Fix file permission and readOnly flag
This patchset enforces stricter file permission on *-etc configmap and sets readOnly flag to true in a number of charts. Change-Id: I233689a5d56dd1352e0d81997a94b4cdd6bed5d2 Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam
parent
fecac47b5a
commit
670a78bcbe
@ -91,6 +91,7 @@ spec:
|
|||||||
- name: barbican-etc
|
- name: barbican-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: barbican-etc
|
name: barbican-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: barbican-bin
|
- name: barbican-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: barbican-bin
|
name: barbican-bin
|
||||||
|
|||||||
@ -45,12 +45,12 @@ spec:
|
|||||||
command:
|
command:
|
||||||
- /tmp/db-init.py
|
- /tmp/db-init.py
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: barbican-etc
|
||||||
|
mountPath: /etc/barbican
|
||||||
- name: barbican-bin
|
- name: barbican-bin
|
||||||
mountPath: /tmp/db-init.py
|
mountPath: /tmp/db-init.py
|
||||||
subPath: db-init.py
|
subPath: db-init.py
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: barbican-etc
|
|
||||||
mountPath: /etc/barbican
|
|
||||||
- name: barbican-conf
|
- name: barbican-conf
|
||||||
mountPath: /etc/barbican/barbican.conf
|
mountPath: /etc/barbican/barbican.conf
|
||||||
subPath: barbican.conf
|
subPath: barbican.conf
|
||||||
@ -61,6 +61,7 @@ spec:
|
|||||||
- name: barbican-conf
|
- name: barbican-conf
|
||||||
configMap:
|
configMap:
|
||||||
name: barbican-etc
|
name: barbican-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: barbican-bin
|
- name: barbican-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: barbican-bin
|
name: barbican-bin
|
||||||
|
|||||||
@ -49,6 +49,7 @@ spec:
|
|||||||
- name: barbican-etc
|
- name: barbican-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: barbican-etc
|
name: barbican-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: barbican-bin
|
- name: barbican-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: barbican-bin
|
name: barbican-bin
|
||||||
|
|||||||
@ -114,6 +114,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-client-admin-keyring
|
- name: ceph-client-admin-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .Values.secrets.keyrings.admin }}
|
secretName: {{ .Values.secrets.keyrings.admin }}
|
||||||
|
|||||||
@ -101,6 +101,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-client-admin-keyring
|
- name: ceph-client-admin-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .Values.secrets.keyrings.admin }}
|
secretName: {{ .Values.secrets.keyrings.admin }}
|
||||||
|
|||||||
@ -92,6 +92,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-client-admin-keyring
|
- name: ceph-client-admin-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .Values.secrets.keyrings.admin }}
|
secretName: {{ .Values.secrets.keyrings.admin }}
|
||||||
|
|||||||
@ -104,6 +104,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-client-admin-keyring
|
- name: ceph-client-admin-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .Values.secrets.keyrings.admin }}
|
secretName: {{ .Values.secrets.keyrings.admin }}
|
||||||
|
|||||||
@ -81,5 +81,6 @@ spec:
|
|||||||
- name: ceph-templates
|
- name: ceph-templates
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-templates
|
name: ceph-templates
|
||||||
|
defaultMode: 0444
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|||||||
@ -74,4 +74,5 @@ spec:
|
|||||||
- name: ceph-templates
|
- name: ceph-templates
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-templates
|
name: ceph-templates
|
||||||
|
defaultMode: 0444
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@ -133,6 +133,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-client-admin-keyring
|
- name: ceph-client-admin-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: {{ .Values.secrets.keyrings.admin }}
|
secretName: {{ .Values.secrets.keyrings.admin }}
|
||||||
|
|||||||
@ -85,4 +85,5 @@ spec:
|
|||||||
- name: cinder-etc
|
- name: cinder-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-etc
|
name: cinder-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -88,6 +88,7 @@ spec:
|
|||||||
- name: cinder-etc
|
- name: cinder-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-etc
|
name: cinder-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: cinder-bin
|
- name: cinder-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-bin
|
name: cinder-bin
|
||||||
@ -98,6 +99,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-keyring
|
- name: ceph-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: pvc-ceph-client-key
|
secretName: pvc-ceph-client-key
|
||||||
|
|||||||
@ -71,4 +71,5 @@ spec:
|
|||||||
- name: cinder-etc
|
- name: cinder-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-etc
|
name: cinder-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -102,6 +102,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-keyring
|
- name: ceph-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: pvc-ceph-client-key
|
secretName: pvc-ceph-client-key
|
||||||
|
|||||||
