin mountPath: /tmp/ingress-controller.sh subPath: ingress-controller.sh @@ -329,6 +335,8 @@ spec: - /tmp/ingress-vip.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ingress-bin mountPath: /tmp/ingress-vip.sh subPath: ingress-vip.sh @@ -345,6 +353,8 @@ spec: {{- end }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ingress-bin configMap: name: ingress-bin diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml index df3e6a734..82a455f40 100644 --- a/kibana/templates/deployment.yaml +++ b/kibana/templates/deployment.yaml @@ -79,6 +79,8 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: kibana-bin mountPath: /tmp/apache.sh subPath: apache.sh @@ -110,6 +112,8 @@ spec: name: {{ $esUserSecret }} key: ELASTICSEARCH_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: kibana-bin mountPath: /tmp/kibana.sh subPath: kibana.sh @@ -121,6 +125,8 @@ spec: subPath: kibana.yml readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-kibana emptyDir: {} - name: kibana-bin diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml index beb5284bf..d16196c37 100644 --- a/kibana/templates/job-register-kibana-indexes.yaml +++ b/kibana/templates/job-register-kibana-indexes.yaml @@ -56,11 +56,15 @@ spec: command: - /tmp/create_kibana_index_patterns.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: kibana-bin mountPath: /tmp/create_kibana_index_patterns.sh subPath: create_kibana_index_patterns.sh readOnly: false volumes: + - name: pod-tmp + emptyDir: {} - name: kibana-bin configMap: name: kibana-bin diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml index fe098a7c1..d68cac3bc 100644 --- a/kube-dns/templates/deployment-kube-dns.yaml +++ b/kube-dns/templates/deployment-kube-dns.yaml @@ -105,6 +105,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - name: pod-tmp + mountPath: /tmp - mountPath: /kube-dns-config name: kube-dns-config - name: dnsmasq @@ -145,6 +147,8 @@ spec: terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: + - name: pod-tmp + mountPath: /tmp - mountPath: /etc/k8s/dns/dnsmasq-nanny name: kube-dns-config - name: sidecar @@ -187,9 +191,11 @@ spec: - effect: NoSchedule key: node-role.kubernetes.io/master volumes: - - configMap: - defaultMode: 420 - name: kube-dns - optional: true - name: kube-dns-config + - name: pod-tmp + emptyDir: {} + - configMap: + defaultMode: 420 + name: kube-dns + optional: true + name: kube-dns-config {{- end }} diff --git a/kubernetes-keystone-webhook/templates/deployment.yaml b/kubernetes-keystone-webhook/templates/deployment.yaml index 54385b42a..18a2b83c8 100644 --- a/kubernetes-keystone-webhook/templates/deployment.yaml +++ b/kubernetes-keystone-webhook/templates/deployment.yaml @@ -57,6 +57,8 @@ spec: - name: k8sksauth-pub containerPort: {{ tuple "kubernetes_keystone_webhook" "internal" "api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etc-kubernetes-keystone-webhook mountPath: /etc/kubernetes-keystone-webhook - name: key-kubernetes-keystone-webhook @@ -76,6 +78,8 @@ spec: subPath: start.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etc-kubernetes-keystone-webhook emptyDir: {} - name: key-kubernetes-keystone-webhook diff --git a/kubernetes-keystone-webhook/templates/pod-test.yaml b/kubernetes-keystone-webhook/templates/pod-test.yaml index 087d269bb..c24dd4027 100644 --- a/kubernetes-keystone-webhook/templates/pod-test.yaml +++ b/kubernetes-keystone-webhook/templates/pod-test.yaml @@ -49,12 +49,16 @@ spec: command: - /tmp/kubernetes-keystone-webhook-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: kubernetes-keystone-webhook-bin mountPath: /tmp/kubernetes-keystone-webhook-test.sh subPath: kubernetes-keystone-webhook-test.sh readOnly: true {{ if $mounts_kubernetes_keystone_webhook_tests.volumeMounts }}{{ toYaml $mounts_kubernetes_keystone_webhook_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: kubernetes-keystone-webhook-bin configMap: name: kubernetes-keystone-webhook-bin diff --git a/ldap/templates/statefulset.yaml b/ldap/templates/statefulset.yaml index a15f315b1..6f3396372 100644 --- a/ldap/templates/statefulset.yaml +++ b/ldap/templates/statefulset.yaml @@ -62,12 +62,16 @@ spec: ports: - containerPort: {{ tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ldap-data mountPath: /var/lib/ldap - name: ldap-config mountPath: /etc/ldap/slapd.d -{{- if not .Values.storage.pvc.enabled }} volumes: + - name: pod-tmp + emptyDir: {} +{{- if not .Values.storage.pvc.enabled }} - name: ldap-data hostPath: path: {{ .Values.storage.host.data_path }} @@ -76,21 +80,21 @@ spec: path: {{ .Values.storage.host.config_path }} {{- else }} volumeClaimTemplates: - - metadata: - name: ldap-data - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.storage.pvc.class_name }} - resources: - requests: - storage: {{ .Values.storage.pvc.size }} - - metadata: - name: ldap-config - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.storage.pvc.class_name }} - resources: - requests: - storage: {{ .Values.storage.pvc.size }} + - metadata: + name: ldap-data + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.storage.pvc.class_name }} + resources: + requests: + storage: {{ .Values.storage.pvc.size }} + - metadata: + name: ldap-config + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.storage.pvc.class_name }} + resources: + requests: + storage: {{ .Values.storage.pvc.size }} {{- end }} {{- end }} diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml index 13ec0aa12..e8bca78bb 100644 --- a/libvirt/templates/daemonset-libvirt.yaml +++ b/libvirt/templates/daemonset-libvirt.yaml @@ -67,6 +67,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: libvirt-bin @@ -96,6 +98,8 @@ spec: command: - /tmp/ceph-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: libvirt-bin @@ -148,6 +152,8 @@ spec: - |- kill $(cat /var/run/libvirtd.pid) volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: libvirt-bin mountPath: /tmp/libvirt.sh subPath: libvirt.sh @@ -201,6 +207,8 @@ spec: {{- end }} {{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: libvirt-bin configMap: name: libvirt-bin diff --git a/mariadb/templates/cron-job-backup-mariadb.yaml b/mariadb/templates/cron-job-backup-mariadb.yaml index 2da5cd357..e3501f7d3 100644 --- a/mariadb/templates/cron-job-backup-mariadb.yaml +++ b/mariadb/templates/cron-job-backup-mariadb.yaml @@ -48,53 +48,57 @@ spec: initContainers: {{ tuple $envAll "mariadb_backup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 10 }} containers: - - command: - - /tmp/backup_mariadb.sh - env: - - name: MARIADB_BACKUP_BASE_DIR - value: {{ .Values.conf.backup.base_path | quote }} - - name: MYSQL_BACKUP_MYSQLDUMP_OPTIONS - value: {{ .Values.conf.backup.mysqldump_options | quote }} - - name: MARIADB_BACKUP_DAYS_TO_KEEP - value: {{ .Values.conf.backup.days_of_backup_to_keep | quote }} - - name: MARIADB_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 12 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 12 }} - name: mariadb-backup - volumeMounts: - - mountPath: /tmp/backup_mariadb.sh - name: mariadb-bin - readOnly: true - subPath: backup_mariadb.sh - - mountPath: {{ .Values.conf.backup.base_path }} - name: mariadb-backup-dir - - name: mariadb-secrets - mountPath: /etc/mysql/admin_user.cnf - subPath: admin_user.cnf - readOnly: true + - name: mariadb-backup + command: + - /tmp/backup_mariadb.sh + env: + - name: MARIADB_BACKUP_BASE_DIR + value: {{ .Values.conf.backup.base_path | quote }} + - name: MYSQL_BACKUP_MYSQLDUMP_OPTIONS + value: {{ .Values.conf.backup.mysqldump_options | quote }} + - name: MARIADB_BACKUP_DAYS_TO_KEEP + value: {{ .Values.conf.backup.days_of_backup_to_keep | quote }} + - name: MARIADB_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - mountPath: /tmp/backup_mariadb.sh + name: mariadb-bin + readOnly: true + subPath: backup_mariadb.sh + - mountPath: {{ .Values.conf.backup.base_path }} + name: mariadb-backup-dir + - name: mariadb-secrets + mountPath: /etc/mysql/admin_user.cnf + subPath: admin_user.cnf + readOnly: true restartPolicy: OnFailure serviceAccount: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }} volumes: - - name: mariadb-secrets - secret: - secretName: mariadb-secrets - defaultMode: 384 - - configMap: - defaultMode: 365 + - name: pod-tmp + emptyDir: {} + - name: mariadb-secrets + secret: + secretName: mariadb-secrets + defaultMode: 384 + - configMap: + defaultMode: 365 + name: mariadb-bin name: mariadb-bin - name: mariadb-bin - {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }} - - name: mariadb-backup-dir - persistentVolumeClaim: - claimName: mariadb-backup-data - {{- else }} - - hostPath: - path: {{ .Values.conf.backup.base_path }} - type: DirectoryOrCreate - name: mariadb-backup-dir - {{- end }} + {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }} + - name: mariadb-backup-dir + persistentVolumeClaim: + claimName: mariadb-backup-data + {{- else }} + - hostPath: + path: {{ .Values.conf.backup.base_path }} + type: DirectoryOrCreate + name: mariadb-backup-dir + {{- end }} {{- end }} diff --git a/mariadb/templates/deployment-error.yaml b/mariadb/templates/deployment-error.yaml index a9361bc39..121c513d7 100644 --- a/mariadb/templates/deployment-error.yaml +++ b/mariadb/templates/deployment-error.yaml @@ -77,13 +77,17 @@ spec: - /tmp/mariadb-ingress-error-pages.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ingress-bin mountPath: /tmp/mariadb-ingress-error-pages.sh subPath: mariadb-ingress-error-pages.sh readOnly: true volumes: - - name: ingress-bin - configMap: - name: mariadb-bin - defaultMode: 0555 + - name: pod-tmp + emptyDir: {} + - name: ingress-bin + configMap: + name: mariadb-bin + defaultMode: 0555 {{- end }} diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml index eff88fab8..d9861e145 100644 --- a/mariadb/templates/deployment-ingress.yaml +++ b/mariadb/templates/deployment-ingress.yaml @@ -188,6 +188,8 @@ spec: - /tmp/mariadb-ingress-controller.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mariadb-bin mountPath: /tmp/mariadb-ingress-controller.sh subPath: mariadb-ingress-controller.sh @@ -197,6 +199,8 @@ spec: subPath: nginx.tmpl readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: mariadb-bin configMap: name: mariadb-bin diff --git a/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml b/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml index 20019269c..af4da0209 100644 --- a/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml @@ -82,6 +82,8 @@ spec: - name: TELEMETRY_PATH value: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" | quote }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mysql-exporter-secrets mountPath: /etc/mysql/mysql_user.cnf subPath: mysql_user.cnf @@ -91,6 +93,8 @@ spec: subPath: mysqld-exporter.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: mysql-exporter-secrets secret: secretName: mysql-exporter-secrets diff --git a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml index f7688a538..79fe879c8 100644 --- a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml +++ b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml @@ -59,6 +59,8 @@ spec: name: mysql-exporter-secrets key: EXPORTER_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mysql-exporter-bin mountPath: /tmp/create-mysql-user.sh subPath: create-mysql-user.sh @@ -68,6 +70,8 @@ spec: subPath: admin_user.cnf readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: mysql-exporter-bin configMap: name: mysql-exporter-bin diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml index de940b980..fbc103905 100644 --- a/mariadb/templates/pod-test.yaml +++ b/mariadb/templates/pod-test.yaml @@ -46,7 +46,7 @@ spec: command: - /tmp/test.sh volumeMounts: - - name: tmp + - name: pod-tmp mountPath: /tmp - name: mariadb-bin mountPath: /tmp/test.sh @@ -63,7 +63,7 @@ spec: {{ end }} readOnly: true volumes: - - name: tmp + - name: pod-tmp emptyDir: {} - name: mariadb-bin configMap: diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml index 59df53528..8beab96d0 100644 --- a/mariadb/templates/statefulset.yaml +++ b/mariadb/templates/statefulset.yaml @@ -115,6 +115,8 @@ spec: - "mysql:mysql" - /var/lib/mysql volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mysql-data mountPath: /var/lib/mysql {{- end }} @@ -176,7 +178,7 @@ spec: command: - /tmp/readiness.sh volumeMounts: - - name: tmp + - name: pod-tmp mountPath: /tmp - name: var-run mountPath: /var/run/mysqld @@ -217,9 +219,9 @@ spec: - name: mysql-data mountPath: /var/lib/mysql volumes: - - name: mycnfd + - name: pod-tmp emptyDir: {} - - name: tmp + - name: mycnfd emptyDir: {} - name: var-run emptyDir: {} diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index 0ee9bbca8..a361b2670 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -76,11 +76,15 @@ spec: tcpSocket: port: {{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: memcached-bin mountPath: /tmp/memcached.sh subPath: memcached.