RBAC for OSH

This PS applys RBAC rules to OSH, based off the work done in https://review.openstack.org/#/c/526464/ Change-Id: I541b0ac1a3972566ef2b66571ae32744dab70c17
2017-12-20 12:21:42 -05:00 · 2017-12-20 12:21:42 -05:00 · fa2620d54b
commit fa2620d54b
parent 8e82d07fc6
203 changed files with 1805 additions and 136 deletions
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_api }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
 {{- $mounts_barbican_api := .Values.pod.mounts.barbican_api.barbican_api }}
 {{- $mounts_barbican_api_init := .Values.pod.mounts.barbican_api.init_container }}
 {{- $serviceAccountName := "barbican-api" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/barbican/templates/job-bootstrap.yaml
+++ b/barbican/templates/job-bootstrap.yaml
@ -18,8 +18,12 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.bootstrap.enabled }}
 {{- $dependencies := .Values.dependencies.bootstrap }}
 {{- $mounts_barbican_bootstrap := .Values.pod.mounts.barbican_bootstrap.barbican_bootstrap }}
 {{- $mounts_barbican_bootstrap_init := .Values.pod.mounts.barbican_bootstrap.init_container }}
 {{- $serviceAccountName := "barbican-bootstrap" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -31,6 +35,7 @@ spec:
      labels:
 {{ tuple $envAll "barbican" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
--- a/barbican/templates/job-db-drop.yaml
+++ b/barbican/templates/job-db-drop.yaml
@ -17,11 +17,16 @@ limitations under the License.
 {{- if .Values.manifests.job_db_drop }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_drop }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := print "barbican-db-drop-" $randStringSuffix }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: barbican-db-drop-{{ randAlphaNum 5 | lower }}
+  name: {{ print "barbican-db-drop-" $randStringSuffix }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
@ -31,11 +36,12 @@ spec:
      labels:
 {{ tuple $envAll "barbican" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: barbican-db-drop
          image: {{ .Values.images.tags.db_drop }}
--- a/barbican/templates/job-db-init.yaml
+++ b/barbican/templates/job-db-init.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init }}
 {{- $serviceAccountName := "barbican-db-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "barbican" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: barbican-db-init
          image: {{ .Values.images.tags.db_init }}
--- a/barbican/templates/job-db-sync.yaml
+++ b/barbican/templates/job-db-sync.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $serviceAccountName := "barbican-db-sync" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "barbican" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: barbican-db-sync
          image: {{ .Values.images.tags.barbican_db_sync }}
--- a/barbican/templates/job-ks-endpoints.yaml
+++ b/barbican/templates/job-ks-endpoints.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "barbican-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "barbican" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "key-manager" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/barbican/templates/job-ks-service.yaml
+++ b/barbican/templates/job-ks-service.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_service }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "barbican-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "barbican" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "key-manager" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/barbican/templates/job-ks-user.yaml
+++ b/barbican/templates/job-ks-user.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "barbican-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "barbican" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: barbican-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/ceilometer/templates/deployment-api.yaml
+++ b/ceilometer/templates/deployment-api.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_api }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
 {{- $mounts_ceilometer_api := .Values.pod.mounts.ceilometer_api.ceilometer_api }}
 {{- $mounts_ceilometer_api_init := .Values.pod.mounts.ceilometer_api.init_container }}
 {{- $serviceAccountName := "ceilometer-api" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceilometer" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/ceilometer/templates/deployment-central.yaml
+++ b/ceilometer/templates/deployment-central.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_central }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.central }}
 {{- $mounts_ceilometer_central := .Values.pod.mounts.ceilometer_central.ceilometer_central }}
 {{- $mounts_ceilometer_central_init := .Values.pod.mounts.ceilometer_central.init_container }}
 {{- $serviceAccountName := "ceilometer-central" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceilometer" "central" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/ceilometer/templates/deployment-collector.yaml
+++ b/ceilometer/templates/deployment-collector.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_collector }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.collector }}
 {{- $mounts_ceilometer_collector := .Values.pod.mounts.ceilometer_collector.ceilometer_collector }}
 {{- $mounts_ceilometer_collector_init := .Values.pod.mounts.ceilometer_collector.init_container }}
 {{- $serviceAccountName := "ceilometer-collector" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceilometer" "collector" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/ceilometer/templates/deployment-compute.yaml
+++ b/ceilometer/templates/deployment-compute.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_compute }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.compute }}
 {{- $mounts_ceilometer_compute := .Values.pod.mounts.ceilometer_compute.ceilometer_compute }}
 {{- $mounts_ceilometer_compute_init := .Values.pod.mounts.ceilometer_compute.init_container }}
 {{- $serviceAccountName := "ceilometer-compute" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceilometer" "compute" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      hostNetwork: true
--- a/ceilometer/templates/deployment-notification.yaml
+++ b/ceilometer/templates/deployment-notification.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_notification }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.notification }}
 {{- $mounts_ceilometer_notification := .Values.pod.mounts.ceilometer_notification.ceilometer_notification }}
 {{- $mounts_ceilometer_notification_init := .Values.pod.mounts.ceilometer_notification.init_container }}
 {{- $serviceAccountName := "ceilometer-notification" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceilometer" "notification" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/ceilometer/templates/job-db-init-mongodb.yaml
+++ b/ceilometer/templates/job-db-init-mongodb.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init_mongodb }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init_mongodb }}
 {{- $serviceAccountName := "ceilometer-db-init-mongodb" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -25,11 +28,12 @@ metadata:
 spec:
  template:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: ceilometer-db-init-mongodb
          image: {{ .Values.images.tags.db_init_mongodb | quote }}
--- a/ceilometer/templates/job-db-init.yaml
+++ b/ceilometer/templates/job-db-init.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init }}
 {{- $serviceAccountName := "ceilometer-db-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -25,11 +28,12 @@ metadata:
 spec:
  template:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: ceilometer-db-init