@ -43,13 +43,16 @@ spec:
|
|||||||
- name: cinder-etc
|
- name: cinder-etc
|
||||||
mountPath: /etc/cinder/cinder.conf
|
mountPath: /etc/cinder/cinder.conf
|
||||||
subPath: cinder.conf
|
subPath: cinder.conf
|
||||||
|
readOnly: true
|
||||||
- name: cinder-bin
|
- name: cinder-bin
|
||||||
mountPath: /tmp/bootstrap.sh
|
mountPath: /tmp/bootstrap.sh
|
||||||
subPath: bootstrap.sh
|
subPath: bootstrap.sh
|
||||||
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: cinder-etc
|
- name: cinder-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-etc
|
name: cinder-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: cinder-bin
|
- name: cinder-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-bin
|
name: cinder-bin
|
||||||
|
|||||||
@ -63,6 +63,7 @@ spec:
|
|||||||
- name: cinder-etc
|
- name: cinder-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-etc
|
name: cinder-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: cinder-bin
|
- name: cinder-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-bin
|
name: cinder-bin
|
||||||
|
|||||||
@ -56,6 +56,7 @@ spec:
|
|||||||
- name: cinder-etc
|
- name: cinder-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-etc
|
name: cinder-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: cinder-bin
|
- name: cinder-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: cinder-bin
|
name: cinder-bin
|
||||||
|
|||||||
@ -67,6 +67,7 @@ spec:
|
|||||||
- name: glance-bin
|
- name: glance-bin
|
||||||
mountPath: /tmp/ceph-keyring.sh
|
mountPath: /tmp/ceph-keyring.sh
|
||||||
subPath: ceph-keyring.sh
|
subPath: ceph-keyring.sh
|
||||||
|
readOnly: true
|
||||||
- name: ceph-keyring
|
- name: ceph-keyring
|
||||||
mountPath: /tmp/client-keyring
|
mountPath: /tmp/client-keyring
|
||||||
subPath: key
|
subPath: key
|
||||||
@ -136,6 +137,7 @@ spec:
|
|||||||
- name: glance-etc
|
- name: glance-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-etc
|
name: glance-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if eq .Values.storage "pvc" }}
|
{{- if eq .Values.storage "pvc" }}
|
||||||
- name: glance-images
|
- name: glance-images
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
@ -146,6 +148,7 @@ spec:
|
|||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-keyring
|
- name: ceph-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: pvc-ceph-client-key
|
secretName: pvc-ceph-client-key
|
||||||
|
|||||||
@ -88,4 +88,5 @@ spec:
|
|||||||
- name: glance-etc
|
- name: glance-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-etc
|
name: glance-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_glance_registry.volumes }}{{ toYaml $mounts_glance_registry.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_glance_registry.volumes }}{{ toYaml $mounts_glance_registry.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -59,3 +59,4 @@ spec:
|
|||||||
- name: glance-etc
|
- name: glance-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-etc
|
name: glance-etc
|
||||||
|
defaultMode: 0444
|
||||||
|
|||||||
@ -63,6 +63,7 @@ spec:
|
|||||||
- name: glance-etc
|
- name: glance-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-etc
|
name: glance-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: glance-bin
|
- name: glance-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-bin
|
name: glance-bin
|
||||||
|
|||||||
@ -51,6 +51,7 @@ spec:
|
|||||||
- name: glance-etc
|
- name: glance-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-etc
|
name: glance-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: glance-bin
|
- name: glance-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-bin
|
name: glance-bin
|
||||||
|
|||||||
@ -56,6 +56,7 @@ spec:
|
|||||||
- name: glance-etc
|
- name: glance-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-etc
|
name: glance-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: glance-bin
|
- name: glance-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: glance-bin
|
name: glance-bin
|
||||||
|
|||||||
@ -92,4 +92,5 @@ spec:
|
|||||||
- name: heat-etc
|
- name: heat-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-etc
|
name: heat-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_heat_api.volumes }}{{ toYaml $mounts_heat_api.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_heat_api.volumes }}{{ toYaml $mounts_heat_api.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -92,4 +92,5 @@ spec:
|
|||||||
- name: heat-etc
|
- name: heat-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-etc
|
name: heat-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_heat_cfn.volumes }}{{ toYaml $mounts_heat_cfn.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_heat_cfn.volumes }}{{ toYaml $mounts_heat_cfn.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -92,4 +92,5 @@ spec:
|
|||||||
- name: heat-etc
|
- name: heat-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-etc
|
name: heat-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_heat_cloudwatch.volumes }}{{ toYaml $mounts_heat_cloudwatch.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_heat_cloudwatch.volumes }}{{ toYaml $mounts_heat_cloudwatch.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -63,6 +63,7 @@ spec:
