diff --git a/calico/templates/daemonset-calico-etcd.yaml b/calico/templates/daemonset-calico-etcd.yaml
index 2ede67cbc..5d937c035 100644
--- a/calico/templates/daemonset-calico-etcd.yaml
+++ b/calico/templates/daemonset-calico-etcd.yaml
@@ -102,6 +102,8 @@ spec:
- --listen-peer-urls={{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}://0.0.0.0:{{ tuple "etcd" "internal" "peer" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- --auto-compaction-retention=1
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: var-etcd
mountPath: /var/etcd
{{ if .Values.conf.etcd.credentials.ca }}
@@ -123,6 +125,8 @@ spec:
readOnly: true
{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: var-etcd
hostPath:
path: /var/etcd
diff --git a/calico/templates/daemonset-calico-node.yaml b/calico/templates/daemonset-calico-node.yaml
index 88b0f9786..4913d33fb 100644
--- a/calico/templates/daemonset-calico-node.yaml
+++ b/calico/templates/daemonset-calico-node.yaml
@@ -180,6 +180,8 @@ spec:
key: tls.crt
{{ end }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- mountPath: /host/etc/calico
name: calico-cert-dir
- mountPath: /host/opt/cni/bin
@@ -230,6 +232,8 @@ spec:
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: cni-bin-dir
mountPath: /host/opt/cni/bin
- name: cni-net-dir
@@ -253,6 +257,8 @@ spec:
readOnly: true
{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
# Used by calico/node.
- name: lib-modules
hostPath:
@@ -368,6 +374,8 @@ spec:
- -felix-ready
periodSeconds: 10
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- mountPath: /lib/modules
name: lib-modules
readOnly: true
diff --git a/calico/templates/deployment-calico-kube-controllers.yaml b/calico/templates/deployment-calico-kube-controllers.yaml
index d88564474..39478f0de 100644
--- a/calico/templates/deployment-calico-kube-controllers.yaml
+++ b/calico/templates/deployment-calico-kube-controllers.yaml
@@ -144,6 +144,8 @@ spec:
# etcd tls mounts
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: calico-etcd-secrets
mountPath: {{ .Values.endpoints.etcd.auth.client.path.ca }}
subPath: tls.ca
@@ -169,6 +171,8 @@ spec:
- /usr/bin/check-status
- -r
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: calico-etcd-secrets
secret:
secretName: calico-etcd-secrets
diff --git a/calico/templates/job-calico-settings.yaml b/calico/templates/job-calico-settings.yaml
index 37bdf3a91..fccc40c0c 100644
--- a/calico/templates/job-calico-settings.yaml
+++ b/calico/templates/job-calico-settings.yaml
@@ -76,6 +76,8 @@ spec:
command:
- /tmp/calico-settings.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: calico-bin
mountPath: /tmp/calico-settings.sh
subPath: calico-settings.sh
@@ -93,6 +95,8 @@ spec:
subPath: tls.key
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: calico-bin
configMap:
name: calico-bin
diff --git a/ceph-client/templates/cronjob-checkPGs.yaml b/ceph-client/templates/cronjob-checkPGs.yaml
index f24a28f2b..1f1306c93 100644
--- a/ceph-client/templates/cronjob-checkPGs.yaml
+++ b/ceph-client/templates/cronjob-checkPGs.yaml
@@ -87,6 +87,8 @@ spec:
command:
- /tmp/utils-checkPGs.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/utils-checkPGs.py
subPath: utils-checkPGs.py
@@ -118,6 +120,8 @@ spec:
restartPolicy: Never
hostNetwork: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-client-bin
configMap:
name: ceph-client-bin
diff --git a/ceph-client/templates/deployment-checkdns.yaml b/ceph-client/templates/deployment-checkdns.yaml
index f3167d17e..44dc69ace 100644
--- a/ceph-client/templates/deployment-checkdns.yaml
+++ b/ceph-client/templates/deployment-checkdns.yaml
@@ -99,11 +99,15 @@ spec:
command:
- /tmp/_start.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/_start.sh
subPath: utils-checkDNS_start.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-client-bin
configMap:
name: ceph-client-bin
diff --git a/ceph-client/templates/deployment-mds.yaml b/ceph-client/templates/deployment-mds.yaml
index 84c6402bd..1e2cdb15c 100644
--- a/ceph-client/templates/deployment-mds.yaml
+++ b/ceph-client/templates/deployment-mds.yaml
@@ -58,6 +58,8 @@ spec:
- name: CLUSTER
value: "ceph"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/init-dirs.sh
subPath: init-dirs.sh
@@ -98,6 +100,8 @@ spec:
port: 6800
timeoutSeconds: 5
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/mds-start.sh
subPath: mds-start.sh
@@ -125,6 +129,8 @@ spec:
mountPath: /run
readOnly: false
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-client-etc
configMap:
name: ceph-client-etc
diff --git a/ceph-client/templates/deployment-mgr.yaml b/ceph-client/templates/deployment-mgr.yaml
index 5db807433..bce4d0c1d 100644
--- a/ceph-client/templates/deployment-mgr.yaml
+++ b/ceph-client/templates/deployment-mgr.yaml
@@ -61,6 +61,8 @@ spec:
- name: CLUSTER
value: "ceph"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/init-dirs.sh
subPath: init-dirs.sh
@@ -126,6 +128,8 @@ spec:
initialDelaySeconds: 30
timeoutSeconds: 5
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /mgr-start.sh
subPath: mgr-start.sh
@@ -167,6 +171,8 @@ spec:
subPath: utils-checkPGs.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-ceph
emptyDir: {}
- name: ceph-client-bin
diff --git a/ceph-client/templates/job-bootstrap.yaml b/ceph-client/templates/job-bootstrap.yaml
index d64cee0d7..5359f4fdc 100644
--- a/ceph-client/templates/job-bootstrap.yaml
+++ b/ceph-client/templates/job-bootstrap.yaml
@@ -45,6 +45,8 @@ spec:
command:
- /tmp/bootstrap.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
@@ -58,6 +60,8 @@ spec:
subPath: ceph.client.admin.keyring
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-client-bin
configMap:
name: ceph-client-bin
diff --git a/ceph-client/templates/job-rbd-pool.yaml b/ceph-client/templates/job-rbd-pool.yaml
index bc19135d9..ab96e5723 100644
--- a/ceph-client/templates/job-rbd-pool.yaml
+++ b/ceph-client/templates/job-rbd-pool.yaml
@@ -51,6 +51,8 @@ spec:
command:
- /tmp/pool-init.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/pool-init.sh
subPath: pool-init.sh
@@ -74,6 +76,8 @@ spec:
mountPath: /run
readOnly: false
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-client-etc
configMap:
name: ceph-client-etc
diff --git a/ceph-client/templates/pod-helm-tests.yaml b/ceph-client/templates/pod-helm-tests.yaml
index d32e8aac8..b94f1d4cd 100644
--- a/ceph-client/templates/pod-helm-tests.yaml
+++ b/ceph-client/templates/pod-helm-tests.yaml
@@ -58,6 +58,8 @@ spec:
command:
- /tmp/helm-tests.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-client-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
@@ -71,6 +73,8 @@ spec:
subPath: ceph.conf
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-client-bin
configMap:
name: ceph-client-bin
diff --git a/ceph-mon/templates/daemonset-mon.yaml b/ceph-mon/templates/daemonset-mon.yaml
index 486f9bf02..610a08824 100644
--- a/ceph-mon/templates/daemonset-mon.yaml
+++ b/ceph-mon/templates/daemonset-mon.yaml
@@ -83,6 +83,8 @@ spec:
- name: CLUSTER
value: "ceph"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-mon-bin
mountPath: /tmp/init-dirs.sh
subPath: init-dirs.sh
@@ -103,6 +105,8 @@ spec:
- ceph:root
- /var/log/ceph
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-var-log
mountPath: /var/log/ceph
readOnly: false
@@ -164,6 +168,8 @@ spec:
initialDelaySeconds: 60
periodSeconds: 60
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-mon-bin
mountPath: /tmp/mon-start.sh
subPath: mon-start.sh
@@ -214,6 +220,8 @@ spec:
mountPath: /var/log/ceph
readOnly: false
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-var-log
hostPath:
path: {{ print "/var/log/ceph/" $envAll.Release.Name }}
diff --git a/ceph-mon/templates/deployment-moncheck.yaml b/ceph-mon/templates/deployment-moncheck.yaml
index 34f439dd2..b0b6a869c 100644
--- a/ceph-mon/templates/deployment-moncheck.yaml
+++ b/ceph-mon/templates/deployment-moncheck.yaml
@@ -68,6 +68,8 @@ spec:
ports:
- containerPort: {{ tuple "ceph_mon" "internal" "mon" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-mon-bin
mountPath: /tmp/moncheck-start.sh
subPath: moncheck-start.sh
@@ -99,6 +101,8 @@ spec:
mountPath: /run
readOnly: false
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-mon-etc
configMap:
name: ceph-mon-etc
diff --git a/ceph-mon/templates/job-bootstrap.yaml b/ceph-mon/templates/job-bootstrap.yaml
index d409e0f24..5822d5eae 100644
--- a/ceph-mon/templates/job-bootstrap.yaml
+++ b/ceph-mon/templates/job-bootstrap.yaml
@@ -45,6 +45,8 @@ spec:
command:
- /tmp/bootstrap.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-mon-bin
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
@@ -58,6 +60,8 @@ spec:
subPath: ceph.client.admin.keyring
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-mon-bin
configMap:
name: ceph-mon-bin
diff --git a/ceph-mon/templates/job-keyring.yaml b/ceph-mon/templates/job-keyring.yaml
index d41de1ae2..b82854b88 100644
--- a/ceph-mon/templates/job-keyring.yaml
+++ b/ceph-mon/templates/job-keyring.yaml
@@ -96,6 +96,8 @@ spec:
command:
- /tmp/keys-bootstrap-keyring-manager.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-mon-bin
mountPath: /tmp/keys-bootstrap-keyring-manager.sh
subPath: keys-bootstrap-keyring-manager.sh
@@ -108,6 +110,8 @@ spec:
mountPath: /tmp/templates
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-mon-bin
configMap:
name: ceph-mon-bin
diff --git a/ceph-mon/templates/job-storage-admin-keys.yaml b/ceph-mon/templates/job-storage-admin-keys.yaml
index d311565dc..49640ec74 100644
--- a/ceph-mon/templates/job-storage-admin-keys.yaml
+++ b/ceph-mon/templates/job-storage-admin-keys.yaml
@@ -89,6 +89,8 @@ spec:
command:
- /tmp/keys-storage-keyring-manager.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-mon-bin
mountPath: /tmp/keys-storage-keyring-manager.sh
subPath: keys-storage-keyring-manager.sh
@@ -101,6 +103,8 @@ spec:
mountPath: /tmp/templates
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-mon-bin
configMap:
name: ceph-mon-bin
diff --git a/ceph-osd/templates/cronjob-defragosds.yaml b/ceph-osd/templates/cronjob-defragosds.yaml
index d57099e64..da7ba9b42 100644
--- a/ceph-osd/templates/cronjob-defragosds.yaml
+++ b/ceph-osd/templates/cronjob-defragosds.yaml
@@ -84,9 +84,12 @@ spec:
fieldPath: metadata.namespace
- name: KUBECTL_PARAM
value: {{ tuple $envAll "ceph" "ceph-defragosd" | include "helm-toolkit.snippets.kubernetes_kubectl_params" | indent 10 }}
- command: ["/tmp/utils-defragOSDs.sh"]
- args: ["cron"]
+ command:
+ - /tmp/utils-defragOSDs.sh
+ - cron
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-osd-bin
mountPath: /tmp/utils-defragOSDs.sh
subPath: utils-defragOSDs.sh
@@ -94,6 +97,8 @@ spec:
restartPolicy: Never