          image: {{ .Values.images.tags.db_init | quote }}
--- a/ceilometer/templates/job-db-sync.yaml
+++ b/ceilometer/templates/job-db-sync.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $serviceAccountName := "ceilometer-db-sync" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -25,11 +28,12 @@ metadata:
 spec:
  template:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: ceilometer-db-sync
          image: {{ .Values.images.tags.ceilometer_db_sync }}
--- a/ceilometer/templates/job-ks-endpoints.yaml
+++ b/ceilometer/templates/job-ks-endpoints.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "ceilometer-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -25,11 +28,12 @@ metadata:
 spec:
  template:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "metering" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/ceilometer/templates/job-ks-service.yaml
+++ b/ceilometer/templates/job-ks-service.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_service }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "ceilometer-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -25,11 +28,12 @@ metadata:
 spec:
  template:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "metering" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/ceilometer/templates/job-ks-user.yaml
+++ b/ceilometer/templates/job-ks-user.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "ceilometer-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -25,11 +28,12 @@ metadata:
 spec:
  template:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: ceilometer-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/ceph/templates/daemonset-mon.yaml
+++ b/ceph/templates/daemonset-mon.yaml
@ -18,6 +18,35 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.deployment.ceph }}
 {{- $dependencies := .Values.dependencies.mon }}
 {{- $serviceAccountName := "ceph-mon"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
 rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 kind: DaemonSet
 apiVersion: extensions/v1beta1
@ -29,13 +58,13 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "mon" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      nodeSelector:
        {{ .Values.labels.mon.node_selector_key }}: {{ .Values.labels.mon.node_selector_value }}
      hostNetwork: true
      dnsPolicy: {{ .Values.pod.dns_policy }}
      serviceAccount: default
      initContainers:
-{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-init-dirs
          image: {{ .Values.images.tags.ceph_daemon }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/ceph/templates/daemonset-osd.yaml
+++ b/ceph/templates/daemonset-osd.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.deployment.ceph }}
 {{- $dependencies := .Values.dependencies.osd }}
 {{- $serviceAccountName := "ceph-osd"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 kind: DaemonSet
 apiVersion: extensions/v1beta1
@ -29,12 +32,13 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      nodeSelector:
        {{ .Values.labels.osd.node_selector_key }}: {{ .Values.labels.osd.node_selector_value }}
      hostNetwork: true
      dnsPolicy: {{ .Values.pod.dns_policy }}
      initContainers:
-{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-init-dirs
          image: {{ .Values.images.tags.ceph_daemon }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/ceph/templates/deployment-mds.yaml
+++ b/ceph/templates/deployment-mds.yaml
@ -19,6 +19,9 @@ limitations under the License.
 {{- if .Values.deployment.ceph }}
 {{- if .Values.ceph.enabled.mds }}
 {{- $dependencies := .Values.dependencies.mds }}
 {{- $serviceAccountName := "ceph-mds"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 kind: Deployment
 apiVersion: apps/v1beta1
@ -32,13 +35,13 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "mds" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceph" "mds" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.mds.node_selector_key }}: {{ .Values.labels.mds.node_selector_value }}
      serviceAccount: default
      initContainers:
-{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-init-dirs
          image: {{ .Values.images.tags.ceph_daemon }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/ceph/templates/deployment-mgr.yaml
+++ b/ceph/templates/deployment-mgr.yaml
@ -19,6 +19,9 @@ limitations under the License.
 {{- if .Values.deployment.ceph }}
 {{- if .Values.ceph.enabled.mgr }}
 {{- $dependencies := .Values.dependencies.mgr }}
 {{- $serviceAccountName := "ceph-mgr"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 kind: Deployment
 apiVersion: apps/v1beta1
@ -31,15 +34,15 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "mgr" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceph" "mgr" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.mgr.node_selector_key }}: {{ .Values.labels.mgr.node_selector_value }}
      hostNetwork: true
      dnsPolicy: {{ .Values.pod.dns_policy }}
      serviceAccount: default
      initContainers:
-{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-init-dirs
          image: {{ .Values.images.tags.ceph_daemon }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/ceph/templates/deployment-moncheck.yaml
+++ b/ceph/templates/deployment-moncheck.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.deployment.ceph }}
 {{- $dependencies := .Values.dependencies.moncheck }}
 {{- $serviceAccountName := "ceph-mon-check"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 kind: Deployment
 apiVersion: apps/v1beta1
@ -30,13 +33,13 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "moncheck" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceph" "moncheck" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.mon.node_selector_key }}: {{ .Values.labels.mon.node_selector_value }}
      serviceAccount: default
      initContainers:
-{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-init-dirs
          image: {{ .Values.images.tags.ceph_daemon }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/ceph/templates/deployment-rbd-provisioner.yaml
+++ b/ceph/templates/deployment-rbd-provisioner.yaml
@ -18,6 +18,106 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.deployment.rbd_provisioner }}
 {{- $dependencies := .Values.dependencies.rbd_provisioner }}
 {{- $serviceAccountName := "ceph-rbd-provisioner"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: {{ $serviceAccountName }}
 rules:
  - apiGroups:
      - ''
    resources:
      - persistentvolumes
    verbs:
      - get
      - list
      - watch
      - create
      - delete
  - apiGroups:
      - ''
    resources:
      - persistentvolumeclaims
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - storage.k8s.io
    resources:
      - storageclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ''
    resources:
      - events
    verbs:
      - list
      - watch
      - create
      - update
      - patch
  - apiGroups:
      - ''
    resources:
      - services
      - endpoints
    verbs:
      - get
  - apiGroups:
      - extensions
    resources:
      - podsecuritypolicies
    resourceNames:
      - rbd-provisioner
    verbs:
      - use
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
  name: run-rbd-provisioner
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 roleRef:
  kind: ClusterRole
  name: {{ $serviceAccountName }}
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 kind: Deployment
 apiVersion: extensions/v1beta1
@ -32,10 +132,11 @@ spec:
      labels:
 {{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: ceph-rbd-provisioner
          image: {{ .Values.images.tags.ceph_rbd_provisioner }}
--- a/ceph/templates/deployment-rgw.yaml
+++ b/ceph/templates/deployment-rgw.yaml
@ -19,6 +19,9 @@ limitations under the License.