|
|||||||
- name: heat-etc
|
- name: heat-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-etc
|
name: heat-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: heat-bin
|
- name: heat-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-bin
|
name: heat-bin
|
||||||
|
|||||||
@ -51,6 +51,7 @@ spec:
|
|||||||
- name: heat-etc
|
- name: heat-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-etc
|
name: heat-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: heat-bin
|
- name: heat-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-bin
|
name: heat-bin
|
||||||
|
|||||||
@ -72,4 +72,5 @@ spec:
|
|||||||
- name: heat-etc
|
- name: heat-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: heat-etc
|
name: heat-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_heat_engine.volumes }}{{ toYaml $mounts_heat_engine.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_heat_engine.volumes }}{{ toYaml $mounts_heat_engine.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -82,4 +82,5 @@ spec:
|
|||||||
- name: horizon-etc
|
- name: horizon-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: horizon-etc
|
name: horizon-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_horizon.volumes }}{{ toYaml $mounts_horizon.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_horizon.volumes }}{{ toYaml $mounts_horizon.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -74,8 +74,10 @@ spec:
|
|||||||
- name: ingress-etc
|
- name: ingress-etc
|
||||||
mountPath: /etc/resolv.conf
|
mountPath: /etc/resolv.conf
|
||||||
subPath: resolv.conf
|
subPath: resolv.conf
|
||||||
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
- name: ingress-etc
|
- name: ingress-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ingress-etc
|
name: ingress-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@ -103,6 +103,7 @@ spec:
|
|||||||
- name: keystone-etc
|
- name: keystone-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-etc
|
name: keystone-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: keystone-bin
|
- name: keystone-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-bin
|
name: keystone-bin
|
||||||
|
|||||||
@ -45,6 +45,7 @@ spec:
|
|||||||
- name: keystone-bin
|
- name: keystone-bin
|
||||||
mountPath: /tmp/bootstrap.sh
|
mountPath: /tmp/bootstrap.sh
|
||||||
subPath: bootstrap.sh
|
subPath: bootstrap.sh
|
||||||
|
readOnly: true
|
||||||
{{- if $mounts_keystone_bootstrap.volumeMounts }}{{ toYaml $mounts_keystone_bootstrap.volumeMounts | indent 10 }}{{ end }}
|
{{- if $mounts_keystone_bootstrap.volumeMounts }}{{ toYaml $mounts_keystone_bootstrap.volumeMounts | indent 10 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: keystone-bin
|
- name: keystone-bin
|
||||||
|
|||||||
@ -67,6 +67,7 @@ spec:
|
|||||||
- name: keystone-etc
|
- name: keystone-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-etc
|
name: keystone-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: keystone-bin
|
- name: keystone-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-bin
|
name: keystone-bin
|
||||||
|
|||||||
@ -66,6 +66,7 @@ spec:
|
|||||||
- name: keystone-etc
|
- name: keystone-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-etc
|
name: keystone-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: keystone-bin
|
- name: keystone-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-bin
|
name: keystone-bin
|
||||||
|
|||||||
@ -56,6 +56,7 @@ spec:
|
|||||||
- name: keystone-etc
|
- name: keystone-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-etc
|
name: keystone-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: keystone-bin
|
- name: keystone-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: keystone-bin
|
name: keystone-bin
|
||||||
|
|||||||
@ -92,4 +92,5 @@ spec:
|
|||||||
- name: magnum-etc
|
- name: magnum-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: magnum-etc
|
name: magnum-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_magnum_api.volumes }}{{ toYaml $mounts_magnum_api.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_magnum_api.volumes }}{{ toYaml $mounts_magnum_api.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -63,6 +63,7 @@ spec:
|
|||||||
- name: magnum-etc
|
- name: magnum-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: magnum-etc
|
name: magnum-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: magnum-bin
|
- name: magnum-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: magnum-bin
|
name: magnum-bin
|
||||||
|
|||||||
@ -51,6 +51,7 @@ spec:
|
|||||||
- name: magnum-etc
|
- name: magnum-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: magnum-etc
|
name: magnum-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: magnum-bin
|
- name: magnum-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: magnum-bin
|
name: magnum-bin
|
||||||
|
|||||||
@ -72,4 +72,5 @@ spec:
|
|||||||
- name: magnum-etc
|