hostNetwork: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-osd-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }}
diff --git a/ceph-osd/templates/daemonset-osd.yaml b/ceph-osd/templates/daemonset-osd.yaml
index 69b1dff88..f4062ce1b 100644
--- a/ceph-osd/templates/daemonset-osd.yaml
+++ b/ceph-osd/templates/daemonset-osd.yaml
@@ -76,6 +76,8 @@ spec:
- name: MON_PORT
value: {{ tuple "ceph_mon" "internal" "mon" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-osd-bin
mountPath: /tmp/init-dirs.sh
subPath: init-dirs.sh
@@ -123,6 +125,8 @@ spec:
- ceph:root
- /var/log/ceph
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-var-log
mountPath: /var/log/ceph
readOnly: false
@@ -157,6 +161,8 @@ spec:
command:
- /tmp/osd-init.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-osd-bin
mountPath: /tmp/osd-init.sh
subPath: osd-init.sh
@@ -248,6 +254,8 @@ spec:
initialDelaySeconds: 60
periodSeconds: 60
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-osd-bin
mountPath: /tmp/osd-start.sh
subPath: osd-start.sh
@@ -314,6 +322,8 @@ spec:
mountPath: /var/log/ceph
readOnly: false
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: devices
hostPath:
path: /dev
diff --git a/ceph-osd/templates/job-bootstrap.yaml b/ceph-osd/templates/job-bootstrap.yaml
index 792558fe4..5bff221a7 100644
--- a/ceph-osd/templates/job-bootstrap.yaml
+++ b/ceph-osd/templates/job-bootstrap.yaml
@@ -45,6 +45,8 @@ spec:
command:
- /tmp/bootstrap.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-osd-bin
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
@@ -58,6 +60,8 @@ spec:
subPath: ceph.client.admin.keyring
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-osd-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }}
diff --git a/ceph-osd/templates/pod-helm-tests.yaml b/ceph-osd/templates/pod-helm-tests.yaml
index 1af8ad0c2..590786f2a 100644
--- a/ceph-osd/templates/pod-helm-tests.yaml
+++ b/ceph-osd/templates/pod-helm-tests.yaml
@@ -43,6 +43,8 @@ spec:
command:
- /tmp/helm-tests.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-osd-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
@@ -56,6 +58,8 @@ spec:
subPath: ceph.conf
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-osd-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "bin" | quote }}
diff --git a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml
index f0b7b2152..775f5c6ec 100644
--- a/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml
+++ b/ceph-provisioners/templates/deployment-cephfs-provisioner.yaml
@@ -172,11 +172,15 @@ spec:
command:
- /tmp/provisioner-cephfs-start.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-provisioners-bin
mountPath: /tmp/provisioner-cephfs-start.sh
subPath: provisioner-cephfs-start.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-provisioners-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }}
diff --git a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml
index cf2e10891..086915741 100644
--- a/ceph-provisioners/templates/deployment-rbd-provisioner.yaml
+++ b/ceph-provisioners/templates/deployment-rbd-provisioner.yaml
@@ -162,11 +162,15 @@ spec:
command:
- /tmp/provisioner-rbd-start.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-provisioners-bin
mountPath: /tmp/provisioner-rbd-start.sh
subPath: provisioner-rbd-start.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-provisioners-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }}
diff --git a/ceph-provisioners/templates/job-bootstrap.yaml b/ceph-provisioners/templates/job-bootstrap.yaml
index d2e165977..b7f5bd856 100644
--- a/ceph-provisioners/templates/job-bootstrap.yaml
+++ b/ceph-provisioners/templates/job-bootstrap.yaml
@@ -45,6 +45,8 @@ spec:
command:
- /tmp/bootstrap.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-provisioners-bin
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
@@ -58,6 +60,8 @@ spec:
subPath: ceph.client.admin.keyring
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-provisioners-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }}
diff --git a/ceph-provisioners/templates/job-cephfs-client-key.yaml b/ceph-provisioners/templates/job-cephfs-client-key.yaml
index a5b396b66..310fb21c2 100644
--- a/ceph-provisioners/templates/job-cephfs-client-key.yaml
+++ b/ceph-provisioners/templates/job-cephfs-client-key.yaml
@@ -114,11 +114,15 @@ spec:
command:
- /tmp/provisioner-cephfs-client-key-manager.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-provisioners-bin
mountPath: /tmp/provisioner-cephfs-client-key-manager.sh
subPath: provisioner-cephfs-client-key-manager.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-provisioners-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin" | quote }}
diff --git a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml
index 1dd5d81c0..1d24e65be 100644
--- a/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml
+++ b/ceph-provisioners/templates/job-namespace-client-key-cleaner.yaml
@@ -81,11 +81,15 @@ spec:
command:
- /tmp/provisioner-rbd-namespace-client-key-cleaner.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-provisioners-bin-clients
mountPath: /tmp/provisioner-rbd-namespace-client-key-cleaner.sh
subPath: provisioner-rbd-namespace-client-key-cleaner.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-provisioners-bin-clients
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }}
diff --git a/ceph-provisioners/templates/job-namespace-client-key.yaml b/ceph-provisioners/templates/job-namespace-client-key.yaml
index a15677513..907dbfa94 100644
--- a/ceph-provisioners/templates/job-namespace-client-key.yaml
+++ b/ceph-provisioners/templates/job-namespace-client-key.yaml
@@ -112,11 +112,15 @@ spec:
command:
- /tmp/provisioner-rbd-namespace-client-key-manager.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-provisioners-bin-clients
mountPath: /tmp/provisioner-rbd-namespace-client-key-manager.sh
subPath: provisioner-rbd-namespace-client-key-manager.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-provisioners-bin-clients
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "ceph-prov-bin-clients" | quote }}
diff --git a/ceph-rgw/templates/deployment-rgw.yaml b/ceph-rgw/templates/deployment-rgw.yaml
index 0b59bfa83..1b2d03dfa 100644
--- a/ceph-rgw/templates/deployment-rgw.yaml
+++ b/ceph-rgw/templates/deployment-rgw.yaml
@@ -69,6 +69,8 @@ spec:
- name: CLUSTER
value: "ceph"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-rgw-bin
mountPath: /tmp/init-dirs.sh
subPath: init-dirs.sh
@@ -102,6 +104,8 @@ spec:
command:
- /tmp/rgw-init.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-etc-ceph
mountPath: /etc/ceph
- name: ceph-rgw-bin
@@ -137,6 +141,8 @@ spec:
port: {{ tuple "object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
timeoutSeconds: 5
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-rgw-bin
mountPath: /tmp/rgw-start.sh
subPath: rgw-start.sh
@@ -158,6 +164,8 @@ spec:
mountPath: /run
readOnly: false
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-ceph
emptyDir: {}
- name: ceph-rgw-bin
diff --git a/ceph-rgw/templates/job-rgw-storage-init.yaml b/ceph-rgw/templates/job-rgw-storage-init.yaml
index bd382aeb2..28a4cdf9c 100644
--- a/ceph-rgw/templates/job-rgw-storage-init.yaml
+++ b/ceph-rgw/templates/job-rgw-storage-init.yaml
@@ -71,6 +71,8 @@ spec:
command:
- /tmp/ceph-admin-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: ceph-rgw-bin
@@ -95,6 +97,8 @@ spec:
command:
- /tmp/storage-init.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ceph-rgw-bin
mountPath: /tmp/storage-init.sh
subPath: storage-init.sh
@@ -113,6 +117,8 @@ spec:
subPath: key
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ceph-rgw-bin
configMap:
name: ceph-rgw-bin
diff --git a/ceph-rgw/templates/job-s3-admin.yaml b/ceph-rgw/templates/job-s3-admin.yaml
index 2d0c173bb..701c2eebf 100644
--- a/ceph-rgw/templates/job-s3-admin.yaml
+++ b/ceph-rgw/templates/job-s3-admin.yaml
@@ -76,6 +76,8 @@ spec:
command:
- /tmp/ceph-admin-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: ceph-rgw-bin
@@ -110,6 +112,8 @@ spec:
command:
- /tmp/rgw-s3-admin.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: ceph-rgw-bin
@@ -125,6 +129,8 @@ spec:
subPath: key
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: etcceph
emptyDir: {}
- name: ceph-rgw-bin
diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml
index 17b117fe1..a3918607f 100644
--- a/ceph-rgw/templates/pod-helm-tests.yaml
+++ b/ceph-rgw/templates/pod-helm-tests.yaml
@@ -53,6 +53,8 @@ spec:
command:
- /tmp/helm-tests.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: ceph-rgw-bin
@@ -67,7 +69,30 @@ spec:
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
+{{- end }}
+{{ if .Values.conf.rgw_s3.enabled }}
+ - name: ceph-rgw-s3-validation
+{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }}
+{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+ env:
+{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }}
+{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }}
+{{- end }}
+ - name: RGW_HOST
+ value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
+ command:
+ - /tmp/helm-tests.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: ceph-rgw-bin
+ mountPath: /tmp/helm-tests.sh
+ subPath: helm-tests.sh
+ readOnly: true
+{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: etcceph
emptyDir: {}
- name: ceph-rgw-bin
@@ -82,28 +107,3 @@ spec:
name: ceph-rgw-etc
defaultMode: 0444
{{- end }}
-{{ if .Values.conf.rgw_s3.enabled }}
- containers:
- - name: ceph-rgw-s3-validation
-{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }}
-{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
- env:
-{{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }}
-{{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }}
-{{- end }}
- - name: RGW_HOST
- value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
- command:
- - /tmp/helm-tests.sh
- volumeMounts:
- - name: ceph-rgw-bin
- mountPath: /tmp/helm-tests.sh
- subPath: helm-tests.sh
- readOnly: true
- volumes:
- - name: ceph-rgw-bin
- configMap:
- name: ceph-rgw-bin
- defaultMode: 0555
-{{- end }}
-{{- end }}
diff --git a/elastic-apm-server/templates/deployment.yaml b/elastic-apm-server/templates/deployment.yaml
index f94916828..447821b4c 100644
--- a/elastic-apm-server/templates/deployment.yaml
+++ b/elastic-apm-server/templates/deployment.yaml
@@ -109,6 +109,8 @@ spec:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elastic-apm-server-etc
mountPath: /usr/share/apm-server/apm-server.yml
readOnly: true
@@ -117,6 +119,8 @@ spec:
mountPath: /usr/share/apm-server/data