 {{- if .Values.deployment.ceph }}
 {{- if .Values.ceph.enabled.rgw }}
 {{- $dependencies := .Values.dependencies.rgw }}
 {{- $serviceAccountName := "ceph-rgw"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 kind: Deployment
 apiVersion: apps/v1beta1
@ -31,13 +34,13 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "rgw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "ceph" "rgw" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.rgw.node_selector_key }}: {{ .Values.labels.rgw.node_selector_value }}
      serviceAccount: default
      initContainers:
-{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-init-dirs
          image: {{ .Values.images.tags.ceph_daemon }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/ceph/templates/job-bootstrap.yaml
+++ b/ceph/templates/job-bootstrap.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.bootstrap.enabled }}
 {{- $dependencies := .Values.dependencies.bootstrap }}
 {{- $serviceAccountName := "ceph-bootstrap"}}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -29,11 +32,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.jobs.node_selector_key }}: {{ .Values.labels.jobs.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container"  | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container"  | indent 8 }}
      containers:
        - name: ceph-bootstrap
          image: {{ .Values.images.tags.ceph_bootstrap }}
--- a/ceph/templates/job-keyring.yaml
+++ b/ceph/templates/job-keyring.yaml
@ -20,6 +20,37 @@ limitations under the License.
 {{- range $key1, $cephBootstrapKey := tuple "mds" "osd" "rgw" "mon" "mgr" }}
 {{- if not (and (not $envAll.Values.manifests.deployment_rgw) (eq $cephBootstrapKey "rgw")) }}
 {{- $jobName := print $cephBootstrapKey "-keyring-generator" }}
 {{- $dependencies := $envAll.Values.dependencies.job_keyring_generator }}
 {{- $serviceAccountName := print "ceph-" $jobName }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -31,9 +62,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" $jobName | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name:  ceph-{{ $jobName }}
          image: {{ $envAll.Values.images.tags.ceph_config_helper }}
--- a/ceph/templates/job-ks-endpoints.yaml
+++ b/ceph/templates/job-ks-endpoints.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "ceph-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -29,11 +32,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "object-store" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/ceph/templates/job-ks-service.yaml
+++ b/ceph/templates/job-ks-service.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "ceph-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -29,11 +32,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "object-store" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/ceph/templates/job-ks-user.yaml
+++ b/ceph/templates/job-ks-user.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "ceph-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -29,11 +32,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: ceph-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/ceph/templates/job-namespace-client-key-cleaner.yaml
+++ b/ceph/templates/job-namespace-client-key-cleaner.yaml
@ -17,11 +17,48 @@ limitations under the License.
 {{- if .Values.manifests.job_namespace_client_key_cleaner }}
 {{- $envAll := . }}
 {{- if .Values.deployment.client_secrets }}
 {{- $dependencies := .Values.dependencies.namespace_client_key_cleaner }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := print "ceph-namespace-client-key-cleaner-" $randStringSuffix }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: ceph-namespace-client-key-cleaner-{{ randAlphaNum 5 | lower }}
+  name: ceph-namespace-client-key-cleaner-{{ $randStringSuffix }}
  annotations:
    "helm.sh/hook": pre-delete
 spec:
@ -30,9 +67,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "client-key-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name:  ceph-namespace-client-keys-cleaner
          image: {{ .Values.images.tags.ceph_config_helper }}
--- a/ceph/templates/job-namespace-client-key.yaml
+++ b/ceph/templates/job-namespace-client-key.yaml
@ -17,6 +17,67 @@ limitations under the License.
 {{- if .Values.manifests.job_namespace_client_key }}
 {{- $envAll := . }}
 {{- if .Values.deployment.client_secrets }}
 {{- $dependencies := .Values.dependencies.namespace_client_key_generator }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := "ceph-namespace-client-key-generator" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
  namespace: {{ .Values.storageclass.admin_secret_namespace }}
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
  namespace: {{ .Values.storageclass.admin_secret_namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,9 +89,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name:  ceph-storage-keys-generator
          image: {{ .Values.images.tags.ceph_config_helper }}
--- a/ceph/templates/job-rbd-pool.yaml
+++ b/ceph/templates/job-rbd-pool.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.deployment.ceph }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.rbd_pool }}
 {{- $serviceAccountName := "ceph-rbd-pool" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -29,12 +32,14 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "rbd-pool" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      affinity:
 {{ tuple $envAll "ceph" "mgr" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.mgr.node_selector_key }}: {{ .Values.labels.mgr.node_selector_value }}
-      serviceAccount: default
+      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: ceph-rbd-pool
          image: {{ .Values.images.tags.ceph_daemon }}
--- a/ceph/templates/job-storage-admin-keys.yaml
+++ b/ceph/templates/job-storage-admin-keys.yaml
@ -17,6 +17,36 @@ limitations under the License.