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: memcached-bin configMap: name: {{ $configMapBinName | quote }} diff --git a/memcached/templates/monitoring/prometheus/exporter-deployment.yaml b/memcached/templates/monitoring/prometheus/exporter-deployment.yaml index fb12cc1e6..549a56779 100644 --- a/memcached/templates/monitoring/prometheus/exporter-deployment.yaml +++ b/memcached/templates/monitoring/prometheus/exporter-deployment.yaml @@ -64,11 +64,15 @@ spec: - name: MEMCACHED_HOST value: {{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: memcached-exporter-bin mountPath: /tmp/memcached-exporter.sh subPath: memcached-exporter.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: memcached-exporter-bin configMap: name: {{ $configMapBinName | quote }} diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml index d5c840438..77b0c809f 100644 --- a/mongodb/templates/statefulset.yaml +++ b/mongodb/templates/statefulset.yaml @@ -61,6 +61,8 @@ spec: - "mongodb:" - {{ $envAll.Values.volume.host.host_path }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mongodb-data mountPath: {{ $envAll.Values.volume.host.host_path }} {{- end }} @@ -100,6 +102,8 @@ spec: timeoutSeconds: 5 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mongodb-bin mountPath: /tmp/start.sh subPath: start.sh @@ -111,24 +115,26 @@ spec: - name: mongodb-data mountPath: /data/db volumes: - - name: mongodb-bin - configMap: - name: mongodb-bin - defaultMode: 0555 + - name: pod-tmp + emptyDir: {} + - name: mongodb-bin + configMap: + name: mongodb-bin + defaultMode: 0555 {{- if not .Values.volume.enabled }} - - name: mongodb-data - hostPath: - path: {{ .Values.volume.host_path }} + - name: mongodb-data + hostPath: + path: {{ .Values.volume.host_path }} {{- else }} volumeClaimTemplates: - - metadata: - name: mongodb-data - annotations: - {{ .Values.volume.class_path }}: {{ .Values.volume.class_name }} - spec: - accessModes: [ "ReadWriteOnce" ] - resources: - requests: - storage: {{ .Values.volume.size }} + - metadata: + name: mongodb-data + annotations: + {{ .Values.volume.class_path }}: {{ .Values.volume.class_name }} + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.volume.size }} {{- end }} {{- end }} diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml index 29bc6ddb1..1631cc025 100644 --- a/nagios/templates/deployment.yaml +++ b/nagios/templates/deployment.yaml @@ -122,6 +122,8 @@ spec: name: {{ $nagiosUserSecret }} key: NAGIOSADMIN_PASS volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nagios-bin mountPath: /tmp/apache.sh subPath: apache.sh @@ -174,6 +176,8 @@ spec: name: {{ $nagiosUserSecret }} key: NAGIOSADMIN_PASS volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nagios-etc mountPath: /opt/nagios/etc/nagios.cfg subPath: nagios.cfg @@ -199,6 +203,8 @@ spec: - name: pod-var-log mountPath: /opt/nagios/var/log volumes: + - name: pod-tmp + emptyDir: {} - name: pod-var-log emptyDir: {} - name: nagios-etc diff --git a/nfs-provisioner/templates/deployment.yaml b/nfs-provisioner/templates/deployment.yaml index f9f8f8fa5..c9026d64c 100644 --- a/nfs-provisioner/templates/deployment.yaml +++ b/nfs-provisioner/templates/deployment.yaml @@ -159,9 +159,13 @@ spec: {{- end }} - "-grace-period=10" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: export-volume mountPath: /export volumes: + - name: pod-tmp + emptyDir: {} - name: export-volume {{- if eq .Values.storage.type "persistentVolumeClaim" }} persistentVolumeClaim: diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml index 09a43ab2c..ba94f1612 100644 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ b/openvswitch/templates/daemonset-ovs-db.yaml @@ -82,6 +82,8 @@ spec: - /tmp/openvswitch-db-server.