{{ if $mounts_elastic_apm_server.volumeMounts }}{{ toYaml $mounts_elastic_apm_server.volumeMounts | indent 8 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elastic-apm-server-etc
configMap:
name: elastic-apm-server-etc
diff --git a/elastic-filebeat/templates/daemonset.yaml b/elastic-filebeat/templates/daemonset.yaml
index 5026ac9f8..288d36e80 100644
--- a/elastic-filebeat/templates/daemonset.yaml
+++ b/elastic-filebeat/templates/daemonset.yaml
@@ -127,6 +127,8 @@ spec:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: data
mountPath: /usr/share/filebeat/data
- name: varlog
@@ -140,6 +142,8 @@ spec:
subPath: filebeat.yml
{{ if $mounts_filebeat.volumeMounts }}{{ toYaml $mounts_filebeat.volumeMounts | indent 8 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: varlog
hostPath:
path: /var/log
diff --git a/elastic-metricbeat/templates/daemonset-node-metrics.yaml b/elastic-metricbeat/templates/daemonset-node-metrics.yaml
index ad1852717..481369e91 100644
--- a/elastic-metricbeat/templates/daemonset-node-metrics.yaml
+++ b/elastic-metricbeat/templates/daemonset-node-metrics.yaml
@@ -134,6 +134,8 @@ spec:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: metricbeat-etc
mountPath: /etc/metricbeat.yml
subPath: metricbeat.yml
@@ -156,20 +158,22 @@ spec:
readOnly: true
{{ if $mounts_metricbeat.volumeMounts }}{{ toYaml $mounts_metricbeat.volumeMounts | indent 12 }}{{ end }}
volumes:
- - name: proc
- hostPath:
- path: /proc
- - name: cgroup
- hostPath:
- path: /sys/fs/cgroup
- - name: dockersock
- hostPath:
- path: /var/run/docker.sock
- - name: metricbeat-etc
- configMap:
- defaultMode: 0444
- name: metricbeat-etc
- - name: data
- emptyDir: {}
+ - name: pod-tmp
+ emptyDir: {}
+ - name: proc
+ hostPath:
+ path: /proc
+ - name: cgroup
+ hostPath:
+ path: /sys/fs/cgroup
+ - name: dockersock
+ hostPath:
+ path: /var/run/docker.sock
+ - name: metricbeat-etc
+ configMap:
+ defaultMode: 0444
+ name: metricbeat-etc
+ - name: data
+ emptyDir: {}
{{ if $mounts_metricbeat.volumes }}{{ toYaml $mounts_metricbeat.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/elastic-metricbeat/templates/deployment-modules.yaml b/elastic-metricbeat/templates/deployment-modules.yaml
index 0b7caaeb9..4e1c60236 100644
--- a/elastic-metricbeat/templates/deployment-modules.yaml
+++ b/elastic-metricbeat/templates/deployment-modules.yaml
@@ -83,6 +83,8 @@ spec:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: metricbeat-etc
mountPath: /etc/metricbeat.yml
subPath: metricbeat.yml
@@ -100,6 +102,8 @@ spec:
subPath: rabbitmq.yml
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: metricbeat-etc
configMap:
name: metricbeat-etc
diff --git a/elastic-packetbeat/templates/daemonset.yaml b/elastic-packetbeat/templates/daemonset.yaml
index a3d167ad9..7e09dc2e4 100644
--- a/elastic-packetbeat/templates/daemonset.yaml
+++ b/elastic-packetbeat/templates/daemonset.yaml
@@ -134,12 +134,16 @@ spec:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: packetbeat-etc
mountPath: /etc/packetbeat/packetbeat.yml
subPath: packetbeat.yml
readOnly: true
{{ if $mounts_packetbeat.volumeMounts }}{{ toYaml $mounts_packetbeat.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: packetbeat-etc
configMap:
defaultMode: 0444
diff --git a/elasticsearch/templates/cron-job-curator.yaml b/elasticsearch/templates/cron-job-curator.yaml
index 877ee4c7c..ddb14fe32 100644
--- a/elasticsearch/templates/cron-job-curator.yaml
+++ b/elasticsearch/templates/cron-job-curator.yaml
@@ -59,6 +59,8 @@ spec:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_URI
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-etc-curator
mountPath: /etc/config
- name: elasticsearch-bin
@@ -74,6 +76,8 @@ spec:
subPath: action_file.yml
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-curator
emptyDir: {}
- name: elasticsearch-bin
diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml
index 4d0144e1d..27a0128c4 100644
--- a/elasticsearch/templates/deployment-client.yaml
+++ b/elasticsearch/templates/deployment-client.yaml
@@ -130,6 +130,8 @@ spec:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-bin
mountPath: /tmp/apache.sh
subPath: apache.sh
@@ -192,6 +194,8 @@ spec:
- name: ES_PLUGINS_INSTALL
value: "elasticsearch-s3"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-logs
mountPath: {{ .Values.conf.elasticsearch.config.path.logs }}
- name: elasticsearch-bin
@@ -212,6 +216,8 @@ spec:
mountPath: {{ .Values.conf.elasticsearch.config.path.data }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elasticsearch-config
emptyDir: {}
- name: elasticsearch-logs
diff --git a/elasticsearch/templates/deployment-master.yaml b/elasticsearch/templates/deployment-master.yaml
index 9af21c1c4..575034363 100644
--- a/elasticsearch/templates/deployment-master.yaml
+++ b/elasticsearch/templates/deployment-master.yaml
@@ -150,6 +150,8 @@ spec:
- name: ES_PLUGINS_INSTALL
value: "elasticsearch-s3"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-logs
mountPath: {{ .Values.conf.elasticsearch.config.path.logs }}
- name: elasticsearch-bin
@@ -170,6 +172,8 @@ spec:
mountPath: {{ .Values.conf.elasticsearch.config.path.data }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elasticsearch-logs
emptyDir: {}
- name: elasticsearch-config
diff --git a/elasticsearch/templates/job-es-cluster-wait.yaml b/elasticsearch/templates/job-es-cluster-wait.yaml
index e9e8a47c1..aeb30a20e 100644
--- a/elasticsearch/templates/job-es-cluster-wait.yaml
+++ b/elasticsearch/templates/job-es-cluster-wait.yaml
@@ -60,11 +60,15 @@ spec:
command:
- /tmp/es-cluster-wait.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-bin
mountPath: /tmp/es-cluster-wait.sh
subPath: es-cluster-wait.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elasticsearch-bin
configMap:
name: elasticsearch-bin
diff --git a/elasticsearch/templates/job-register-snapshot-repository.yaml b/elasticsearch/templates/job-register-snapshot-repository.yaml
index c30de45e6..7bcddfe91 100644
--- a/elasticsearch/templates/job-register-snapshot-repository.yaml
+++ b/elasticsearch/templates/job-register-snapshot-repository.yaml
@@ -75,11 +75,15 @@ spec:
command:
- /tmp/register-repository.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-bin
mountPath: /tmp/register-repository.sh
subPath: register-repository.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elasticsearch-bin
configMap:
name: elasticsearch-bin
diff --git a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
index 18253e154..84a1dfe44 100644
--- a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
+++ b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
@@ -77,11 +77,15 @@ spec:
initialDelaySeconds: 20
periodSeconds: 10
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-exporter-bin
mountPath: /tmp/elasticsearch-exporter.sh
subPath: elasticsearch-exporter.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elasticsearch-exporter-bin
configMap:
name: elasticsearch-exporter-bin
diff --git a/elasticsearch/templates/pod-helm-tests.yaml b/elasticsearch/templates/pod-helm-tests.yaml
index 442c87913..bee2b8c91 100644
--- a/elasticsearch/templates/pod-helm-tests.yaml
+++ b/elasticsearch/templates/pod-helm-tests.yaml
@@ -57,11 +57,15 @@ spec:
- name: ELASTICSEARCH_ENDPOINT
value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elasticsearch-bin
configMap:
name: elasticsearch-bin
diff --git a/elasticsearch/templates/statefulset-data.yaml b/elasticsearch/templates/statefulset-data.yaml
index 5db387c3f..95ee2ea10 100644
--- a/elasticsearch/templates/statefulset-data.yaml
+++ b/elasticsearch/templates/statefulset-data.yaml
@@ -148,6 +148,8 @@ spec:
- name: ES_PLUGINS_INSTALL
value: "elasticsearch-s3"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: elasticsearch-logs
mountPath: {{ .Values.conf.elasticsearch.config.path.logs }}
- name: elasticsearch-bin
@@ -168,6 +170,8 @@ spec:
mountPath: {{ .Values.conf.elasticsearch.config.path.data }}
{{ if $mounts_elasticsearch.volumeMounts }}{{ toYaml $mounts_elasticsearch.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: elasticsearch-logs
emptyDir: {}
- name: elasticsearch-config
diff --git a/etcd/templates/deployment.yaml b/etcd/templates/deployment.yaml
index acfffd4c8..45a3a2003 100644
--- a/etcd/templates/deployment.yaml
+++ b/etcd/templates/deployment.yaml
@@ -60,11 +60,15 @@ spec:
tcpSocket:
port: {{ tuple "etcd" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcd-bin
mountPath: /tmp/etcd.sh
subPath: etcd.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: etcd-bin
configMap:
name: {{ $configMapBinName | quote }}
diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml
index 68dba4992..f299e1116 100644
--- a/falco/templates/daemonset.yaml
+++ b/falco/templates/daemonset.yaml
@@ -90,6 +90,8 @@ spec:
args:
- /tmp/falco.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- mountPath: /tmp/falco.sh
name: falco-bin
subPath: falco.sh
@@ -115,6 +117,8 @@ spec:
name: rules-volume
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: falco-bin
configMap:
name: falco-bin
diff --git a/flannel/templates/daemonset-kube-flannel-ds.yaml b/flannel/templates/daemonset-kube-flannel-ds.yaml
index 165edb89c..7f3524564 100644
--- a/flannel/templates/daemonset-kube-flannel-ds.yaml
+++ b/flannel/templates/daemonset-kube-flannel-ds.yaml
@@ -110,6 +110,8 @@ spec:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: run
mountPath: /run
- name: flannel-cfg
@@ -118,11 +120,15 @@ spec:
image: {{ .Values.images.tags.flannel }}
command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ]
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: run
hostPath:
path: /run
diff --git a/fluent-logging/templates/daemonset-fluent-bit.yaml b/fluent-logging/templates/daemonset-fluent-bit.yaml
index fa2fd31bb..468620c58 100644
--- a/fluent-logging/templates/daemonset-fluent-bit.yaml
+++ b/fluent-logging/templates/daemonset-fluent-bit.yaml
@@ -118,6 +118,8 @@ spec:
- name: FLUENTD_PORT
value: {{ tuple "fluentd" "internal" "service" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: fluent-logging-bin
mountPath: /tmp/fluent-bit.sh
subPath: fluent-bit.sh
@@ -138,6 +140,8 @@ spec:
readOnly: true
{{ if $mounts_fluentbit.volumeMounts }}{{ toYaml $mounts_fluentbit.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: varlog
hostPath:
path: /var/log
diff --git a/fluent-logging/templates/deployment-fluentd.yaml b/fluent-logging/templates/deployment-fluentd.yaml
index 14123e446..232d9f2df 100644
--- a/fluent-logging/templates/deployment-fluentd.yaml
+++ b/fluent-logging/templates/deployment-fluentd.yaml
@@ -145,6 +145,8 @@ spec:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-etc-fluentd
mountPath: /fluentd/etc
- name: fluent-logging-etc
@@ -157,6 +159,8 @@ spec:
readOnly: true