 {{- if .Values.manifests.job_storage_admin_keys }}
 {{- $envAll := . }}
 {{- if .Values.deployment.storage_secrets }}
 {{- $dependencies := .Values.dependencies.storage_keys_generator }}
 {{- $serviceAccountName := "ceph-storage-keys-generator" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,9 +58,12 @@ spec:
      labels:
 {{ tuple $envAll "ceph" "storage-keys-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name:  ceph-storage-keys-generator
          image: {{ .Values.images.tags.ceph_config_helper }}
--- a/ceph/values.yaml
+++ b/ceph/values.yaml
@ -202,9 +202,16 @@ conf:
      mds:
 dependencies:
  job_keyring_generator:
    jobs:
  namespace_client_key_cleaner:
    jobs:
  namespace_client_key_generator:
    jobs:
  storage_keys_generator:
    jobs:
  mon:
    jobs:
    service:
  osd:
    jobs:
    services:
--- a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
+++ b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
@ -18,8 +18,13 @@ limitations under the License.
 {{- if .Capabilities.APIVersions.Has "batch/v2alpha1" }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.volume_usage_audit }}
 {{- $mounts_cinder_volume_usage_audit := .Values.pod.mounts.cinder_volume_usage_audit.cinder_volume_usage_audit }}
 {{- $mounts_cinder_volume_usage_audit_init := .Values.pod.mounts.cinder_volume_usage_audit.init_container }}
 {{- $serviceAccountName := "cinder-volume-usage-audit" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v2alpha1
 kind: CronJob
 metadata:
@ -34,11 +39,12 @@ spec:
    spec:
      template:
        spec:
-          initContainers:
+          serviceAccountName: {{ $serviceAccountName }}
 {{ tuple $envAll $dependencies $mounts_cinder_volume_usage_audit_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
          restartPolicy: OnFailure
          nodeSelector:
            {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
          initContainers:
 {{ tuple $envAll $dependencies $mounts_cinder_volume_usage_audit_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
          containers:
            - name: cinder-volume-usage-audit
              image: {{ .Values.images.tags.cinder_volume_usage_audit }}
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_api }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
 {{- $mounts_cinder_api := .Values.pod.mounts.cinder_api.cinder_api }}
 {{- $mounts_cinder_api_init := .Values.pod.mounts.cinder_api.init_container }}
 {{- $serviceAccountName := "cinder-api" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_backup }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.backup }}
 {{- $mounts_cinder_backup := .Values.pod.mounts.cinder_backup.cinder_backup }}
 {{- $mounts_cinder_backup_init := .Values.pod.mounts.cinder_backup.init_container }}
 {{- $serviceAccountName := "cinder-backup" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_scheduler }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.scheduler }}
 {{- $mounts_cinder_scheduler := .Values.pod.mounts.cinder_scheduler.cinder_scheduler }}
 {{- $mounts_cinder_scheduler_init := .Values.pod.mounts.cinder_scheduler.init_container }}
 {{- $serviceAccountName := "cinder-scheduler" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "cinder" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_volume }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.volume }}
 {{- $mounts_cinder_volume := .Values.pod.mounts.cinder_volume.cinder_volume }}
 {{- $mounts_cinder_volume_init := .Values.pod.mounts.cinder_volume.init_container }}
 {{- $serviceAccountName := "cinder-volume" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "cinder" "volume" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/cinder/templates/job-bootstrap.yaml
+++ b/cinder/templates/job-bootstrap.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.bootstrap.enabled }}
 {{- $dependencies := .Values.dependencies.bootstrap }}
 {{- $serviceAccountName := "cinder-bootstrap" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -29,11 +32,12 @@ spec:
      labels:
 {{ tuple $envAll "cinder" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: cinder-bootstrap
          image: {{ .Values.images.tags.bootstrap }}
--- a/cinder/templates/job-db-drop.yaml
+++ b/cinder/templates/job-db-drop.yaml
@ -17,11 +17,16 @@ limitations under the License.
 {{- if .Values.manifests.job_db_drop }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_drop }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := print "cinder-db-drop-" $randStringSuffix }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: cinder-db-drop-{{ randAlphaNum 5 | lower }}
+  name: {{ print "cinder-db-drop-" $randStringSuffix }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
@ -31,11 +36,12 @@ spec:
      labels:
 {{ tuple $envAll "cinder" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: cinder-db-drop
          image: {{ .Values.images.tags.db_drop | quote }}
--- a/cinder/templates/job-db-init.yaml
+++ b/cinder/templates/job-db-init.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init }}
 {{- $serviceAccountName := "cinder-db-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "cinder" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: cinder-db-init
          image: {{ .Values.images.tags.db_init | quote }}
--- a/cinder/templates/job-db-sync.yaml
+++ b/cinder/templates/job-db-sync.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $serviceAccountName := "cinder-db-sync" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "cinder" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: cinder-db-sync
          image: {{ .Values.images.tags.cinder_db_sync }}
--- a/cinder/templates/job-ks-endpoints.yaml
+++ b/cinder/templates/job-ks-endpoints.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "cinder-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "cinder" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/cinder/templates/job-ks-service.yaml
+++ b/cinder/templates/job-ks-service.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_service }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "cinder-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "cinder" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/cinder/templates/job-ks-user.yaml
+++ b/cinder/templates/job-ks-user.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "cinder-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "cinder" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: cinder-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/cinder/templates/pod-rally-test.yaml
+++ b/cinder/templates/pod-rally-test.yaml
@ -17,13 +17,17 @@ limitations under the License.