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: openvswitch-bin mountPath: /tmp/openvswitch-db-server.sh subPath: openvswitch-db-server.sh @@ -91,6 +93,8 @@ spec: - name: run mountPath: /run volumes: + - name: pod-tmp + emptyDir: {} - name: openvswitch-bin configMap: name: openvswitch-bin diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml index b0363a991..3974a8625 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml @@ -59,6 +59,8 @@ spec: command: - /tmp/openvswitch-vswitchd-init-modules.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: openvswitch-bin mountPath: /tmp/openvswitch-vswitchd-init-modules.sh subPath: openvswitch-vswitchd-init-modules.sh @@ -100,6 +102,8 @@ spec: - /tmp/openvswitch-db-server.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: openvswitch-bin mountPath: /tmp/openvswitch-vswitchd.sh subPath: openvswitch-vswitchd.sh @@ -107,6 +111,8 @@ spec: - name: run mountPath: /run volumes: + - name: pod-tmp + emptyDir: {} - name: openvswitch-bin configMap: name: openvswitch-bin diff --git a/podsecuritypolicy/values.yaml b/podsecuritypolicy/values.yaml index 807e12893..814f3a934 100644 --- a/podsecuritypolicy/values.yaml +++ b/podsecuritypolicy/values.yaml @@ -49,11 +49,11 @@ data: fsGroup: rule: RunAsAny volumes: - - '*' + - '*' allowedCapabilities: - - '*' + - '*' hostPorts: - - min: 1 - max: 65536 + - min: 1 + max: 65536 manifests: podsecuritypolicy: true diff --git a/postgresql/templates/cron-job-backup-postgres.yaml b/postgresql/templates/cron-job-backup-postgres.yaml index 32d716815..aefb37774 100644 --- a/postgresql/templates/cron-job-backup-postgres.yaml +++ b/postgresql/templates/cron-job-backup-postgres.yaml @@ -46,64 +46,68 @@ spec: nodeSelector: {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} containers: - - command: - - /tmp/backup_postgresql.sh - env: - - name: POSTGRESQL_BACKUP_PASSWORD - valueFrom: - secretKeyRef: - key: POSTGRES_PASSWORD - name: postgresql-admin - - name: POSTGRESQL_BACKUP_USER - valueFrom: - secretKeyRef: - key: POSTGRES_USER - name: postgresql-admin - - name: POSTGRESQL_BACKUP_BASE_DIR - value: {{ .Values.conf.backup.base_path }} - - name: POSTGRESQL_BACKUP_PG_DUMPALL_OPTIONS - value: {{ .Values.conf.backup.pg_dumpall_options }} - - name: POSTGRESQL_BACKUP_DAYS_TO_KEEP - value: "{{ .Values.conf.backup.days_of_backup_to_keep }}" - - name: POSTGRESQL_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 12 }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 12 }} - name: postgresql-backup - volumeMounts: - - mountPath: /tmp/backup_postgresql.sh - name: postgresql-bin - readOnly: true - subPath: backup_postgresql.sh - - mountPath: {{ .Values.conf.backup.base_path }} - name: postgresql-backup-dir - - name: postgresql-secrets - mountPath: /etc/postgresql/admin_user.conf - subPath: admin_user.conf - readOnly: true + - name: postgresql-backup +{{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 14 }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} + command: + - /tmp/backup_postgresql.sh + env: + - name: POSTGRESQL_BACKUP_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: postgresql-admin + - name: POSTGRESQL_BACKUP_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: postgresql-admin + - name: POSTGRESQL_BACKUP_BASE_DIR + value: {{ .Values.conf.backup.base_path }} + - name: POSTGRESQL_BACKUP_PG_DUMPALL_OPTIONS + value: {{ .Values.conf.backup.pg_dumpall_options }} + - name: POSTGRESQL_BACKUP_DAYS_TO_KEEP + value: "{{ .Values.conf.backup.days_of_backup_to_keep }}" + - name: POSTGRESQL_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - mountPath: /tmp/backup_postgresql.sh + name: postgresql-bin + readOnly: true + subPath: backup_postgresql.sh + - mountPath: {{ .Values.conf.backup.base_path }} + name: postgresql-backup-dir + - name: postgresql-secrets + mountPath: /etc/postgresql/admin_user.conf + subPath: admin_user.conf + readOnly: true restartPolicy: OnFailure securityContext: {} serviceAccount: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }} volumes: - - name: postgresql-secrets - secret: - secretName: postgresql-secrets - defaultMode: 0600 - - configMap: - defaultMode: 365 + - name: pod-tmp + emptyDir: {} + - name: postgresql-secrets + secret: + secretName: postgresql-secrets + defaultMode: 0600 + - configMap: + defaultMode: 365 + name: postgresql-bin name: postgresql-bin - name: postgresql-bin - {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }} - - name: postgresql-backup-dir - persistentVolumeClaim: - claimName: postgresql-backup-data - {{- else }} - - hostPath: - path: {{ .Values.conf.backup.base_path }} - type: DirectoryOrCreate - name: postgresql-backup-dir - {{- end }} + {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }} + - name: postgresql-backup-dir + persistentVolumeClaim: + claimName: postgresql-backup-data + {{- else }} + - hostPath: + path: {{ .Values.conf.backup.base_path }} + type: DirectoryOrCreate + name: postgresql-backup-dir + {{- end }} {{- end }} diff --git a/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml b/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml index 73fabca3a..f74b66a67 100644 --- a/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml +++ b/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml @@ -66,11 +66,15 @@ spec: - name: POSTGRESQL_HOST_PORT value: {{ tuple "postgresql" "internal" "postgresql" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: postgresql-exporter-bin mountPath: /tmp/create-postgresql-exporter-user.sh subPath: create-postgresql-exporter-user.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: postgresql-exporter-bin configMap: name: postgresql-exporter-bin diff --git a/postgresql/templates/pod-test.yaml b/postgresql/templates/pod-test.yaml index 66b955539..d260f32a9 100644 --- a/postgresql/templates/pod-test.yaml +++ b/postgresql/templates/pod-test.yaml @@ -10,7 +10,9 @@ # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and -# limitations under the License. */}} +# limitations under the License. +*/}} + {{- if .Values.manifests.test_basic }} {{- $dependencies := .Values.dependencies.static.tests }} {{- $serviceAccountName := print .Release.Name "-test" }} @@ -52,17 +54,21 @@ spec: secretKeyRef: name: {{ .Values.secrets.postgresql.admin }} key: POSTGRES_PASSWORD - image: {{ .Values.images.tags.postgresql }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple . .Values.pod.resources.test | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} - command: ["/tmp/db_test.sh"] + command: + - /tmp/db_test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: postgresql-bin mountPath: /tmp/db_test.sh subPath: db_test.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: postgresql-bin configMap: name: postgresql-bin diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml index 2cfd14b35..eb9ee0db6 100644 --- a/postgresql/templates/statefulset.yaml +++ b/postgresql/templates/statefulset.yaml @@ -59,6 +59,8 @@ spec: - {{ .Values.storage.mount.path | quote }} {{ dict "envAll" $envAll "application" "server" "container" "set-volume-perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: postgresql-data mountPath: {{ .Values.storage.mount.path }} subPath: {{ .Values.storage.mount.subpath }} @@ -96,6 +98,8 @@ spec: initialDelaySeconds: 20 timeoutSeconds: 5 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: postgresql-bin mountPath: /tmp/start.sh subPath: start.sh @@ -108,6 +112,8 @@ spec: mountPath: {{ .Values.storage.mount.path }} subPath: {{ .Values.storage.mount.subpath }} volumes: + - name: pod-tmp + emptyDir: {} - name: postgresql-bin configMap: name: postgresql-bin diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml index 248f0a22c..c874edce1 100644 --- a/prometheus-alertmanager/templates/statefulset.yaml +++ b/prometheus-alertmanager/templates/statefulset.yaml @@ -67,6 +67,8 @@ spec: - "nobody:" - /var/lib/alertmanager/data volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: alertmanager-data mountPath: /var/lib/alertmanager/data containers: @@ -100,6 +102,8 @@ spec: initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etc-alertmanager mountPath: /etc/config - name: alertmanager-etc @@ -118,6 +122,8 @@ spec: mountPath: /var/lib/alertmanager/data {{ if $mounts_alertmanager.volumeMounts }}{{ toYaml $mounts_alertmanager.