- name: magnum-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: magnum-etc
|
name: magnum-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_magnum_conductor.volumes }}{{ toYaml $mounts_magnum_conductor.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_magnum_conductor.volumes }}{{ toYaml $mounts_magnum_conductor.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -100,6 +100,7 @@ spec:
|
|||||||
- name: mariadb-etc
|
- name: mariadb-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: mariadb-etc
|
name: mariadb-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if not .Values.volume.enabled }}
|
{{- if not .Values.volume.enabled }}
|
||||||
- name: mysql-data
|
- name: mysql-data
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
|||||||
@ -85,4 +85,5 @@ spec:
|
|||||||
- name: mistral-etc
|
- name: mistral-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: mistral-etc
|
name: mistral-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_mistral_api.volumes }}{{ toYaml $mounts_mistral_api.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_mistral_api.volumes }}{{ toYaml $mounts_mistral_api.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -67,4 +67,5 @@ spec:
|
|||||||
- name: mistral-etc
|
- name: mistral-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: mistral-etc
|
name: mistral-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_mistral_executor.volumes }}{{ toYaml $mounts_mistral_executor.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_mistral_executor.volumes }}{{ toYaml $mounts_mistral_executor.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -67,3 +67,4 @@ spec:
|
|||||||
- name: mistral-etc
|
- name: mistral-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: mistral-etc
|
name: mistral-etc
|
||||||
|
defaultMode: 0444
|
||||||
|
|||||||
@ -51,6 +51,7 @@ spec:
|
|||||||
- name: mistral-etc
|
- name: mistral-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: mistral-etc
|
name: mistral-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: mistral-bin
|
- name: mistral-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: mistral-bin
|
name: mistral-bin
|
||||||
|
|||||||
@ -62,4 +62,5 @@ spec:
|
|||||||
- name: mistral-etc
|
- name: mistral-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: mistral-etc
|
name: mistral-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_mistral_engine.volumes }}{{ toYaml $mounts_mistral_engine.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_mistral_engine.volumes }}{{ toYaml $mounts_mistral_engine.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -64,4 +64,5 @@ spec:
|
|||||||
- name: mistral-etc
|
- name: mistral-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: mistral-etc
|
name: mistral-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_mistral_event_engine.volumes }}{{ toYaml $mounts_mistral_event_engine.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_mistral_event_engine.volumes }}{{ toYaml $mounts_mistral_event_engine.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -90,6 +90,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: runopenvswitch
|
- name: runopenvswitch
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /run/openvswitch
|
path: /run/openvswitch
|
||||||
|
|||||||
@ -89,6 +89,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: runopenvswitch
|
- name: runopenvswitch
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /run/openvswitch
|
path: /run/openvswitch
|
||||||
|
|||||||
@ -88,6 +88,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: runopenvswitch
|
- name: runopenvswitch
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /run/openvswitch
|
path: /run/openvswitch
|
||||||
|
|||||||
@ -131,6 +131,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: libmodules
|
- name: libmodules
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /lib/modules
|
path: /lib/modules
|
||||||
|
|||||||
@ -66,6 +66,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: libmodules
|
- name: libmodules
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /lib/modules
|
path: /lib/modules
|
||||||
|
|||||||
@ -88,4 +88,5 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_neutron_server.volumes }}{{ toYaml $mounts_neutron_server.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_neutron_server.volumes }}{{ toYaml $mounts_neutron_server.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -63,6 +63,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: neutron-bin
|
- name: neutron-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-bin
|
name: neutron-bin
|
||||||
|
|||||||
@ -64,6 +64,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: neutron-bin
|
- name: neutron-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-bin
|
name: neutron-bin
|
||||||
|
|||||||
@ -56,6 +56,7 @@ spec:
|
|||||||
- name: neutron-etc
|
- name: neutron-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-etc
|
name: neutron-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: neutron-bin
|
- name: neutron-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: neutron-bin