 {{- if .Values.manifests.pod_rally_test }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.tests }}
 {{- $mounts_cinder_tests := .Values.pod.mounts.cinder_tests.cinder_tests }}
 {{- $mounts_cinder_tests_init := .Values.pod.mounts.cinder_tests.init_container }}
 {{- $serviceAccountName := print $envAll.Release.Name "-test" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{.Release.Name}}-test"
+  name: {{ print $envAll.Release.Name "-test" }}
  annotations:
    "helm.sh/hook": test-success
 spec:
--- a/congress/templates/deployment-api.yaml
+++ b/congress/templates/deployment-api.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
 {{- $serviceAccountName := "congress-api-dep" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@ -30,10 +33,11 @@ spec:
      labels:
 {{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      containers:
--- a/congress/templates/deployment-datasource.yaml
+++ b/congress/templates/deployment-datasource.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.datasource }}
 {{- $serviceAccountName := "congress-datasource-dep" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@ -30,10 +33,11 @@ spec:
      labels:
 {{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      containers:
--- a/congress/templates/deployment-policy-engine.yaml
+++ b/congress/templates/deployment-policy-engine.yaml
@ -18,6 +18,9 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.policy_engine }}
 {{- $serviceAccountName := "congress-policy-engine-dep" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@ -30,10 +33,11 @@ spec:
      labels:
 {{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      containers:
--- a/congress/templates/job-db-init.yaml
+++ b/congress/templates/job-db-init.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init }}
 {{- $serviceAccountName := "congress-db-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "congress" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: congress-db-init
          image: {{ .Values.images.tags.db_init }}
--- a/congress/templates/job-db-sync.yaml
+++ b/congress/templates/job-db-sync.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $serviceAccountName := "congress-db-sync" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "congress" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: congress-db-sync
          image: {{ .Values.images.tags.congress_db_sync }}
--- a/congress/templates/job-ds-create.yaml
+++ b/congress/templates/job-ds-create.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ds_create }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ds_create }}
 {{- $serviceAccountName := "congress-ds-create" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "congress" "ds-create" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: congress-ds-create
          image: {{ .Values.images.tags.congress_ds_create }}
--- a/congress/templates/job-ks-endpoints.yaml
+++ b/congress/templates/job-ks-endpoints.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "congress-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "congress" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "policy" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/congress/templates/job-ks-service.yaml
+++ b/congress/templates/job-ks-service.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_service }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "congress-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "congress" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "policy" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/congress/templates/job-ks-user.yaml
+++ b/congress/templates/job-ks-user.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "congress-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "congress" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: congress-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/etcd/templates/deployment.yaml
+++ b/etcd/templates/deployment.yaml
@ -13,6 +13,10 @@
 # limitations under the License.
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.etcd }}
 {{- $serviceAccountName := "etcd" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -26,10 +30,13 @@ spec:
      labels:
 {{ tuple $envAll "etcd" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "etcd" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: etcd
          image: {{ .Values.images.tags.etcd }}
--- a/etcd/values.yaml
+++ b/etcd/values.yaml
@ -20,6 +20,7 @@
 images:
  tags:
    etcd: 'gcr.io/google_containers/etcd-amd64:2.2.5'
    dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
  pull_policy: IfNotPresent
 labels:
@ -30,6 +31,10 @@ network:
  host: etcd
  port: 2379
 dependencies:
  etcd:
    jobs: null
 pod:
  affinity:
      anti:
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_api }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
 {{- $mounts_glance_api := .Values.pod.mounts.glance_api.glance_api }}
 {{- $mounts_glance_api_init := .Values.pod.mounts.glance_api.init_container }}
 {{- $serviceAccountName := "glance-api" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/glance/templates/deployment-registry.yaml
+++ b/glance/templates/deployment-registry.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_registry }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.registry }}
 {{- $mounts_glance_registry := .Values.pod.mounts.glance_registry.glance_registry }}
 {{- $mounts_glance_registry_init := .Values.pod.mounts.glance_registry.init_container }}
 {{- $serviceAccountName := "glance-registry" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "glance" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/glance/templates/job-bootstrap.yaml
+++ b/glance/templates/job-bootstrap.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_bootstrap }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.bootstrap }}
 {{- $serviceAccountName := "glance-bootstrap" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: glance-bootstrap
          image: {{ .Values.images.tags.bootstrap }}
--- a/glance/templates/job-clean.yaml
+++ b/glance/templates/job-clean.yaml
@ -17,20 +17,62 @@ limitations under the License.
 {{- if .Values.manifests.job_clean }}
 {{- $envAll := . }}
 {{- if .Values.bootstrap.enabled }}
 {{- $dependencies := .Values.dependencies.clean }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := print "glance-clean-" $randStringSuffix }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: glance-clean-{{ randAlphaNum 5 | lower }}
+  name: {{ print "glance-clean-" $randStringSuffix }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
 spec:
  template:
    metadata:
      labels:
 {{ tuple $envAll "glance" "clean" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      initContainers:
 {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        {{- if eq .Values.storage "rbd" }}
        - name: glance-secret-clean
--- a/glance/templates/job-db-drop.yaml
+++ b/glance/templates/job-db-drop.yaml
@ -17,11 +17,16 @@ limitations under the License.