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: etc-alertmanager emptyDir: {} - name: alertmanager-etc diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml index b1e8f3e6f..84bde1c8b 100644 --- a/prometheus-kube-state-metrics/templates/deployment.yaml +++ b/prometheus-kube-state-metrics/templates/deployment.yaml @@ -135,11 +135,15 @@ spec: initialDelaySeconds: 20 periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: kube-state-metrics-bin mountPath: /tmp/kube-state-metrics.sh subPath: kube-state-metrics.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: kube-state-metrics-bin configMap: name: kube-state-metrics-bin diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml index c08bc4659..721a146f3 100644 --- a/prometheus-node-exporter/templates/daemonset.yaml +++ b/prometheus-node-exporter/templates/daemonset.yaml @@ -84,6 +84,8 @@ spec: initialDelaySeconds: 20 periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: proc mountPath: /host/proc readOnly: true @@ -100,6 +102,8 @@ spec: subPath: node-exporter.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: proc hostPath: path: /proc diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml index 49aac9574..1d6cd7e3f 100644 --- a/prometheus-openstack-exporter/templates/deployment.yaml +++ b/prometheus-openstack-exporter/templates/deployment.yaml @@ -81,11 +81,15 @@ spec: {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: prometheus-openstack-exporter-bin mountPath: /tmp/prometheus-openstack-exporter.sh subPath: prometheus-openstack-exporter.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: prometheus-openstack-exporter-bin configMap: name: prometheus-openstack-exporter-bin diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml index 763cd2fef..c6ed3092e 100644 --- a/prometheus-openstack-exporter/templates/job-ks-user.yaml +++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml @@ -43,6 +43,8 @@ spec: - /tmp/ks-user.sh {{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -59,6 +61,8 @@ spec: - name: SERVICE_OS_ROLE value: {{ .Values.endpoints.identity.auth.user.role | quote }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-user-sh configMap: name: prometheus-openstack-exporter-bin diff --git a/prometheus-process-exporter/templates/daemonset.yaml b/prometheus-process-exporter/templates/daemonset.yaml index 67baed8f1..f694963e6 100644 --- a/prometheus-process-exporter/templates/daemonset.yaml +++ b/prometheus-process-exporter/templates/daemonset.yaml @@ -84,10 +84,14 @@ spec: initialDelaySeconds: 20 periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: proc mountPath: /host/proc readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: proc hostPath: path: /proc diff --git a/prometheus/templates/pod-helm-tests.yaml b/prometheus/templates/pod-helm-tests.yaml index 4db6b2283..e3986c852 100644 --- a/prometheus/templates/pod-helm-tests.yaml +++ b/prometheus/templates/pod-helm-tests.yaml @@ -57,11 +57,15 @@ spec: - name: PROMETHEUS_ENDPOINT value: {{ tuple "monitoring" "internal" "http" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: prometheus-bin mountPath: /tmp/helm-tests.sh subPath: helm-tests.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: prometheus-bin configMap: name: prometheus-bin diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml index 468451ee0..fc9165e89 100644 --- a/prometheus/templates/statefulset.yaml +++ b/prometheus/templates/statefulset.yaml @@ -109,6 +109,8 @@ spec: - "nobody:" - /var/lib/prometheus/data volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: storage mountPath: /var/lib/prometheus/data containers: @@ -135,6 +137,8 @@ spec: name: {{ $promUserSecret }} key: PROMETHEUS_ADMIN_PASSWORD volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: prometheus-bin mountPath: /tmp/apache.sh subPath: apache.sh @@ -165,6 +169,8 @@ spec: initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcprometheus mountPath: /etc/config - name: rulesprometheus @@ -187,6 +193,8 @@ spec: mountPath: /var/lib/prometheus/data {{ if $mounts_prometheus.volumeMounts }}{{ toYaml $mounts_prometheus.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: etcprometheus emptyDir: {} - name: rulesprometheus diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml index 8f77f6692..12488eb6b 100644 --- a/rabbitmq/templates/job-cluster-wait.yaml +++ b/rabbitmq/templates/job-cluster-wait.yaml @@ -51,11 +51,15 @@ spec: command: - /tmp/rabbitmq-wait-for-cluster.