{{- if $mounts_fluentd.volumeMounts }}{{ toYaml $mounts_fluentd.volumeMounts | indent 12 }}{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-fluentd
emptyDir: {}
- name: fluent-logging-etc
diff --git a/fluent-logging/templates/job-elasticsearch-template.yaml b/fluent-logging/templates/job-elasticsearch-template.yaml
index ef60ecd28..ae8bf9ec6 100644
--- a/fluent-logging/templates/job-elasticsearch-template.yaml
+++ b/fluent-logging/templates/job-elasticsearch-template.yaml
@@ -63,6 +63,8 @@ spec:
command:
- /tmp/create_template.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: fluent-logging-bin
mountPath: /tmp/create_template.sh
subPath: create_template.sh
@@ -75,6 +77,8 @@ spec:
{{ end }}
{{ if $mounts_elasticsearch_template.volumeMounts }}{{ toYaml $mounts_elasticsearch_template.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: fluent-logging-bin
configMap:
name: fluent-logging-bin
diff --git a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml
index 65caec9bc..bf0ed53af 100644
--- a/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml
+++ b/fluent-logging/templates/monitoring/prometheus/exporter-deployment.yaml
@@ -68,11 +68,15 @@ spec:
- name: FLUENTD_METRICS_HOST
value: {{ $fluentd_metrics_host }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: fluentd-exporter-bin
mountPath: /tmp/fluentd-exporter.sh
subPath: fluentd-exporter.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: fluentd-exporter-bin
configMap:
name: fluentd-exporter-bin
diff --git a/fluent-logging/templates/pod-helm-tests.yaml b/fluent-logging/templates/pod-helm-tests.yaml
index 74853e5d5..992c0b019 100644
--- a/fluent-logging/templates/pod-helm-tests.yaml
+++ b/fluent-logging/templates/pod-helm-tests.yaml
@@ -42,28 +42,32 @@ spec:
{{ tuple $envAll "helm_tests" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
command:
- - /tmp/helm-tests.sh
+ - /tmp/helm-tests.sh
env:
- - name: ELASTICSEARCH_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ $esUserSecret }}
- key: ELASTICSEARCH_USERNAME
- - name: ELASTICSEARCH_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $esUserSecret }}
- key: ELASTICSEARCH_PASSWORD
- - name: ELASTICSEARCH_ENDPOINT
- value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
+ - name: ELASTICSEARCH_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: {{ $esUserSecret }}
+ key: ELASTICSEARCH_USERNAME
+ - name: ELASTICSEARCH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ $esUserSecret }}
+ key: ELASTICSEARCH_PASSWORD
+ - name: ELASTICSEARCH_ENDPOINT
+ value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
- - name: fluent-logging-bin
- mountPath: /tmp/helm-tests.sh
- subPath: helm-tests.sh
- readOnly: true
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: fluent-logging-bin
+ mountPath: /tmp/helm-tests.sh
+ subPath: helm-tests.sh
+ readOnly: true
volumes:
- - name: fluent-logging-bin
- configMap:
- name: fluent-logging-bin
- defaultMode: 0555
+ - name: pod-tmp
+ emptyDir: {}
+ - name: fluent-logging-bin
+ configMap:
+ name: fluent-logging-bin
+ defaultMode: 0555
{{- end }}
diff --git a/gnocchi/templates/cron-job-resources-cleaner.yaml b/gnocchi/templates/cron-job-resources-cleaner.yaml
index 01f7beb9b..3417e07e9 100644
--- a/gnocchi/templates/cron-job-resources-cleaner.yaml
+++ b/gnocchi/templates/cron-job-resources-cleaner.yaml
@@ -70,27 +70,31 @@ spec:
command:
- /tmp/gnocchi-resources-cleaner.sh
volumeMounts:
- - name: gnocchi-bin
- mountPath: /tmp/gnocchi-resources-cleaner.sh
- subPath: gnocchi-resources-cleaner.sh
- readOnly: true
- - name: pod-etc-gnocchi
- mountPath: /etc/gnocchi
- - name: gnocchi-etc
- mountPath: /etc/gnocchi/gnocchi.conf
- subPath: gnocchi.conf
- readOnly: true
-{{ if $mounts_gnocchi_resources_cleaner.volumeMounts }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumeMounts | indent 14 }}{{ end }}
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: gnocchi-bin
+ mountPath: /tmp/gnocchi-resources-cleaner.sh
+ subPath: gnocchi-resources-cleaner.sh
+ readOnly: true
+ - name: pod-etc-gnocchi
+ mountPath: /etc/gnocchi
+ - name: gnocchi-etc
+ mountPath: /etc/gnocchi/gnocchi.conf
+ subPath: gnocchi.conf
+ readOnly: true
+{{ if $mounts_gnocchi_resources_cleaner.volumeMounts }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumeMounts | indent 16 }}{{ end }}
volumes:
- - name: pod-etc-gnocchi
- emptyDir: {}
- - name: gnocchi-etc
- secret:
- secretName: gnocchi-etc
- defaultMode: 0444
- - name: gnocchi-bin
- configMap:
- name: gnocchi-bin
- defaultMode: 0555
-{{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 10 }}{{ end }}
+ - name: pod-tmp
+ emptyDir: {}
+ - name: pod-etc-gnocchi
+ emptyDir: {}
+ - name: gnocchi-etc
+ secret:
+ secretName: gnocchi-etc
+ defaultMode: 0444
+ - name: gnocchi-bin
+ configMap:
+ name: gnocchi-bin
+ defaultMode: 0555
+{{ if $mounts_gnocchi_resources_cleaner.volumes }}{{ toYaml $mounts_gnocchi_resources_cleaner.volumes | indent 12 }}{{ end }}
{{- end }}
diff --git a/gnocchi/templates/daemonset-metricd.yaml b/gnocchi/templates/daemonset-metricd.yaml
index 0bbb233da..a77549a3f 100644
--- a/gnocchi/templates/daemonset-metricd.yaml
+++ b/gnocchi/templates/daemonset-metricd.yaml
@@ -53,6 +53,8 @@ spec:
command:
- /tmp/ceph-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
@@ -70,6 +72,8 @@ spec:
command:
- /tmp/gnocchi-metricd.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-etc-gnocchi
mountPath: /etc/gnocchi
- name: gnocchi-etc
@@ -96,6 +100,8 @@ spec:
readOnly: true
{{ if $mounts_gnocchi_metricd.volumeMounts }}{{ toYaml $mounts_gnocchi_metricd.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-gnocchi
emptyDir: {}
- name: gnocchi-etc
diff --git a/gnocchi/templates/daemonset-statsd.yaml b/gnocchi/templates/daemonset-statsd.yaml
index 733419d7b..fd63ed010 100644
--- a/gnocchi/templates/daemonset-statsd.yaml
+++ b/gnocchi/templates/daemonset-statsd.yaml
@@ -52,6 +52,8 @@ spec:
command:
- /tmp/ceph-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
@@ -72,6 +74,8 @@ spec:
- name: gn-stats
containerPort: {{ tuple "metric_statsd" "internal" "statsd" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-etc-gnocchi
mountPath: /etc/gnocchi
- name: gnocchi-etc
@@ -102,6 +106,8 @@ spec:
readOnly: true
{{ if $mounts_gnocchi_statsd.volumeMounts }}{{ toYaml $mounts_gnocchi_statsd.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-gnocchi
emptyDir: {}
- name: gnocchi-etc
diff --git a/gnocchi/templates/deployment-api.yaml b/gnocchi/templates/deployment-api.yaml
index 031d24d13..1c1f5e499 100644
--- a/gnocchi/templates/deployment-api.yaml
+++ b/gnocchi/templates/deployment-api.yaml
@@ -57,6 +57,8 @@ spec:
command:
- /tmp/ceph-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
@@ -87,6 +89,8 @@ spec:
tcpSocket:
port: {{ tuple "metric" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-etc-gnocchi
mountPath: /etc/gnocchi
- name: gnocchi-etc
@@ -121,6 +125,8 @@ spec:
readOnly: true
{{ if $mounts_gnocchi_api.volumeMounts }}{{ toYaml $mounts_gnocchi_api.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-gnocchi
emptyDir: {}
- name: gnocchi-etc
diff --git a/gnocchi/templates/job-clean.yaml b/gnocchi/templates/job-clean.yaml
index 6ff83aa66..e16b2472a 100644
--- a/gnocchi/templates/job-clean.yaml
+++ b/gnocchi/templates/job-clean.yaml
@@ -79,11 +79,15 @@ spec:
command:
- /tmp/clean-secrets.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: gnocchi-bin
mountPath: /tmp/clean-secrets.sh
subPath: clean-secrets.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: gnocchi-bin
configMap:
name: gnocchi-bin
diff --git a/gnocchi/templates/job-db-init-indexer.yaml b/gnocchi/templates/job-db-init-indexer.yaml
index ad472908d..660527653 100644
--- a/gnocchi/templates/job-db-init-indexer.yaml
+++ b/gnocchi/templates/job-db-init-indexer.yaml
@@ -55,6 +55,8 @@ spec:
command:
- /tmp/db-init.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
@@ -65,6 +67,8 @@ spec:
subPath: db-init.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: gnocchi-etc
secret:
secretName: gnocchi-etc
diff --git a/gnocchi/templates/job-db-sync.yaml b/gnocchi/templates/job-db-sync.yaml
index bdb0f95b6..301229c09 100644
--- a/gnocchi/templates/job-db-sync.yaml
+++ b/gnocchi/templates/job-db-sync.yaml
@@ -41,6 +41,8 @@ spec:
command:
- /tmp/ceph-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
@@ -58,6 +60,8 @@ spec:
command:
- /tmp/db-sync.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
@@ -75,6 +79,8 @@ spec:
subPath: key
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: gnocchi-etc
secret:
secretName: gnocchi-etc
diff --git a/gnocchi/templates/job-storage-init.yaml b/gnocchi/templates/job-storage-init.yaml
index ae5046b2f..8b43e707f 100644
--- a/gnocchi/templates/job-storage-init.yaml
+++ b/gnocchi/templates/job-storage-init.yaml
@@ -71,6 +71,8 @@ spec:
command:
- /tmp/ceph-admin-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: gnocchi-bin
@@ -101,6 +103,8 @@ spec:
command:
- /tmp/storage-init.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: gnocchi-bin
mountPath: /tmp/storage-init.sh
subPath: storage-init.sh
@@ -116,6 +120,8 @@ spec:
subPath: key
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: gnocchi-bin
configMap:
name: gnocchi-bin
diff --git a/gnocchi/templates/pod-gnocchi-test.yaml b/gnocchi/templates/pod-gnocchi-test.yaml
index df02983ce..b1186e800 100644
--- a/gnocchi/templates/pod-gnocchi-test.yaml
+++ b/gnocchi/templates/pod-gnocchi-test.yaml
@@ -59,6 +59,8 @@ spec:
command:
- /tmp/gnocchi-test.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: gnocchi-etc
mountPath: /etc/gnocchi/gnocchi.conf
subPath: gnocchi.conf
@@ -69,6 +71,8 @@ spec:
readOnly: true
{{ if $mounts_gnocchi_tests.volumeMounts }}{{ toYaml $mounts_gnocchi_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: gnocchi-etc
secret:
secretName: gnocchi-etc
diff --git a/grafana/templates/deployment.yaml b/grafana/templates/deployment.yaml
index 32424a477..6e92f6ef2 100644
--- a/grafana/templates/deployment.yaml
+++ b/grafana/templates/deployment.yaml
@@ -82,6 +82,8 @@ spec:
- name: PROMETHEUS_URL
value: {{ tuple "monitoring" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: pod-etc-grafana
mountPath: /etc/grafana
- name: pod-provisioning-grafana
@@ -111,6 +113,8 @@ spec:
{{- end }}
{{ if $mounts_grafana.volumeMounts }}{{ toYaml $mounts_grafana.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-grafana
emptyDir: {}
- name: pod-provisioning-grafana
diff --git a/grafana/templates/job-db-init-session.yaml b/grafana/templates/job-db-init-session.yaml
index 1b159fb09..3da57de84 100644
--- a/grafana/templates/job-db-init-session.yaml
+++ b/grafana/templates/job-db-init-session.yaml
@@ -56,11 +56,15 @@ spec:
command:
- /tmp/db-init.py
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: grafana-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: grafana-bin
configMap:
name: grafana-bin
diff --git a/grafana/templates/job-db-init.yaml b/grafana/templates/job-db-init.yaml
index 4a89572b8..bc8523a86 100644
--- a/grafana/templates/job-db-init.yaml
+++ b/grafana/templates/job-db-init.yaml
@@ -56,11 +56,15 @@ spec:
command:
- /tmp/db-init.py
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: grafana-bin
mountPath: /tmp/db-init.py
subPath: db-init.py
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: grafana-bin
configMap:
name: grafana-bin
diff --git a/grafana/templates/job-db-session-sync.yaml b/grafana/templates/job-db-session-sync.yaml
index 6db743478..2e4832235 100644
--- a/grafana/templates/job-db-session-sync.yaml
+++ b/grafana/templates/job-db-session-sync.yaml
@@ -51,11 +51,15 @@ spec:
command:
- /tmp/db-session-sync.py
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: grafana-bin
mountPath: /tmp/db-session-sync.py
subPath: db-session-sync.py
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: grafana-bin
configMap:
name: grafana-bin
diff --git a/grafana/templates/job-set-admin-user.yaml b/grafana/templates/job-set-admin-user.yaml
index 3fbd542b3..ad39a184e 100644
--- a/grafana/templates/job-set-admin-user.yaml
+++ b/grafana/templates/job-set-admin-user.yaml
@@ -58,6 +58,8 @@ spec:
name: grafana-admin-creds
key: GRAFANA_ADMIN_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: grafana-etc
mountPath: /etc/grafana/grafana.ini
subPath: grafana.ini
@@ -66,6 +68,8 @@ spec:
subPath: set-admin-password.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-grafana
emptyDir: {}
- name: grafana-bin
diff --git a/grafana/templates/pod-helm-tests.yaml b/grafana/templates/pod-helm-tests.yaml
index b887b1fef..da7fe85e5 100644
--- a/grafana/templates/pod-helm-tests.yaml
+++ b/grafana/templates/pod-helm-tests.yaml
@@ -59,11 +59,15 @@ spec:
- name: GRAFANA_ENDPOINT
value: {{ tuple "grafana" "internal" "grafana" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: grafana-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: grafana-bin
configMap:
name: grafana-bin
diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 8afc50ee6..01552de3b 100644
--- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -67,6 +67,8 @@ spec:
command:
- /tmp/bootstrap.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: bootstrap-sh
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
@@ -85,6 +87,8 @@ spec:
{{ $podVolMounts | toYaml | indent 12 }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: bootstrap-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
index e813c328d..d5b1f6a3d 100644
--- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
@@ -88,6 +88,8 @@ spec:
command:
- /tmp/db-drop.py
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: db-drop-sh
mountPath: /tmp/db-drop.py
subPath: db-drop.py
@@ -106,6 +108,8 @@ spec:
{{- end }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: db-drop-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
index dea58646e..e01445ca7 100644
--- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
@@ -85,6 +85,8 @@ spec:
command:
- /tmp/db-init.py
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: db-init-sh
mountPath: /tmp/db-init.py
subPath: db-init.py
@@ -103,6 +105,8 @@ spec:
{{- end }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: db-init-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 134e99bd8..6e74932ce 100644
--- a/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -63,6 +63,8 @@ spec:
command:
- /tmp/db-sync.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: db-sync-sh
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
@@ -81,6 +83,8 @@ spec:
{{ $podVolMounts | toYaml | indent 12 }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: db-sync-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
index f07cb630b..70871220d 100644
--- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
@@ -56,6 +56,8 @@ spec:
command:
- /tmp/ks-endpoints.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ks-endpoints-sh
mountPath: /tmp/ks-endpoints.sh
subPath: ks-endpoints.sh
@@ -75,6 +77,8 @@ spec:
{{- end }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ks-endpoints-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl
index 628b24cac..7d81411a5 100644
--- a/helm-toolkit/templates/manifests/_job-ks-service.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl
@@ -55,6 +55,8 @@ spec:
command:
- /tmp/ks-service.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ks-service-sh
mountPath: /tmp/ks-service.sh
subPath: ks-service.sh
@@ -69,6 +71,8 @@ spec:
value: {{ $osServiceType | quote }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ks-service-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
index 1a79094cc..2aa659b5b 100644
--- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
@@ -54,6 +54,8 @@ spec:
command:
- /tmp/ks-user.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
@@ -75,6 +77,8 @@ spec:
value: {{ $serviceOsRoles | quote }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ks-user-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
index 9224458b4..967bb4bda 100644
--- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
@@ -49,6 +49,8 @@ spec:
command:
- /tmp/rabbit-init.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: rabbit-init-sh
mountPath: /tmp/rabbit-init.sh
subPath: rabbit-init.sh
@@ -69,6 +71,8 @@ spec:
value: {{ toJson $envAll.Values.conf.rabbitmq | quote }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: rabbit-init-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
index a8c064fac..201e5a5a2 100644
--- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
@@ -71,6 +71,8 @@ spec:
- name: RGW_PROTO
value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: s3-bucket-sh
mountPath: /tmp/create-s3-bucket.sh
subPath: create-s3-bucket.sh
@@ -88,6 +90,8 @@ spec:
readOnly: true
{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: s3-bucket-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
index 6d2378ed4..322cd402c 100644
--- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
@@ -55,6 +55,8 @@ spec:
command:
- /tmp/ceph-admin-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: ceph-keyring-sh
@@ -84,6 +86,8 @@ spec:
- name: RGW_HOST
value: {{ tuple "ceph_object_store" "internal" "api" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: create-s3-user-sh
mountPath: /tmp/create-s3-user.sh
subPath: create-s3-user.sh
@@ -101,6 +105,8 @@ spec:
readOnly: true
{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: create-s3-user-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
index 514fa59dd..6a0519f1b 100644
--- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
+++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
@@ -60,6 +60,8 @@ spec:
command:
- /tmp/image-repo-sync.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: bootstrap-sh
mountPath: /tmp/image-repo-sync.sh
subPath: image-repo-sync.sh
@@ -70,6 +72,8 @@ spec:
{{ $podVolMounts | toYaml | indent 12 }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: bootstrap-sh
configMap:
name: {{ $configMapBin | quote }}
diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml
index b41472da1..dbf63de35 100644
--- a/ingress/templates/deployment-error.yaml
+++ b/ingress/templates/deployment-error.yaml
@@ -75,13 +75,17 @@ spec:
- /tmp/ingress-error-pages.sh
- stop
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ingress-bin
mountPath: /tmp/ingress-error-pages.sh
subPath: ingress-error-pages.sh
readOnly: true
volumes:
- - name: ingress-bin
- configMap:
- name: ingress-bin
- defaultMode: 0555
+ - name: pod-tmp
+ emptyDir: {}
+ - name: ingress-bin
+ configMap:
+ name: ingress-bin
+ defaultMode: 0555
{{- end }}
diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml
index 369f35f7f..9ffaf1a6e 100644
--- a/ingress/templates/deployment-ingress.yaml
+++ b/ingress/templates/deployment-ingress.yaml
@@ -208,6 +208,8 @@ spec:
- /tmp/ingress-vip.sh
- kernel_modules
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
@@ -228,6 +230,8 @@ spec:
- /tmp/ingress-vip.sh
- start
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
@@ -304,6 +308,8 @@ spec:
- /tmp/ingress-controller.sh
- stop
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ingress-bin
mountPath: /tmp/ingress-controller.sh
subPath: ingress-controller.sh
@@ -329,6 +335,8 @@ spec:
- /tmp/ingress-vip.sh
- stop
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ingress-bin
mountPath: /tmp/ingress-vip.sh
subPath: ingress-vip.sh
@@ -345,6 +353,8 @@ spec:
{{- end }}
{{- end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ingress-bin
configMap:
name: ingress-bin
diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml
index df3e6a734..82a455f40 100644
--- a/kibana/templates/deployment.yaml
+++ b/kibana/templates/deployment.yaml
@@ -79,6 +79,8 @@ spec:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: kibana-bin
mountPath: /tmp/apache.sh
subPath: apache.sh
@@ -110,6 +112,8 @@ spec:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: kibana-bin
mountPath: /tmp/kibana.sh
subPath: kibana.sh
@@ -121,6 +125,8 @@ spec:
subPath: kibana.yml
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-etc-kibana
emptyDir: {}
- name: kibana-bin
diff --git a/kibana/templates/job-register-kibana-indexes.yaml b/kibana/templates/job-register-kibana-indexes.yaml
index beb5284bf..d16196c37 100644
--- a/kibana/templates/job-register-kibana-indexes.yaml
+++ b/kibana/templates/job-register-kibana-indexes.yaml
@@ -56,11 +56,15 @@ spec:
command:
- /tmp/create_kibana_index_patterns.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: kibana-bin
mountPath: /tmp/create_kibana_index_patterns.sh
subPath: create_kibana_index_patterns.sh
readOnly: false
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: kibana-bin
configMap:
name: kibana-bin
diff --git a/kube-dns/templates/deployment-kube-dns.yaml b/kube-dns/templates/deployment-kube-dns.yaml
index fe098a7c1..d68cac3bc 100644
--- a/kube-dns/templates/deployment-kube-dns.yaml
+++ b/kube-dns/templates/deployment-kube-dns.yaml
@@ -105,6 +105,8 @@ spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- mountPath: /kube-dns-config
name: kube-dns-config
- name: dnsmasq
@@ -145,6 +147,8 @@ spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- mountPath: /etc/k8s/dns/dnsmasq-nanny
name: kube-dns-config
- name: sidecar
@@ -187,9 +191,11 @@ spec:
- effect: NoSchedule
key: node-role.kubernetes.io/master
volumes:
- - configMap:
- defaultMode: 420
- name: kube-dns
- optional: true