 {{- if .Values.manifests.job_db_drop }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_drop }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := print "glance-db-drop-" $randStringSuffix }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: glance-db-drop-{{ randAlphaNum 5 | lower }}
+  name: {{ print "glance-db-drop-" $randStringSuffix }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
@ -31,11 +36,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: glance-db-drop
          image: {{ .Values.images.tags.db_drop }}
--- a/glance/templates/job-db-init.yaml
+++ b/glance/templates/job-db-init.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init }}
 {{- $serviceAccountName := "glance-db-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: glance-db-init
          image: {{ .Values.images.tags.db_init }}
--- a/glance/templates/job-db-sync.yaml
+++ b/glance/templates/job-db-sync.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $serviceAccountName := "glance-db-sync" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: glance-db-sync
          image: {{ .Values.images.tags.glance_db_sync }}
--- a/glance/templates/job-ks-endpoints.yaml
+++ b/glance/templates/job-ks-endpoints.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "glance-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "image" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/glance/templates/job-ks-service.yaml
+++ b/glance/templates/job-ks-service.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_service }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "glance-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "image" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/glance/templates/job-ks-user.yaml
+++ b/glance/templates/job-ks-user.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "glance-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: glance-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/glance/templates/job-storage-init.yaml
+++ b/glance/templates/job-storage-init.yaml
@ -17,6 +17,40 @@ limitations under the License.
 {{- if .Values.manifests.job_storage_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.storage_init }}
 {{- $serviceAccountName := "glance-storage-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +62,12 @@ spec:
      labels:
 {{ tuple $envAll "glance" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        {{ if or (eq .Values.storage "rbd") (eq .Values.storage "radosgw") }}
        - name: ceph-keyring-placement
          image: {{ .Values.images.tags.glance_api }}
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -292,6 +292,8 @@ volume:
  size: 2Gi
 dependencies:
  clean:
    jobs: null
  storage_init:
    services:
  db_init:
--- a/gnocchi/templates/daemonset-metricd.yaml
+++ b/gnocchi/templates/daemonset-metricd.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.daemonset_metricd }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.metricd }}
 {{- $mounts_gnocchi_metricd := .Values.pod.mounts.gnocchi_metricd.gnocchi_metricd }}
 {{- $mounts_gnocchi_metricd_init := .Values.pod.mounts.gnocchi_metricd.init_container }}
 {{- $serviceAccountName := "gnocchi-metricd" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
@ -34,6 +38,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
--- a/gnocchi/templates/daemonset-statsd.yaml
+++ b/gnocchi/templates/daemonset-statsd.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.daemonset_statsd }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.statsd }}
 {{- $mounts_gnocchi_statsd := .Values.pod.mounts.gnocchi_statsd.gnocchi_statsd }}
 {{- $mounts_gnocchi_statsd_init := .Values.pod.mounts.gnocchi_statsd.init_container }}
 {{- $serviceAccountName := "gnocchi-statsd" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
@ -33,6 +37,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
--- a/gnocchi/templates/deployment-api.yaml
+++ b/gnocchi/templates/deployment-api.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_api }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
 {{- $mounts_gnocchi_api := .Values.pod.mounts.gnocchi_api.gnocchi_api }}
 {{- $mounts_gnocchi_api_init := .Values.pod.mounts.gnocchi_api.init_container }}
 {{- $serviceAccountName := "gnocchi-api" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "gnocchi" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/gnocchi/templates/job-db-init-indexer.yaml
+++ b/gnocchi/templates/job-db-init-indexer.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init_indexer }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init_postgresql }}
 {{- $serviceAccountName := "gnocchi-db-init-indexer" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "gnocchi" "db-init-indexer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: gnocchi-db-init-indexer
          image: {{ .Values.images.tags.db_init_indexer | quote }}
--- a/gnocchi/templates/job-db-init-keystone.yaml
+++ b/gnocchi/templates/job-db-init-keystone.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init_keystone }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init_keystone }}
 {{- $serviceAccountName := "gnocchi-db-init-keystone" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "gnocchi" "db-init-keystone" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: keystone-db-init
          image: {{ .Values.images.tags.db_init_keystone | quote }}
--- a/gnocchi/templates/job-db-sync.yaml
+++ b/gnocchi/templates/job-db-sync.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $serviceAccountName := "gnocchi-db-sync" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "gnocchi" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-keyring-placement
          image: {{ .Values.images.tags.api }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/gnocchi/templates/job-ks-endpoints.yaml
+++ b/gnocchi/templates/job-ks-endpoints.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "gnocchi-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -30,11 +33,12 @@ spec:
    metadata:
      annotations:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "metric" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/gnocchi/templates/job-ks-service.yaml
+++ b/gnocchi/templates/job-ks-service.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_service }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "gnocchi-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "gnocchi" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "metric" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/gnocchi/templates/job-ks-user.yaml
+++ b/gnocchi/templates/job-ks-user.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "gnocchi-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "gnocchi" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: gnocchi-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/gnocchi/templates/job-storage-init.yaml
+++ b/gnocchi/templates/job-storage-init.yaml
@ -17,6 +17,40 @@ limitations under the License.