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rabbitmq-bin mountPath: /tmp/rabbitmq-wait-for-cluster.sh subPath: rabbitmq-wait-for-cluster.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml index ff45368fd..3139455a0 100644 --- a/rabbitmq/templates/pod-test.yaml +++ b/rabbitmq/templates/pod-test.yaml @@ -53,11 +53,15 @@ spec: command: - /tmp/rabbitmq-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rabbitmq-bin mountPath: /tmp/rabbitmq-test.sh subPath: rabbitmq-test.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml index 1016f7f2b..46681972e 100644 --- a/rabbitmq/templates/statefulset.yaml +++ b/rabbitmq/templates/statefulset.yaml @@ -112,6 +112,8 @@ spec: - name: RABBITMQ_DEFINITION_FILE value: "{{ index $envAll.Values.conf.rabbitmq "management.load_definitions" }}" volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rabbitmq-data mountPath: /var/lib/rabbitmq - name: rabbitmq-bin @@ -126,6 +128,8 @@ spec: command: - /tmp/rabbitmq-cookie.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rabbitmq-bin mountPath: /tmp/rabbitmq-cookie.sh subPath: rabbitmq-cookie.sh @@ -148,6 +152,8 @@ spec: - "rabbitmq:" - /var/lib/rabbitmq volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rabbitmq-data mountPath: /var/lib/rabbitmq {{- end }} @@ -203,6 +209,8 @@ spec: command: - /tmp/rabbitmq-liveness.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rabbitmq-data mountPath: /var/lib/rabbitmq - name: rabbitmq-bin @@ -226,6 +234,8 @@ spec: subPath: rabbitmq.conf readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: rabbitmq-bin configMap: name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} diff --git a/redis/templates/pod_test.yaml b/redis/templates/pod_test.yaml index 86fe5dae9..09952ebdf 100644 --- a/redis/templates/pod_test.yaml +++ b/redis/templates/pod_test.yaml @@ -48,6 +48,8 @@ spec: - name: REDIS_DB value: '0' volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: redis-test mountPath: /tmp/redis-test.sh subPath: redis-test.sh @@ -55,6 +57,8 @@ spec: mountPath: /tmp/python-tests.py subPath: python-tests.py volumes: + - name: pod-tmp + emptyDir: {} - name: redis-test configMap: name: redis-bin diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml index 4b1342a7c..ece13e043 100644 --- a/registry/templates/daemonset-registry-proxy.yaml +++ b/registry/templates/daemonset-registry-proxy.yaml @@ -55,6 +55,8 @@ spec: command: - /tmp/registry-proxy.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: registry-bin mountPath: /tmp/registry-proxy.sh subPath: registry-proxy.sh @@ -64,6 +66,8 @@ spec: subPath: default.conf readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: registry-bin configMap: name: registry-bin diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml index e8642a214..f89ebef4a 100644 --- a/registry/templates/deployment-registry.yaml +++ b/registry/templates/deployment-registry.yaml @@ -60,17 +60,21 @@ spec: command: - /tmp/registry.sh volumeMounts: - - name: registry-bin - mountPath: /tmp/registry.sh - subPath: registry.sh - readOnly: true - - name: registry-etc - mountPath: /etc/docker/registry/config.yml - subPath: config.yml - readOnly: true - - name: docker-images - mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }} + - name: pod-tmp + mountPath: /tmp + - name: registry-bin + mountPath: /tmp/registry.sh + subPath: registry.sh + readOnly: true + - name: registry-etc + mountPath: /etc/docker/registry/config.yml + subPath: config.yml + readOnly: true + - name: docker-images + mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }} volumes: + - name: pod-tmp + emptyDir: {} - name: registry-bin configMap: name: registry-bin diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml index 8c2b6250d..26a3c9cd7 100644 --- a/registry/templates/job-bootstrap.yaml +++ b/registry/templates/job-bootstrap.yaml @@ -51,6 +51,8 @@ spec: command: - /tmp/bootstrap.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: registry-bin mountPath: /tmp/bootstrap.sh subPath: bootstrap.sh @@ -58,6 +60,8 @@ spec: - name: docker-socket mountPath: /var/run/docker.sock volumes: + - name: pod-tmp + emptyDir: {} - name: registry-bin configMap: name: registry-bin