- name: kube-dns-config
+ - name: pod-tmp
+ emptyDir: {}
+ - configMap:
+ defaultMode: 420
+ name: kube-dns
+ optional: true
+ name: kube-dns-config
{{- end }}
diff --git a/kubernetes-keystone-webhook/templates/deployment.yaml b/kubernetes-keystone-webhook/templates/deployment.yaml
index 54385b42a..18a2b83c8 100644
--- a/kubernetes-keystone-webhook/templates/deployment.yaml
+++ b/kubernetes-keystone-webhook/templates/deployment.yaml
@@ -57,6 +57,8 @@ spec:
- name: k8sksauth-pub
containerPort: {{ tuple "kubernetes_keystone_webhook" "internal" "api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etc-kubernetes-keystone-webhook
mountPath: /etc/kubernetes-keystone-webhook
- name: key-kubernetes-keystone-webhook
@@ -76,6 +78,8 @@ spec:
subPath: start.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: etc-kubernetes-keystone-webhook
emptyDir: {}
- name: key-kubernetes-keystone-webhook
diff --git a/kubernetes-keystone-webhook/templates/pod-test.yaml b/kubernetes-keystone-webhook/templates/pod-test.yaml
index 087d269bb..c24dd4027 100644
--- a/kubernetes-keystone-webhook/templates/pod-test.yaml
+++ b/kubernetes-keystone-webhook/templates/pod-test.yaml
@@ -49,12 +49,16 @@ spec:
command:
- /tmp/kubernetes-keystone-webhook-test.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: kubernetes-keystone-webhook-bin
mountPath: /tmp/kubernetes-keystone-webhook-test.sh
subPath: kubernetes-keystone-webhook-test.sh
readOnly: true
{{ if $mounts_kubernetes_keystone_webhook_tests.volumeMounts }}{{ toYaml $mounts_kubernetes_keystone_webhook_tests.volumeMounts | indent 8 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: kubernetes-keystone-webhook-bin
configMap:
name: kubernetes-keystone-webhook-bin
diff --git a/ldap/templates/statefulset.yaml b/ldap/templates/statefulset.yaml
index a15f315b1..6f3396372 100644
--- a/ldap/templates/statefulset.yaml
+++ b/ldap/templates/statefulset.yaml
@@ -62,12 +62,16 @@ spec:
ports:
- containerPort: {{ tuple "ldap" "internal" "ldap" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ldap-data
mountPath: /var/lib/ldap
- name: ldap-config
mountPath: /etc/ldap/slapd.d
-{{- if not .Values.storage.pvc.enabled }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
+{{- if not .Values.storage.pvc.enabled }}
- name: ldap-data
hostPath:
path: {{ .Values.storage.host.data_path }}
@@ -76,21 +80,21 @@ spec:
path: {{ .Values.storage.host.config_path }}
{{- else }}
volumeClaimTemplates:
- - metadata:
- name: ldap-data
- spec:
- accessModes: [ "ReadWriteOnce" ]
- storageClassName: {{ .Values.storage.pvc.class_name }}
- resources:
- requests:
- storage: {{ .Values.storage.pvc.size }}
- - metadata:
- name: ldap-config
- spec:
- accessModes: [ "ReadWriteOnce" ]
- storageClassName: {{ .Values.storage.pvc.class_name }}
- resources:
- requests:
- storage: {{ .Values.storage.pvc.size }}
+ - metadata:
+ name: ldap-data
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: {{ .Values.storage.pvc.class_name }}
+ resources:
+ requests:
+ storage: {{ .Values.storage.pvc.size }}
+ - metadata:
+ name: ldap-config
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: {{ .Values.storage.pvc.class_name }}
+ resources:
+ requests:
+ storage: {{ .Values.storage.pvc.size }}
{{- end }}
{{- end }}
diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml
index 13ec0aa12..e8bca78bb 100644
--- a/libvirt/templates/daemonset-libvirt.yaml
+++ b/libvirt/templates/daemonset-libvirt.yaml
@@ -67,6 +67,8 @@ spec:
command:
- /tmp/ceph-admin-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: libvirt-bin
@@ -96,6 +98,8 @@ spec:
command:
- /tmp/ceph-keyring.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcceph
mountPath: /etc/ceph
- name: libvirt-bin
@@ -148,6 +152,8 @@ spec:
- |-
kill $(cat /var/run/libvirtd.pid)
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: libvirt-bin
mountPath: /tmp/libvirt.sh
subPath: libvirt.sh
@@ -201,6 +207,8 @@ spec:
{{- end }}
{{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: libvirt-bin
configMap:
name: libvirt-bin
diff --git a/mariadb/templates/cron-job-backup-mariadb.yaml b/mariadb/templates/cron-job-backup-mariadb.yaml
index 2da5cd357..e3501f7d3 100644
--- a/mariadb/templates/cron-job-backup-mariadb.yaml
+++ b/mariadb/templates/cron-job-backup-mariadb.yaml
@@ -48,53 +48,57 @@ spec:
initContainers:
{{ tuple $envAll "mariadb_backup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 10 }}
containers:
- - command:
- - /tmp/backup_mariadb.sh
- env:
- - name: MARIADB_BACKUP_BASE_DIR
- value: {{ .Values.conf.backup.base_path | quote }}
- - name: MYSQL_BACKUP_MYSQLDUMP_OPTIONS
- value: {{ .Values.conf.backup.mysqldump_options | quote }}
- - name: MARIADB_BACKUP_DAYS_TO_KEEP
- value: {{ .Values.conf.backup.days_of_backup_to_keep | quote }}
- - name: MARIADB_POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
-{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 12 }}
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 12 }}
- name: mariadb-backup
- volumeMounts:
- - mountPath: /tmp/backup_mariadb.sh
- name: mariadb-bin
- readOnly: true
- subPath: backup_mariadb.sh
- - mountPath: {{ .Values.conf.backup.base_path }}
- name: mariadb-backup-dir
- - name: mariadb-secrets
- mountPath: /etc/mysql/admin_user.cnf
- subPath: admin_user.cnf
- readOnly: true
+ - name: mariadb-backup
+ command:
+ - /tmp/backup_mariadb.sh
+ env:
+ - name: MARIADB_BACKUP_BASE_DIR
+ value: {{ .Values.conf.backup.base_path | quote }}
+ - name: MYSQL_BACKUP_MYSQLDUMP_OPTIONS
+ value: {{ .Values.conf.backup.mysqldump_options | quote }}
+ - name: MARIADB_BACKUP_DAYS_TO_KEEP
+ value: {{ .Values.conf.backup.days_of_backup_to_keep | quote }}
+ - name: MARIADB_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+{{ tuple $envAll "mariadb_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.mariadb_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - mountPath: /tmp/backup_mariadb.sh
+ name: mariadb-bin
+ readOnly: true
+ subPath: backup_mariadb.sh
+ - mountPath: {{ .Values.conf.backup.base_path }}
+ name: mariadb-backup-dir
+ - name: mariadb-secrets
+ mountPath: /etc/mysql/admin_user.cnf
+ subPath: admin_user.cnf
+ readOnly: true
restartPolicy: OnFailure
serviceAccount: {{ $serviceAccountName }}
serviceAccountName: {{ $serviceAccountName }}
volumes:
- - name: mariadb-secrets
- secret:
- secretName: mariadb-secrets
- defaultMode: 384
- - configMap:
- defaultMode: 365
+ - name: pod-tmp
+ emptyDir: {}
+ - name: mariadb-secrets
+ secret:
+ secretName: mariadb-secrets
+ defaultMode: 384
+ - configMap:
+ defaultMode: 365
+ name: mariadb-bin
name: mariadb-bin
- name: mariadb-bin
- {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- - name: mariadb-backup-dir
- persistentVolumeClaim:
- claimName: mariadb-backup-data
- {{- else }}
- - hostPath:
- path: {{ .Values.conf.backup.base_path }}
- type: DirectoryOrCreate
- name: mariadb-backup-dir
- {{- end }}
+ {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
+ - name: mariadb-backup-dir
+ persistentVolumeClaim:
+ claimName: mariadb-backup-data
+ {{- else }}
+ - hostPath:
+ path: {{ .Values.conf.backup.base_path }}
+ type: DirectoryOrCreate
+ name: mariadb-backup-dir
+ {{- end }}
{{- end }}
diff --git a/mariadb/templates/deployment-error.yaml b/mariadb/templates/deployment-error.yaml
index a9361bc39..121c513d7 100644
--- a/mariadb/templates/deployment-error.yaml
+++ b/mariadb/templates/deployment-error.yaml
@@ -77,13 +77,17 @@ spec:
- /tmp/mariadb-ingress-error-pages.sh
- stop
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ingress-bin
mountPath: /tmp/mariadb-ingress-error-pages.sh
subPath: mariadb-ingress-error-pages.sh
readOnly: true
volumes:
- - name: ingress-bin
- configMap:
- name: mariadb-bin
- defaultMode: 0555
+ - name: pod-tmp
+ emptyDir: {}
+ - name: ingress-bin
+ configMap:
+ name: mariadb-bin
+ defaultMode: 0555
{{- end }}
diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml
index eff88fab8..d9861e145 100644
--- a/mariadb/templates/deployment-ingress.yaml
+++ b/mariadb/templates/deployment-ingress.yaml
@@ -188,6 +188,8 @@ spec:
- /tmp/mariadb-ingress-controller.sh
- stop
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: mariadb-bin
mountPath: /tmp/mariadb-ingress-controller.sh
subPath: mariadb-ingress-controller.sh
@@ -197,6 +199,8 @@ spec:
subPath: nginx.tmpl
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: mariadb-bin
configMap:
name: mariadb-bin
diff --git a/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml b/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml
index 20019269c..af4da0209 100644
--- a/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml
+++ b/mariadb/templates/monitoring/prometheus/exporter-deployment.yaml
@@ -82,6 +82,8 @@ spec:
- name: TELEMETRY_PATH
value: {{ tuple "prometheus_mysql_exporter" "internal" "metrics" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" | quote }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: mysql-exporter-secrets
mountPath: /etc/mysql/mysql_user.cnf
subPath: mysql_user.cnf
@@ -91,6 +93,8 @@ spec:
subPath: mysqld-exporter.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: mysql-exporter-secrets
secret:
secretName: mysql-exporter-secrets
diff --git a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml
index f7688a538..79fe879c8 100644
--- a/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml
+++ b/mariadb/templates/monitoring/prometheus/exporter-job-create-user.yaml
@@ -59,6 +59,8 @@ spec:
name: mysql-exporter-secrets
key: EXPORTER_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: mysql-exporter-bin
mountPath: /tmp/create-mysql-user.sh
subPath: create-mysql-user.sh
@@ -68,6 +70,8 @@ spec:
subPath: admin_user.cnf
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: mysql-exporter-bin
configMap:
name: mysql-exporter-bin
diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml
index de940b980..fbc103905 100644
--- a/mariadb/templates/pod-test.yaml
+++ b/mariadb/templates/pod-test.yaml
@@ -46,7 +46,7 @@ spec:
command:
- /tmp/test.sh
volumeMounts:
- - name: tmp
+ - name: pod-tmp
mountPath: /tmp
- name: mariadb-bin
mountPath: /tmp/test.sh
@@ -63,7 +63,7 @@ spec:
{{ end }}
readOnly: true
volumes:
- - name: tmp
+ - name: pod-tmp
emptyDir: {}
- name: mariadb-bin
configMap:
diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml
index 59df53528..8beab96d0 100644
--- a/mariadb/templates/statefulset.yaml
+++ b/mariadb/templates/statefulset.yaml
@@ -115,6 +115,8 @@ spec:
- "mysql:mysql"
- /var/lib/mysql
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: mysql-data
mountPath: /var/lib/mysql
{{- end }}
@@ -176,7 +178,7 @@ spec:
command:
- /tmp/readiness.sh
volumeMounts:
- - name: tmp
+ - name: pod-tmp
mountPath: /tmp