 {{- if .Values.manifests.job_storage_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.storage_init }}
 {{- $serviceAccountName := "gnocchi-storage-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
 rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - create
      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $serviceAccountName }}
  annotations:
    "helm.sh/hook": pre-delete
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $serviceAccountName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +62,12 @@ spec:
      labels:
 {{ tuple $envAll "gnocchi" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: ceph-keyring-placement
          image: {{ .Values.images.tags.api }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/gnocchi/templates/pod-gnocchi-test.yaml
+++ b/gnocchi/templates/pod-gnocchi-test.yaml
@ -29,7 +29,7 @@ metadata:
 spec:
  restartPolicy: Never
  initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
    - name: ceph-keyring-placement
      image: {{ .Values.images.tags.api }}
      imagePullPolicy: {{ .Values.images.pull_policy }}
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_api }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
 {{- $mounts_heat_api := .Values.pod.mounts.heat_api.heat_api }}
 {{- $mounts_heat_api_init := .Values.pod.mounts.heat_api.init_container }}
 {{- $serviceAccountName := "heat-api" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "heat" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/heat/templates/deployment-cfn.yaml
+++ b/heat/templates/deployment-cfn.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_cfn }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.cfn }}
 {{- $mounts_heat_cfn := .Values.pod.mounts.heat_cfn.heat_cfn }}
 {{- $mounts_heat_cfn_init := .Values.pod.mounts.heat_cfn.init_container }}
 {{- $serviceAccountName := "heat-cfn" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "heat" "cfn" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/heat/templates/deployment-cloudwatch.yaml
+++ b/heat/templates/deployment-cloudwatch.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment_cloudwatch }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.cloudwatch }}
 {{- $mounts_heat_cloudwatch := .Values.pod.mounts.heat_cloudwatch.heat_cloudwatch }}
 {{- $mounts_heat_cloudwatch_init := .Values.pod.mounts.heat_cloudwatch.init_container }}
 {{- $serviceAccountName := "heat-cloudwatch" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "heat" "cloudwatch" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/heat/templates/deployment-engine.yaml
+++ b/heat/templates/deployment-engine.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if or ( .Values.manifests.deployment_engine ) ( .Values.manifests.statefulset_engine ) }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.engine }}
 {{- $mounts_heat_engine := .Values.pod.mounts.heat_engine.heat_engine }}
 {{- $mounts_heat_engine_init := .Values.pod.mounts.heat_engine.init_container }}
 {{- $serviceAccountName := "heat-engine" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 metadata:
@ -43,6 +47,7 @@ spec:
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
 {{- end }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{- tuple $envAll "heat" "engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/heat/templates/job-bootstrap.yaml
+++ b/heat/templates/job-bootstrap.yaml
@ -18,8 +18,12 @@ limitations under the License.
 {{- $envAll := . }}
 {{- if .Values.bootstrap.enabled }}
 {{- $dependencies := .Values.dependencies.bootstrap }}
 {{- $mounts_heat_bootstrap := .Values.pod.mounts.heat_bootstrap.heat_bootstrap }}
 {{- $mounts_heat_bootstrap_init := .Values.pod.mounts.heat_bootstrap.init_container }}
 {{- $serviceAccountName := "heat-bootstrap" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -31,6 +35,7 @@ spec:
      labels:
 {{ tuple $envAll "heat" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
--- a/heat/templates/job-db-drop.yaml
+++ b/heat/templates/job-db-drop.yaml
@ -17,11 +17,16 @@ limitations under the License.
 {{- if .Values.manifests.job_db_drop }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_drop }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := print "heat-db-drop-" $randStringSuffix }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: heat-db-drop-{{ randAlphaNum 5 | lower }}
+  name: {{ print "heat-db-drop-" $randStringSuffix }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
@ -31,11 +36,12 @@ spec:
      labels:
 {{ tuple $envAll "heat" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: heat-db-drop
          image: {{ .Values.images.tags.db_drop | quote }}
--- a/heat/templates/job-db-init.yaml
+++ b/heat/templates/job-db-init.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_init }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_init }}
 {{- $serviceAccountName := "heat-db-init" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "heat" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: heat-db-init
          image: {{ .Values.images.tags.db_init | quote }}
--- a/heat/templates/job-db-sync.yaml
+++ b/heat/templates/job-db-sync.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_db_sync }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
 {{- $serviceAccountName := "heat-db-sync" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "heat" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: heat-db-sync
          image: {{ .Values.images.tags.heat_db_sync }}
--- a/heat/templates/job-ks-endpoints.yaml
+++ b/heat/templates/job-ks-endpoints.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_endpoints }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_endpoints }}
 {{- $serviceAccountName := "heat-ks-endpoints" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "heat" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "orchestration" "cloudformation" }}
 {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
--- a/heat/templates/job-ks-service.yaml
+++ b/heat/templates/job-ks-service.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_service }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_service }}
 {{- $serviceAccountName := "heat-ks-service" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "heat" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
 {{- range $key1, $osServiceType := tuple "orchestration" "cloudformation" }}
        - name: {{ $osServiceType }}-ks-service-registration
--- a/heat/templates/job-ks-user.yaml
+++ b/heat/templates/job-ks-user.yaml
@ -17,6 +17,9 @@ limitations under the License.
