Merge "Fix for adding allowPrivilegeEscalation flag in container securityContext in the charts whereever needed"
This commit is contained in:
commit
c510c08686
@ -72,6 +72,8 @@ spec:
|
|||||||
- name: cinder-api
|
- name: cinder-api
|
||||||
{{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/cinder-api.sh
|
- /tmp/cinder-api.sh
|
||||||
- start
|
- start
|
||||||
|
@ -71,6 +71,8 @@ spec:
|
|||||||
- name: cinder-scheduler
|
- name: cinder-scheduler
|
||||||
{{ tuple $envAll "cinder_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "cinder_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/cinder-scheduler.sh
|
- /tmp/cinder-scheduler.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -93,6 +93,8 @@ spec:
|
|||||||
- name: cinder-volume
|
- name: cinder-volume
|
||||||
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "cinder_volume" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.volume | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.volume | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/cinder-volume.sh
|
- /tmp/cinder-volume.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -70,6 +70,8 @@ spec:
|
|||||||
{{ if eq .Values.storage "rbd" }}
|
{{ if eq .Values.storage "rbd" }}
|
||||||
- name: ceph-keyring-placement
|
- name: ceph-keyring-placement
|
||||||
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
env:
|
env:
|
||||||
- name: RBD_STORE_USER
|
- name: RBD_STORE_USER
|
||||||
value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}
|
value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}
|
||||||
|
@ -58,6 +58,8 @@ spec:
|
|||||||
- name: glance-registry
|
- name: glance-registry
|
||||||
{{ tuple $envAll "glance_registry" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "glance_registry" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.registry | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.registry | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/glance-registry.sh
|
- /tmp/glance-registry.sh
|
||||||
- start
|
- start
|
||||||
|
@ -70,6 +70,8 @@ spec:
|
|||||||
{{ if or (eq .Values.storage "rbd") (eq .Values.storage "radosgw") }}
|
{{ if or (eq .Values.storage "rbd") (eq .Values.storage "radosgw") }}
|
||||||
- name: ceph-keyring-placement
|
- name: ceph-keyring-placement
|
||||||
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/ceph-admin-keyring.sh
|
- /tmp/ceph-admin-keyring.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -58,6 +58,8 @@ spec:
|
|||||||
- name: heat-api
|
- name: heat-api
|
||||||
{{ tuple $envAll "heat_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "heat_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/heat-api.sh
|
- /tmp/heat-api.sh
|
||||||
- start
|
- start
|
||||||
|
@ -58,6 +58,8 @@ spec:
|
|||||||
- name: heat-cfn
|
- name: heat-cfn
|
||||||
{{ tuple $envAll "heat_cfn" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "heat_cfn" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.cfn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.cfn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/heat-cfn.sh
|
- /tmp/heat-cfn.sh
|
||||||
- start
|
- start
|
||||||
|
@ -58,6 +58,8 @@ spec:
|
|||||||
- name: heat-cloudwatch
|
- name: heat-cloudwatch
|
||||||
{{ tuple $envAll "heat_cloudwatch" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "heat_cloudwatch" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.cloudwatch | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.cloudwatch | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/heat-cloudwatch.sh
|
- /tmp/heat-cloudwatch.sh
|
||||||
- start
|
- start
|
||||||
|
@ -66,6 +66,8 @@ spec:
|
|||||||
- name: heat-engine
|
- name: heat-engine
|
||||||
{{ tuple $envAll "heat_engine" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "heat_engine" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/heat-engine.sh
|
- /tmp/heat-engine.sh
|
||||||
- start
|
- start
|
||||||
|
@ -94,6 +94,8 @@ spec:
|
|||||||
{{ end }}
|
{{ end }}
|
||||||
- name: ceph-keyring-placement
|
- name: ceph-keyring-placement
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
env:
|
env:
|
||||||
- name: CEPH_CINDER_USER
|
- name: CEPH_CINDER_USER
|
||||||
value: "{{ .Values.conf.ceph.cinder.user }}"
|
value: "{{ .Values.conf.ceph.cinder.user }}"
|
||||||
@ -120,6 +122,8 @@ spec:
|
|||||||
- name: nova-compute-vnc-init
|
- name: nova-compute-vnc-init
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-compute-init.sh
|
- /tmp/nova-console-compute-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -134,6 +138,8 @@ spec:
|
|||||||
- name: nova-compute-spice-init
|
- name: nova-compute-spice-init
|
||||||
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-compute-init.sh
|
- /tmp/nova-console-compute-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -57,6 +57,8 @@ spec:
|
|||||||
- name: nova-api-metadata-init
|
- name: nova-api-metadata-init
|
||||||
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-api-metadata-init.sh
|
- /tmp/nova-api-metadata-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
@ -74,6 +76,8 @@ spec:
|
|||||||
- name: nova-api
|
- name: nova-api
|
||||||
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-api-metadata.sh
|
- /tmp/nova-api-metadata.sh
|
||||||
- start
|
- start
|
||||||
|
@ -58,6 +58,8 @@ spec:
|
|||||||
- name: nova-osapi
|
- name: nova-osapi
|
||||||
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-api.sh
|
- /tmp/nova-api.sh
|
||||||
- start
|
- start
|
||||||
|
@ -57,6 +57,8 @@ spec:
|
|||||||
- name: nova-conductor
|
- name: nova-conductor
|
||||||
{{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-conductor.sh
|
- /tmp/nova-conductor.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -57,6 +57,8 @@ spec:
|
|||||||
- name: nova-consoleauth
|
- name: nova-consoleauth
|
||||||
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-consoleauth.sh
|
- /tmp/nova-consoleauth.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -58,6 +58,8 @@ spec:
|
|||||||
- name: nova-novncproxy-init
|
- name: nova-novncproxy-init
|
||||||
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_novncproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-proxy-init.sh
|
- /tmp/nova-console-proxy-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -57,6 +57,8 @@ spec:
|
|||||||
- name: nova-scheduler
|
- name: nova-scheduler
|
||||||
{{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-scheduler.sh
|
- /tmp/nova-scheduler.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -58,6 +58,8 @@ spec:
|
|||||||
- name: nova-spiceproxy-init
|
- name: nova-spiceproxy-init
|
||||||
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_spiceproxy" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-console-proxy-init.sh
|
- /tmp/nova-console-proxy-init.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
Loading…
Reference in New Issue
Block a user