openstack/openstack-helm
Code Issues Proposed changes

Merge "Make remaining volumeMounts readOnly"

Browse Source
This commit is contained in:
Jenkins 2017-06-01 21:40:25 +00:00 committed by Gerrit Code Review
commit efc68f4347
5 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
glance/templates/job-bootstrap.yaml
View File

@ -56,9 +56,11 @@ spec:
- name: glance-bin - name: glance-bin
mountPath: /tmp/bootstrap.sh mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh subPath: bootstrap.sh
readOnly: true
- name: glance-etc - name: glance-etc
mountPath: /etc/glance/glance-api.conf mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf subPath: glance-api.conf
readOnly: true
volumes: volumes:
- name: imagedir - name: imagedir
emptyDir: {} emptyDir: {}

3
horizon/templates/deployment.yaml
View File

@ -68,12 +68,15 @@ spec:
- name: startsh - name: startsh
mountPath: /tmp/start.sh mountPath: /tmp/start.sh
subPath: start.sh subPath: start.sh
readOnly: true
- name: horizon-etc - name: horizon-etc
mountPath: /etc/apache2/sites-enabled/000-default.conf mountPath: /etc/apache2/sites-enabled/000-default.conf
subPath: horizon.conf subPath: horizon.conf
readOnly: true
- name: horizon-etc - name: horizon-etc
mountPath: /etc/openstack-dashboard/local_settings mountPath: /etc/openstack-dashboard/local_settings
subPath: local_settings subPath: local_settings
readOnly: true
{{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0

6
mariadb/templates/statefulset.yaml
View File

@ -85,21 +85,27 @@ spec:
- name: mariadb-bin - name: mariadb-bin
mountPath: /tmp/readiness.sh mountPath: /tmp/readiness.sh
subPath: readiness.sh subPath: readiness.sh
readOnly: true
- name: mariadb-bin - name: mariadb-bin
mountPath: /tmp/start.sh mountPath: /tmp/start.sh
subPath: start.sh subPath: start.sh
readOnly: true
- name: mariadb-etc - name: mariadb-etc
mountPath: /etc/mysql/my.cnf mountPath: /etc/mysql/my.cnf
readOnly: true
subPath: my.cnf subPath: my.cnf
- name: mariadb-etc - name: mariadb-etc
mountPath: /etc/mysql/conf.d/00-base.cnf mountPath: /etc/mysql/conf.d/00-base.cnf
subPath: 00-base.cnf subPath: 00-base.cnf
readOnly: true
- name: mariadb-etc - name: mariadb-etc
mountPath: /etc/mysql/conf.d/20-override.cnf mountPath: /etc/mysql/conf.d/20-override.cnf
subPath: 20-override.cnf subPath: 20-override.cnf
readOnly: true
- name: mariadb-etc - name: mariadb-etc
mountPath: /etc/mysql/conf.d/99-force.cnf mountPath: /etc/mysql/conf.d/99-force.cnf
subPath: 99-force.cnf subPath: 99-force.cnf
readOnly: true
- name: mysql-data - name: mysql-data
mountPath: /var/lib/mysql mountPath: /var/lib/mysql
volumes: volumes:

1
mistral/templates/job-db-sync.yaml
View File

@ -56,6 +56,7 @@ spec:
- name: mistral-bin - name: mistral-bin
mountPath: /tmp/db-sync.sh mountPath: /tmp/db-sync.sh
subPath: db-sync.sh subPath: db-sync.sh
readOnly: true
volumes: volumes:
- name: pod-etc-mistral - name: pod-etc-mistral
emptyDir: {} emptyDir: {}

4
rabbitmq/templates/deployment.yaml
View File

@ -108,12 +108,16 @@ spec:
- name: rabbitmq-etc - name: rabbitmq-etc
mountPath: /etc/rabbitmq/enabled_plugins mountPath: /etc/rabbitmq/enabled_plugins
subPath: enabled_plugins subPath: enabled_plugins
readOnly: true
- name: rabbitmq-etc - name: rabbitmq-etc
mountPath: /etc/rabbitmq/erlang.cookie mountPath: /etc/rabbitmq/erlang.cookie
subPath: erlang.cookie subPath: erlang.cookie
readOnly: true
- name: rabbitmq-etc - name: rabbitmq-etc
mountPath: /etc/rabbitmq/rabbitmq-env.conf mountPath: /etc/rabbitmq/rabbitmq-env.conf
subPath: rabbitmq-env.conf subPath: rabbitmq-env.conf
readOnly: true
- name: rabbitmq-etc - name: rabbitmq-etc
mountPath: /etc/rabbitmq/rabbitmq.config mountPath: /etc/rabbitmq/rabbitmq.config
subPath: rabbitmq.config subPath: rabbitmq.config
readOnly: true