- name: var-run
mountPath: /var/run/mysqld
@@ -217,9 +219,9 @@ spec:
- name: mysql-data
mountPath: /var/lib/mysql
volumes:
- - name: mycnfd
+ - name: pod-tmp
emptyDir: {}
- - name: tmp
+ - name: mycnfd
emptyDir: {}
- name: var-run
emptyDir: {}
diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml
index 0ee9bbca8..a361b2670 100644
--- a/memcached/templates/deployment.yaml
+++ b/memcached/templates/deployment.yaml
@@ -76,11 +76,15 @@ spec:
tcpSocket:
port: {{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: memcached-bin
mountPath: /tmp/memcached.sh
subPath: memcached.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: memcached-bin
configMap:
name: {{ $configMapBinName | quote }}
diff --git a/memcached/templates/monitoring/prometheus/exporter-deployment.yaml b/memcached/templates/monitoring/prometheus/exporter-deployment.yaml
index fb12cc1e6..549a56779 100644
--- a/memcached/templates/monitoring/prometheus/exporter-deployment.yaml
+++ b/memcached/templates/monitoring/prometheus/exporter-deployment.yaml
@@ -64,11 +64,15 @@ spec:
- name: MEMCACHED_HOST
value: {{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: memcached-exporter-bin
mountPath: /tmp/memcached-exporter.sh
subPath: memcached-exporter.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: memcached-exporter-bin
configMap:
name: {{ $configMapBinName | quote }}
diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml
index d5c840438..77b0c809f 100644
--- a/mongodb/templates/statefulset.yaml
+++ b/mongodb/templates/statefulset.yaml
@@ -61,6 +61,8 @@ spec:
- "mongodb:"
- {{ $envAll.Values.volume.host.host_path }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: mongodb-data
mountPath: {{ $envAll.Values.volume.host.host_path }}
{{- end }}
@@ -100,6 +102,8 @@ spec:
timeoutSeconds: 5
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: mongodb-bin
mountPath: /tmp/start.sh
subPath: start.sh
@@ -111,24 +115,26 @@ spec:
- name: mongodb-data
mountPath: /data/db
volumes:
- - name: mongodb-bin
- configMap:
- name: mongodb-bin
- defaultMode: 0555
+ - name: pod-tmp
+ emptyDir: {}
+ - name: mongodb-bin
+ configMap:
+ name: mongodb-bin
+ defaultMode: 0555
{{- if not .Values.volume.enabled }}
- - name: mongodb-data
- hostPath:
- path: {{ .Values.volume.host_path }}
+ - name: mongodb-data
+ hostPath:
+ path: {{ .Values.volume.host_path }}
{{- else }}
volumeClaimTemplates:
- - metadata:
- name: mongodb-data
- annotations:
- {{ .Values.volume.class_path }}: {{ .Values.volume.class_name }}
- spec:
- accessModes: [ "ReadWriteOnce" ]
- resources:
- requests:
- storage: {{ .Values.volume.size }}
+ - metadata:
+ name: mongodb-data
+ annotations:
+ {{ .Values.volume.class_path }}: {{ .Values.volume.class_name }}
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ resources:
+ requests:
+ storage: {{ .Values.volume.size }}
{{- end }}
{{- end }}
diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml
index 29bc6ddb1..1631cc025 100644
--- a/nagios/templates/deployment.yaml
+++ b/nagios/templates/deployment.yaml
@@ -122,6 +122,8 @@ spec:
name: {{ $nagiosUserSecret }}
key: NAGIOSADMIN_PASS
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: nagios-bin
mountPath: /tmp/apache.sh
subPath: apache.sh
@@ -174,6 +176,8 @@ spec:
name: {{ $nagiosUserSecret }}
key: NAGIOSADMIN_PASS
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: nagios-etc
mountPath: /opt/nagios/etc/nagios.cfg
subPath: nagios.cfg
@@ -199,6 +203,8 @@ spec:
- name: pod-var-log
mountPath: /opt/nagios/var/log
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: pod-var-log
emptyDir: {}
- name: nagios-etc
diff --git a/nfs-provisioner/templates/deployment.yaml b/nfs-provisioner/templates/deployment.yaml
index f9f8f8fa5..c9026d64c 100644
--- a/nfs-provisioner/templates/deployment.yaml
+++ b/nfs-provisioner/templates/deployment.yaml
@@ -159,9 +159,13 @@ spec:
{{- end }}
- "-grace-period=10"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: export-volume
mountPath: /export
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: export-volume
{{- if eq .Values.storage.type "persistentVolumeClaim" }}
persistentVolumeClaim:
diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml
index 09a43ab2c..ba94f1612 100644
--- a/openvswitch/templates/daemonset-ovs-db.yaml
+++ b/openvswitch/templates/daemonset-ovs-db.yaml
@@ -82,6 +82,8 @@ spec:
- /tmp/openvswitch-db-server.sh
- stop
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: openvswitch-bin
mountPath: /tmp/openvswitch-db-server.sh
subPath: openvswitch-db-server.sh
@@ -91,6 +93,8 @@ spec:
- name: run
mountPath: /run
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: openvswitch-bin
configMap:
name: openvswitch-bin
diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
index b0363a991..3974a8625 100644
--- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml
+++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
@@ -59,6 +59,8 @@ spec:
command:
- /tmp/openvswitch-vswitchd-init-modules.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: openvswitch-bin
mountPath: /tmp/openvswitch-vswitchd-init-modules.sh
subPath: openvswitch-vswitchd-init-modules.sh
@@ -100,6 +102,8 @@ spec:
- /tmp/openvswitch-db-server.sh
- stop
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: openvswitch-bin
mountPath: /tmp/openvswitch-vswitchd.sh
subPath: openvswitch-vswitchd.sh
@@ -107,6 +111,8 @@ spec:
- name: run
mountPath: /run
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: openvswitch-bin
configMap:
name: openvswitch-bin
diff --git a/podsecuritypolicy/values.yaml b/podsecuritypolicy/values.yaml
index 807e12893..814f3a934 100644
--- a/podsecuritypolicy/values.yaml
+++ b/podsecuritypolicy/values.yaml
@@ -49,11 +49,11 @@ data:
fsGroup:
rule: RunAsAny
volumes:
- - '*'
+ - '*'
allowedCapabilities:
- - '*'
+ - '*'
hostPorts:
- - min: 1
- max: 65536
+ - min: 1
+ max: 65536
manifests:
podsecuritypolicy: true
diff --git a/postgresql/templates/cron-job-backup-postgres.yaml b/postgresql/templates/cron-job-backup-postgres.yaml
index 32d716815..aefb37774 100644
--- a/postgresql/templates/cron-job-backup-postgres.yaml
+++ b/postgresql/templates/cron-job-backup-postgres.yaml
@@ -46,64 +46,68 @@ spec:
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
containers:
- - command:
- - /tmp/backup_postgresql.sh
- env:
- - name: POSTGRESQL_BACKUP_PASSWORD
- valueFrom:
- secretKeyRef:
- key: POSTGRES_PASSWORD
- name: postgresql-admin
- - name: POSTGRESQL_BACKUP_USER
- valueFrom:
- secretKeyRef:
- key: POSTGRES_USER
- name: postgresql-admin
- - name: POSTGRESQL_BACKUP_BASE_DIR
- value: {{ .Values.conf.backup.base_path }}
- - name: POSTGRESQL_BACKUP_PG_DUMPALL_OPTIONS
- value: {{ .Values.conf.backup.pg_dumpall_options }}
- - name: POSTGRESQL_BACKUP_DAYS_TO_KEEP
- value: "{{ .Values.conf.backup.days_of_backup_to_keep }}"
- - name: POSTGRESQL_POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
-{{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 12 }}
-{{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 12 }}
- name: postgresql-backup
- volumeMounts:
- - mountPath: /tmp/backup_postgresql.sh
- name: postgresql-bin
- readOnly: true
- subPath: backup_postgresql.sh
- - mountPath: {{ .Values.conf.backup.base_path }}
- name: postgresql-backup-dir
- - name: postgresql-secrets
- mountPath: /etc/postgresql/admin_user.conf
- subPath: admin_user.conf
- readOnly: true
+ - name: postgresql-backup
+{{ tuple $envAll "postgresql_backup" | include "helm-toolkit.snippets.image" | indent 14 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.postgresql_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
+ command:
+ - /tmp/backup_postgresql.sh
+ env:
+ - name: POSTGRESQL_BACKUP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: POSTGRES_PASSWORD
+ name: postgresql-admin
+ - name: POSTGRESQL_BACKUP_USER
+ valueFrom:
+ secretKeyRef:
+ key: POSTGRES_USER
+ name: postgresql-admin
+ - name: POSTGRESQL_BACKUP_BASE_DIR
+ value: {{ .Values.conf.backup.base_path }}
+ - name: POSTGRESQL_BACKUP_PG_DUMPALL_OPTIONS
+ value: {{ .Values.conf.backup.pg_dumpall_options }}
+ - name: POSTGRESQL_BACKUP_DAYS_TO_KEEP
+ value: "{{ .Values.conf.backup.days_of_backup_to_keep }}"
+ - name: POSTGRESQL_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - mountPath: /tmp/backup_postgresql.sh
+ name: postgresql-bin
+ readOnly: true
+ subPath: backup_postgresql.sh
+ - mountPath: {{ .Values.conf.backup.base_path }}
+ name: postgresql-backup-dir
+ - name: postgresql-secrets
+ mountPath: /etc/postgresql/admin_user.conf
+ subPath: admin_user.conf
+ readOnly: true
restartPolicy: OnFailure
securityContext: {}
serviceAccount: {{ $serviceAccountName }}
serviceAccountName: {{ $serviceAccountName }}
volumes:
- - name: postgresql-secrets
- secret:
- secretName: postgresql-secrets
- defaultMode: 0600
- - configMap:
- defaultMode: 365
+ - name: pod-tmp
+ emptyDir: {}
+ - name: postgresql-secrets
+ secret:
+ secretName: postgresql-secrets
+ defaultMode: 0600
+ - configMap:
+ defaultMode: 365
+ name: postgresql-bin
name: postgresql-bin
- name: postgresql-bin
- {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
- - name: postgresql-backup-dir
- persistentVolumeClaim:
- claimName: postgresql-backup-data
- {{- else }}
- - hostPath:
- path: {{ .Values.conf.backup.base_path }}
- type: DirectoryOrCreate
- name: postgresql-backup-dir
- {{- end }}
+ {{- if and .Values.volume.backup.enabled .Values.manifests.pvc_backup }}
+ - name: postgresql-backup-dir
+ persistentVolumeClaim:
+ claimName: postgresql-backup-data
+ {{- else }}
+ - hostPath:
+ path: {{ .Values.conf.backup.base_path }}
+ type: DirectoryOrCreate
+ name: postgresql-backup-dir
+ {{- end }}
{{- end }}
diff --git a/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml b/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml
index 73fabca3a..f74b66a67 100644
--- a/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml
+++ b/postgresql/templates/monitoring/prometheus/exporter-job-create-user.yaml
@@ -66,11 +66,15 @@ spec:
- name: POSTGRESQL_HOST_PORT
value: {{ tuple "postgresql" "internal" "postgresql" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: postgresql-exporter-bin
mountPath: /tmp/create-postgresql-exporter-user.sh
subPath: create-postgresql-exporter-user.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: postgresql-exporter-bin
configMap:
name: postgresql-exporter-bin
diff --git a/postgresql/templates/pod-test.yaml b/postgresql/templates/pod-test.yaml
index 66b955539..d260f32a9 100644
--- a/postgresql/templates/pod-test.yaml
+++ b/postgresql/templates/pod-test.yaml
@@ -10,7 +10,9 @@
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License. */}}
+# limitations under the License.