|
name: neutron-bin
|
||||||
|
|||||||
@ -167,12 +167,14 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if .Values.ceph.enabled }}
|
{{- if .Values.ceph.enabled }}
|
||||||
- name: etcceph
|
- name: etcceph
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-keyring
|
- name: ceph-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: pvc-ceph-client-key
|
secretName: pvc-ceph-client-key
|
||||||
|
|||||||
@ -52,6 +52,7 @@ spec:
|
|||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
mountPath: /tmp/ceph-keyring.sh
|
mountPath: /tmp/ceph-keyring.sh
|
||||||
subPath: ceph-keyring.sh
|
subPath: ceph-keyring.sh
|
||||||
|
readOnly: true
|
||||||
- name: ceph-keyring
|
- name: ceph-keyring
|
||||||
mountPath: /tmp/client-keyring
|
mountPath: /tmp/client-keyring
|
||||||
subPath: key
|
subPath: key
|
||||||
@ -136,12 +137,14 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if .Values.ceph.enabled }}
|
{{- if .Values.ceph.enabled }}
|
||||||
- name: etcceph
|
- name: etcceph
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: ceph-etc
|
- name: ceph-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: ceph-etc
|
name: ceph-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: ceph-keyring
|
- name: ceph-keyring
|
||||||
secret:
|
secret:
|
||||||
secretName: pvc-ceph-client-key
|
secretName: pvc-ceph-client-key
|
||||||
|
|||||||
@ -96,4 +96,5 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -84,4 +84,5 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -67,4 +67,5 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -67,4 +67,5 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_nova_consoleauth.volumes }}{{ toYaml $mounts_nova_consoleauth.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_nova_consoleauth.volumes }}{{ toYaml $mounts_nova_consoleauth.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -67,4 +67,5 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_nova_scheduler.volumes }}{{ toYaml $mounts_nova_scheduler.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_nova_scheduler.volumes }}{{ toYaml $mounts_nova_scheduler.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -54,6 +54,7 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
|
|||||||
@ -92,6 +92,7 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
|
|||||||
@ -51,6 +51,7 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
|
|||||||
@ -54,6 +54,7 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
|
|||||||
@ -40,15 +40,6 @@ spec:
|
|||||||
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||||
volumes:
|
|
||||||
- name: rabbitmq-emptydir
|
|
||||||
emptyDir: {}
|
|
||||||
- name: rabbitmq-bin
|
|
||||||
configMap:
|
|
||||||
name: rabbitmq-bin
|
|
||||||
- name: rabbitmq-etc
|
|
||||||
configMap:
|
|
||||||
name: rabbitmq-etc
|
|
||||||
initContainers:
|
initContainers:
|
||||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 9 }}
|
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 9 }}
|
||||||
containers:
|
containers:
|
||||||
@ -105,3 +96,14 @@ spec:
|
|||||||
mountPath: /etc/rabbitmq/rabbitmq.config
|
mountPath: /etc/rabbitmq/rabbitmq.config
|
||||||
subPath: rabbitmq.config
|
subPath: rabbitmq.config
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
- name: rabbitmq-emptydir
|
||||||
|
emptyDir: {}
|
||||||
|
- name: rabbitmq-bin
|
||||||
|
configMap:
|
||||||
|
name: rabbitmq-bin
|
||||||
|
defaultMode: 0555
|
||||||
|
- name: rabbitmq-etc
|
||||||
|
configMap:
|
||||||
|
name: rabbitmq-etc
|
||||||
|
defaultMode: 0444
|
||||||
|
|||||||
@ -92,4 +92,5 @@ spec:
|
|||||||
- name: senlin-etc
|
- name: senlin-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: senlin-etc
|
name: senlin-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_senlin_api.volumes }}{{ toYaml $mounts_senlin_api.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_senlin_api.volumes }}{{ toYaml $mounts_senlin_api.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -63,6 +63,7 @@ spec:
|
|||||||
- name: senlin-etc
|
- name: senlin-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: senlin-etc
|
name: senlin-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: senlin-bin
|
- name: senlin-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: senlin-bin
|
name: senlin-bin
|
||||||
|
|||||||
@ -51,6 +51,7 @@ spec:
|
|||||||
- name: senlin-etc
|
- name: senlin-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: senlin-etc
|
name: senlin-etc
|
||||||
|
defaultMode: 0444
|
||||||
- name: senlin-bin
|
- name: senlin-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: senlin-bin
|
name: senlin-bin
|
||||||
|
|||||||
@ -72,4 +72,5 @@ spec:
|
|||||||
- name: senlin-etc
|
- name: senlin-etc
|
||||||
configMap:
|
configMap:
|
||||||
name: senlin-etc
|
name: senlin-etc
|
||||||
|
defaultMode: 0444
|
||||||
{{- if $mounts_senlin_engine.volumes }}{{ toYaml $mounts_senlin_engine.volumes | indent 8 }}{{ end }}
|
{{- if $mounts_senlin_engine.volumes }}{{ toYaml $mounts_senlin_engine.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user