 {{- if .Values.manifests.job_ks_user }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.ks_user }}
 {{- $serviceAccountName := "heat-ks-user" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -28,11 +31,12 @@ spec:
      labels:
 {{ tuple $envAll "heat" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: heat-ks-user
          image: {{ .Values.images.tags.ks_user }}
--- a/heat/templates/job-trusts.yaml
+++ b/heat/templates/job-trusts.yaml
@ -16,9 +16,12 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.trusts }}
 {{- $mounts_heat_trusts := .Values.pod.mounts.heat_trusts.heat_trusts }}
 {{- $mounts_heat_trusts_init := .Values.pod.mounts.heat_trusts.init_container }}
 {{- $serviceAccountName := "heat-trusts" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
@ -30,6 +33,7 @@ spec:
      labels:
 {{ tuple $envAll "heat" "trusts" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
--- a/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
@ -46,5 +46,6 @@ limitations under the License.
      value: "echo done"
  command:
    - kubernetes-entrypoint
-  volumeMounts: {{ $mounts | default "[]"}}
+  volumeMounts:
 {{ toYaml $mounts | indent 4 }}
 {{- end -}}
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
@ -0,0 +1,68 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 {{- define "helm-toolkit.snippets.kubernetes_pod_rbac_roles" -}}
 {{- $envAll := index . 0 -}}
 {{- $deps := index . 1 -}}
 {{- $saName := index . 2 | replace "_" "-" }}
 {{- $saNamespace := index . 3 -}}
 {{- $releaseName := $envAll.Release.Name }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: {{ $releaseName }}-{{ $saName }}
  namespace: {{ $saNamespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }}
 subjects:
  - kind: ServiceAccount
    name: {{ $saName }}
    namespace: {{ $saNamespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }}
  namespace: {{ $saNamespace }}
 rules:
  - apiGroups:
      - ""
      - extensions
      - batch
      - apps
    verbs:
      - get
      - list
    resources:
      {{- range $k, $v := $deps -}}
      {{ if eq $v "daemonsets" }}
      - daemonsets
      {{- end -}}
      {{ if eq $v "jobs" }}
      - jobs
      {{- end -}}
      {{ if or (eq $v "daemonsets") (eq $v "jobs") }}
      - pods
      {{- end -}}
      {{ if eq $v "services" }}
      - services
      - endpoints
      {{- end -}}
      {{- end -}}
 {{- end -}}
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@ -0,0 +1,50 @@
 {{/*
 Copyright 2017 The Openstack-Helm Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 {{- define "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" -}}
 {{- $envAll := index . 0 -}}
 {{- $deps := index . 1 -}}
 {{- $saName := index . 2 -}}
 {{- $saNamespace := $envAll.Release.Namespace }}
 {{- $randomKey := randAlphaNum 32 }}
 {{- $allNamespace := dict $randomKey "" }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ $saName }}
  namespace: {{ $saNamespace }}
 {{- range $k, $v := $deps -}}
 {{- if eq $k "services" }}
 {{- range $serv := $v }}
 {{- $endpointMap := index $envAll.Values.endpoints $serv.service }}
 {{- $endpointNS := $endpointMap.namespace | default $saNamespace }}
 {{- if not (contains "services" ((index $allNamespace $endpointNS) | default "")) }}
 {{- $_ := set $allNamespace $endpointNS (printf "%s%s" "services," ((index $allNamespace $endpointNS) | default "")) }}
 {{- end -}}
 {{- end -}}
 {{- else if eq $k "jobs" }}
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "jobs," ((index $allNamespace $saNamespace) | default "")) }}
 {{- else if eq $k "daemonset" }}
 {{- $_ := set $allNamespace $saNamespace  (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
 {{- end -}}
 {{- end -}}
 {{- $_ := unset $allNamespace $randomKey }}
 {{- range $ns, $vv := $allNamespace }}
 {{- $resourceList := (splitList "," (trimSuffix "," $vv)) }}
 {{- tuple $envAll $resourceList $saName $ns | include "helm-toolkit.snippets.kubernetes_pod_rbac_roles" }}
 {{- end -}}
 {{- end -}}
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@ -17,8 +17,12 @@ limitations under the License.
 {{- if .Values.manifests.deployment }}
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.dashboard }}
 {{- $mounts_horizon := .Values.pod.mounts.horizon.horizon }}
 {{- $mounts_horizon_init := .Values.pod.mounts.horizon.init_container }}
 {{- $serviceAccountName := "horizon" }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
 kind: Deployment
@ -35,6 +39,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      affinity:
 {{ tuple $envAll "horizon" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
      nodeSelector:
--- a/horizon/templates/job-db-drop.yaml
+++ b/horizon/templates/job-db-drop.yaml
@ -18,13 +18,19 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_drop }}
 {{- $mounts_horizon_db_init := .Values.pod.mounts.horizon_db_init.horizon_db_init }}
 {{- $mounts_horizon_db_init_init := .Values.pod.mounts.horizon_db_init.init_container }}
 {{- $randStringSuffix := randAlphaNum 5 | lower }}
 {{- $serviceAccountName := print "horizon-db-drop-" $randStringSuffix }}
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: horizon-db-drop-{{ randAlphaNum 5 | lower }}
+  name: {{ print "horizon-db-drop-" $randStringSuffix }}
  annotations:
    "helm.sh/hook": pre-delete
    "helm.sh/hook-delete-policy": hook-succeeded
@ -34,11 +40,12 @@ spec:
      labels:
 {{ tuple $envAll "horizon" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
      nodeSelector:
        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
      initContainers:
-{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
      containers:
        - name: horizon-db-drop
          image: {{ .Values.images.tags.db_drop }}
--- a/Show More
+++ b/Show More