+*/}}
+
{{- if .Values.manifests.test_basic }}
{{- $dependencies := .Values.dependencies.static.tests }}
{{- $serviceAccountName := print .Release.Name "-test" }}
@@ -52,17 +54,21 @@ spec:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: POSTGRES_PASSWORD
-
image: {{ .Values.images.tags.postgresql }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple . .Values.pod.resources.test | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
- command: ["/tmp/db_test.sh"]
+ command:
+ - /tmp/db_test.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: postgresql-bin
mountPath: /tmp/db_test.sh
subPath: db_test.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: postgresql-bin
configMap:
name: postgresql-bin
diff --git a/postgresql/templates/statefulset.yaml b/postgresql/templates/statefulset.yaml
index 2cfd14b35..eb9ee0db6 100644
--- a/postgresql/templates/statefulset.yaml
+++ b/postgresql/templates/statefulset.yaml
@@ -59,6 +59,8 @@ spec:
- {{ .Values.storage.mount.path | quote }}
{{ dict "envAll" $envAll "application" "server" "container" "set-volume-perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: postgresql-data
mountPath: {{ .Values.storage.mount.path }}
subPath: {{ .Values.storage.mount.subpath }}
@@ -96,6 +98,8 @@ spec:
initialDelaySeconds: 20
timeoutSeconds: 5
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: postgresql-bin
mountPath: /tmp/start.sh
subPath: start.sh
@@ -108,6 +112,8 @@ spec:
mountPath: {{ .Values.storage.mount.path }}
subPath: {{ .Values.storage.mount.subpath }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: postgresql-bin
configMap:
name: postgresql-bin
diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml
index 248f0a22c..c874edce1 100644
--- a/prometheus-alertmanager/templates/statefulset.yaml
+++ b/prometheus-alertmanager/templates/statefulset.yaml
@@ -67,6 +67,8 @@ spec:
- "nobody:"
- /var/lib/alertmanager/data
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: alertmanager-data
mountPath: /var/lib/alertmanager/data
containers:
@@ -100,6 +102,8 @@ spec:
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etc-alertmanager
mountPath: /etc/config
- name: alertmanager-etc
@@ -118,6 +122,8 @@ spec:
mountPath: /var/lib/alertmanager/data
{{ if $mounts_alertmanager.volumeMounts }}{{ toYaml $mounts_alertmanager.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: etc-alertmanager
emptyDir: {}
- name: alertmanager-etc
diff --git a/prometheus-kube-state-metrics/templates/deployment.yaml b/prometheus-kube-state-metrics/templates/deployment.yaml
index b1e8f3e6f..84bde1c8b 100644
--- a/prometheus-kube-state-metrics/templates/deployment.yaml
+++ b/prometheus-kube-state-metrics/templates/deployment.yaml
@@ -135,11 +135,15 @@ spec:
initialDelaySeconds: 20
periodSeconds: 10
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: kube-state-metrics-bin
mountPath: /tmp/kube-state-metrics.sh
subPath: kube-state-metrics.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: kube-state-metrics-bin
configMap:
name: kube-state-metrics-bin
diff --git a/prometheus-node-exporter/templates/daemonset.yaml b/prometheus-node-exporter/templates/daemonset.yaml
index c08bc4659..721a146f3 100644
--- a/prometheus-node-exporter/templates/daemonset.yaml
+++ b/prometheus-node-exporter/templates/daemonset.yaml
@@ -84,6 +84,8 @@ spec:
initialDelaySeconds: 20
periodSeconds: 10
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: proc
mountPath: /host/proc
readOnly: true
@@ -100,6 +102,8 @@ spec:
subPath: node-exporter.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: proc
hostPath:
path: /proc
diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml
index 49aac9574..1d6cd7e3f 100644
--- a/prometheus-openstack-exporter/templates/deployment.yaml
+++ b/prometheus-openstack-exporter/templates/deployment.yaml
@@ -81,11 +81,15 @@ spec:
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: prometheus-openstack-exporter-bin
mountPath: /tmp/prometheus-openstack-exporter.sh
subPath: prometheus-openstack-exporter.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: prometheus-openstack-exporter-bin
configMap:
name: prometheus-openstack-exporter-bin
diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml
index 763cd2fef..c6ed3092e 100644
--- a/prometheus-openstack-exporter/templates/job-ks-user.yaml
+++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml
@@ -43,6 +43,8 @@ spec:
- /tmp/ks-user.sh
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
@@ -59,6 +61,8 @@ spec:
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: ks-user-sh
configMap:
name: prometheus-openstack-exporter-bin
diff --git a/prometheus-process-exporter/templates/daemonset.yaml b/prometheus-process-exporter/templates/daemonset.yaml
index 67baed8f1..f694963e6 100644
--- a/prometheus-process-exporter/templates/daemonset.yaml
+++ b/prometheus-process-exporter/templates/daemonset.yaml
@@ -84,10 +84,14 @@ spec:
initialDelaySeconds: 20
periodSeconds: 10
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: proc
mountPath: /host/proc
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: proc
hostPath:
path: /proc
diff --git a/prometheus/templates/pod-helm-tests.yaml b/prometheus/templates/pod-helm-tests.yaml
index 4db6b2283..e3986c852 100644
--- a/prometheus/templates/pod-helm-tests.yaml
+++ b/prometheus/templates/pod-helm-tests.yaml
@@ -57,11 +57,15 @@ spec:
- name: PROMETHEUS_ENDPOINT
value: {{ tuple "monitoring" "internal" "http" $envAll | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: prometheus-bin
mountPath: /tmp/helm-tests.sh
subPath: helm-tests.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: prometheus-bin
configMap:
name: prometheus-bin
diff --git a/prometheus/templates/statefulset.yaml b/prometheus/templates/statefulset.yaml
index 468451ee0..fc9165e89 100644
--- a/prometheus/templates/statefulset.yaml
+++ b/prometheus/templates/statefulset.yaml
@@ -109,6 +109,8 @@ spec:
- "nobody:"
- /var/lib/prometheus/data
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: storage
mountPath: /var/lib/prometheus/data
containers:
@@ -135,6 +137,8 @@ spec:
name: {{ $promUserSecret }}
key: PROMETHEUS_ADMIN_PASSWORD
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: prometheus-bin
mountPath: /tmp/apache.sh
subPath: apache.sh
@@ -165,6 +169,8 @@ spec:
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: etcprometheus
mountPath: /etc/config
- name: rulesprometheus
@@ -187,6 +193,8 @@ spec:
mountPath: /var/lib/prometheus/data
{{ if $mounts_prometheus.volumeMounts }}{{ toYaml $mounts_prometheus.volumeMounts | indent 12 }}{{ end }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: etcprometheus
emptyDir: {}
- name: rulesprometheus
diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml
index 8f77f6692..12488eb6b 100644
--- a/rabbitmq/templates/job-cluster-wait.yaml
+++ b/rabbitmq/templates/job-cluster-wait.yaml
@@ -51,11 +51,15 @@ spec:
command:
- /tmp/rabbitmq-wait-for-cluster.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: rabbitmq-bin
mountPath: /tmp/rabbitmq-wait-for-cluster.sh
subPath: rabbitmq-wait-for-cluster.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: rabbitmq-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }}
diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml
index ff45368fd..3139455a0 100644
--- a/rabbitmq/templates/pod-test.yaml
+++ b/rabbitmq/templates/pod-test.yaml
@@ -53,11 +53,15 @@ spec:
command:
- /tmp/rabbitmq-test.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: rabbitmq-bin
mountPath: /tmp/rabbitmq-test.sh
subPath: rabbitmq-test.sh
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: rabbitmq-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }}
diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
index 1016f7f2b..46681972e 100644
--- a/rabbitmq/templates/statefulset.yaml
+++ b/rabbitmq/templates/statefulset.yaml
@@ -112,6 +112,8 @@ spec:
- name: RABBITMQ_DEFINITION_FILE
value: "{{ index $envAll.Values.conf.rabbitmq "management.load_definitions" }}"
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: rabbitmq-data
mountPath: /var/lib/rabbitmq
- name: rabbitmq-bin
@@ -126,6 +128,8 @@ spec:
command:
- /tmp/rabbitmq-cookie.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: rabbitmq-bin
mountPath: /tmp/rabbitmq-cookie.sh
subPath: rabbitmq-cookie.sh
@@ -148,6 +152,8 @@ spec:
- "rabbitmq:"
- /var/lib/rabbitmq
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: rabbitmq-data
mountPath: /var/lib/rabbitmq
{{- end }}
@@ -203,6 +209,8 @@ spec:
command:
- /tmp/rabbitmq-liveness.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: rabbitmq-data
mountPath: /var/lib/rabbitmq
- name: rabbitmq-bin
@@ -226,6 +234,8 @@ spec:
subPath: rabbitmq.conf
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: rabbitmq-bin
configMap:
name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }}
diff --git a/redis/templates/pod_test.yaml b/redis/templates/pod_test.yaml
index 86fe5dae9..09952ebdf 100644
--- a/redis/templates/pod_test.yaml
+++ b/redis/templates/pod_test.yaml
@@ -48,6 +48,8 @@ spec:
- name: REDIS_DB
value: '0'
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: redis-test
mountPath: /tmp/redis-test.sh
subPath: redis-test.sh
@@ -55,6 +57,8 @@ spec:
mountPath: /tmp/python-tests.py
subPath: python-tests.py
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: redis-test
configMap:
name: redis-bin
diff --git a/registry/templates/daemonset-registry-proxy.yaml b/registry/templates/daemonset-registry-proxy.yaml
index 4b1342a7c..ece13e043 100644
--- a/registry/templates/daemonset-registry-proxy.yaml
+++ b/registry/templates/daemonset-registry-proxy.yaml
@@ -55,6 +55,8 @@ spec:
command:
- /tmp/registry-proxy.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: registry-bin
mountPath: /tmp/registry-proxy.sh
subPath: registry-proxy.sh
@@ -64,6 +66,8 @@ spec:
subPath: default.conf
readOnly: true
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: registry-bin
configMap:
name: registry-bin
diff --git a/registry/templates/deployment-registry.yaml b/registry/templates/deployment-registry.yaml
index e8642a214..f89ebef4a 100644
--- a/registry/templates/deployment-registry.yaml
+++ b/registry/templates/deployment-registry.yaml
@@ -60,17 +60,21 @@ spec:
command:
- /tmp/registry.sh
volumeMounts:
- - name: registry-bin
- mountPath: /tmp/registry.sh
- subPath: registry.sh
- readOnly: true
- - name: registry-etc
- mountPath: /etc/docker/registry/config.yml
- subPath: config.yml
- readOnly: true
- - name: docker-images
- mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }}
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: registry-bin
+ mountPath: /tmp/registry.sh
+ subPath: registry.sh
+ readOnly: true
+ - name: registry-etc
+ mountPath: /etc/docker/registry/config.yml
+ subPath: config.yml
+ readOnly: true
+ - name: docker-images
+ mountPath: {{ .Values.conf.registry.storage.filesystem.rootdirectory }}
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: registry-bin
configMap:
name: registry-bin
diff --git a/registry/templates/job-bootstrap.yaml b/registry/templates/job-bootstrap.yaml
index 8c2b6250d..26a3c9cd7 100644
--- a/registry/templates/job-bootstrap.yaml
+++ b/registry/templates/job-bootstrap.yaml
@@ -51,6 +51,8 @@ spec:
command:
- /tmp/bootstrap.sh
volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
- name: registry-bin
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
@@ -58,6 +60,8 @@ spec:
- name: docker-socket
mountPath: /var/run/docker.sock
volumes:
+ - name: pod-tmp
+ emptyDir: {}
- name: registry-bin
configMap:
name: registry-bin