From d7b97f0ff8bd7254689b178a67c9f6231c767efa Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Tue, 31 Mar 2026 08:58:42 +0200 Subject: [PATCH 1/8] WPB-23896: Handle SonarQube yaml alerts --- changelog.d/5-internal/WPB-23896 | 35 ++++++++++++++++++ .../templates/tests/stern-integration.yaml | 3 ++ .../templates/cassandra-certs.yaml | 16 ++++----- .../templates/elasticsearch-ca-secret.yaml | 2 +- .../templates/check-cluster-job.yaml | 1 + charts/k8ssandra-test-cluster/values.yaml | 9 ++++- .../templates/issuer.yaml | 6 ++-- charts/nginz/templates/configmap.yaml | 36 +++++++++++++------ .../outlook-addin/templates/deployment.yaml | 7 ++++ charts/restund/templates/statefulset.yaml | 1 + charts/restund/values.yaml | 7 ++++ charts/wire-server-enterprise/values.yaml | 1 + .../background-worker/configmap.yaml | 4 +-- .../brig/tests/brig-integration.yaml | 6 ++-- .../templates/cargohold/deployment.yaml | 1 + .../templates/galley/configmap.yaml | 2 +- .../templates/gundeck/configmap.yaml | 4 +-- .../templates/gundeck/deployment.yaml | 2 +- .../gundeck/tests/gundeck-integration.yaml | 2 +- .../spar/tests/spar-integration.yaml | 2 +- charts/wire-server/values.yaml | 1 + 21 files changed, 113 insertions(+), 35 deletions(-) create mode 100644 changelog.d/5-internal/WPB-23896 diff --git a/changelog.d/5-internal/WPB-23896 b/changelog.d/5-internal/WPB-23896 new file mode 100644 index 00000000000..aedb7c1c5e1 --- /dev/null +++ b/changelog.d/5-internal/WPB-23896 @@ -0,0 +1,35 @@ +Fixed SonarQube Helm template formatting, variable naming, and resource/RBAC issues in charts/: + +## Template Formatting (kubernetes:S6893) - 15 issues +- charts/wire-server/templates/background-worker/configmap.yaml: Added whitespace after "{{" on lines 107, 110 +- charts/wire-server/templates/gundeck/configmap.yaml: Added whitespace after "{{" on lines 51, 62 +- charts/wire-server/templates/galley/configmap.yaml: Added whitespace before "}}" on line 88 +- charts/wire-server/templates/gundeck/deployment.yaml: Added whitespace before "}}" on line 52 +- charts/wire-server/templates/brig/tests/brig-integration.yaml: Added whitespace before "}}" on lines 51, 56, 122 +- charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml: Added whitespace before "}}" on line 20 +- charts/wire-server/templates/spar/tests/spar-integration.yaml: Added whitespace before "}}" on line 23 +- charts/cassandra-migrations/templates/cassandra-certs.yaml: Added whitespace before "}}" on lines 18, 37, 56, 75 +- charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml: Added whitespace after "{{" on line 5 +- charts/nginx-ingress-services/templates/issuer.yaml: Added whitespace after "{{" and before "}}" on lines 6, 23, 32 + +## Variable Naming (kubernetes:S117) - 4 issues +- charts/nginz/templates/configmap.yaml: Renamed variables to match camelCase convention: + - $nginx_conf -> $nginxConf + - $external_env_domain -> $externalEnvDomain + - $deeplink_json -> $deeplinkJson + - $deeplink_html -> $deeplinkHtml + Updated all references accordingly + +## Resource Limits/Requests - 6 issues +- charts/outlook-addin/templates/deployment.yaml: Added resources block with memory limit and memory/cpu requests +- charts/restund/values.yaml: Added resources block with memory/cpu limits and requests +- charts/k8ssandra-test-cluster/values.yaml: Added resources block with memory/cpu limits and requests +- charts/backoffice/templates/tests/stern-integration.yaml: Added memory limit to existing resources +- charts/wire-server/values.yaml: Added ephemeral-storage requests to background-worker and wire-server-enterprise resources + +## Service Account RBAC (kubernetes:S6865) - 5 issues +- charts/wire-server/templates/cargohold/deployment.yaml: Added automountServiceAccountToken: false +- charts/restund/templates/statefulset.yaml: Added automountServiceAccountToken: false +- charts/outlook-addin/templates/deployment.yaml: Added automountServiceAccountToken: false +- charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml: Added automountServiceAccountToken: false +- charts/backoffice/templates/tests/stern-integration.yaml: Added automountServiceAccountToken: false diff --git a/charts/backoffice/templates/tests/stern-integration.yaml b/charts/backoffice/templates/tests/stern-integration.yaml index cbe0da5f117..e43b286c146 100644 --- a/charts/backoffice/templates/tests/stern-integration.yaml +++ b/charts/backoffice/templates/tests/stern-integration.yaml @@ -8,6 +8,7 @@ metadata: app: stern-integration release: {{ .Release.Name }} spec: + automountServiceAccountToken: false volumes: - name: "stern-integration" configMap: @@ -53,6 +54,8 @@ spec: requests: memory: "128Mi" cpu: "1" + limits: + memory: "256Mi" env: - name: TEST_XML value: /tmp/result.xml diff --git a/charts/cassandra-migrations/templates/cassandra-certs.yaml b/charts/cassandra-migrations/templates/cassandra-certs.yaml index 3bea0c6f5d7..6e6a1171c42 100644 --- a/charts/cassandra-migrations/templates/cassandra-certs.yaml +++ b/charts/cassandra-migrations/templates/cassandra-certs.yaml @@ -14,8 +14,8 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded,hook-failed type: Opaque data: - ca.pem: {{ include "tlsCaBrig" . | b64enc | quote }} -{{- end}} + ca.pem: {{ include "tlsCaBrig" . | b64enc | quote }} +{{- end }} {{- if ne (trim (include "tlsCaGalley" .)) "" }} --- apiVersion: v1 @@ -33,8 +33,8 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded,hook-failed type: Opaque data: - ca.pem: {{ include "tlsCaGalley" . | b64enc | quote }} -{{- end}} + ca.pem: {{ include "tlsCaGalley" . | b64enc | quote }} +{{- end }} {{- if ne (trim (include "tlsCaGundeck" .)) "" }} --- apiVersion: v1 @@ -52,8 +52,8 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded,hook-failed type: Opaque data: - ca.pem: {{ include "tlsCaGundeck" . | b64enc | quote }} -{{- end}} + ca.pem: {{ include "tlsCaGundeck" . | b64enc | quote }} +{{- end }} {{- if ne (trim (include "tlsCaSpar" .)) "" }} --- apiVersion: v1 @@ -71,5 +71,5 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded,hook-failed type: Opaque data: - ca.pem: {{ include "tlsCaSpar" . | b64enc | quote }} -{{- end}} + ca.pem: {{ include "tlsCaSpar" . | b64enc | quote }} +{{- end }} diff --git a/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml b/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml index 060d84e56a1..eef7f10de60 100644 --- a/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml +++ b/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: - name: "{{ include "fullname" .}}-ca" + name: "{{ include "fullname" . }}-ca" labels: app: elasticsearch-index chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} diff --git a/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml b/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml index 99739c53a3f..aae20dd1509 100644 --- a/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml +++ b/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml @@ -9,6 +9,7 @@ metadata: spec: template: spec: + automountServiceAccountToken: false containers: - name: cassandra image: cassandra:4.1.10 diff --git a/charts/k8ssandra-test-cluster/values.yaml b/charts/k8ssandra-test-cluster/values.yaml index 239dba3c21d..9b9135b9df9 100644 --- a/charts/k8ssandra-test-cluster/values.yaml +++ b/charts/k8ssandra-test-cluster/values.yaml @@ -35,6 +35,13 @@ syncCACertToSecret: false prometheus: enabled: true -# Size of the datacenter +# Size of datacenter datacenter: size: 1 + +resources: + requests: + memory: "128Mi" + cpu: "1" + limits: + memory: "512Mi" diff --git a/charts/nginx-ingress-services/templates/issuer.yaml b/charts/nginx-ingress-services/templates/issuer.yaml index 3a1607a0742..5ec7e7687f6 100644 --- a/charts/nginx-ingress-services/templates/issuer.yaml +++ b/charts/nginx-ingress-services/templates/issuer.yaml @@ -3,7 +3,7 @@ apiVersion: cert-manager.io/v1 {{- if or (eq .Values.tls.issuer.kind "Issuer") (eq .Values.tls.issuer.kind "ClusterIssuer") }} kind: "{{ .Values.tls.issuer.kind }}" {{- else }} -{{- fail (cat ".tls.issuer.kind can only be one of Issuer or ClusterIssuer, got: " .tls.issuer.kind )}} +{{- fail (cat ".tls.issuer.kind can only be one of Issuer or ClusterIssuer, got: " .tls.issuer.kind ) }} {{- end }} metadata: name: {{ include "nginx-ingress-services.getIssuerName" . | quote }} @@ -20,7 +20,7 @@ spec: email: {{ required "Missing value: certmasterEmail" .Values.certManager.certmasterEmail | quote }} # NOTE: this secret doesnt need to be created, it only gets a name with this privateKeySecretRef: - name: {{ include "nginx-ingress-services.getIssuerName" . -}}-account-key + name: {{ include "nginx-ingress-services.getIssuerName" . }}-account-key solvers: {{- if .Values.certManager.customSolvers }} {{ toYaml .Values.certManager.customSolvers | indent 6 }} @@ -29,4 +29,4 @@ spec: ingress: class: nginx {{- end }} -{{- end -}} +{{- end }} diff --git a/charts/nginz/templates/configmap.yaml b/charts/nginz/templates/configmap.yaml index 69f1887056e..200c99f67fe 100644 --- a/charts/nginz/templates/configmap.yaml +++ b/charts/nginz/templates/configmap.yaml @@ -1,11 +1,11 @@ -{{- $nginx_conf := .Values.nginx_conf }} +{{- $nginxConf := .Values.nginx_conf }} -{{- if hasKey $nginx_conf "external_env_domain" }} - {{- $external_env_domain := $nginx_conf.external_env_domain }} +{{- if hasKey $nginxConf "external_env_domain" }} + {{- $externalEnvDomain := $nginxConf.external_env_domain }} {{- range $nginx_conf.additional_external_env_domains }} - {{- if eq $external_env_domain . }} - {{- fail (printf "Error: external_env_domain (%s) cannot be part of additional_external_env_domains list." $external_env_domain) }} + {{- if eq $externalEnvDomain . }} + {{- fail (printf "Error: external_env_domain (%s) cannot be part of additional_external_env_domains list." $externalEnvDomain) }} {{- end }} {{- end }} {{- end }} @@ -59,13 +59,13 @@ data: {{- end }} - {{- if (hasKey $nginx_conf "additional_external_env_domains") }} - {{- range $domain, $config := $nginx_conf.multi_ingress_deeplink }} - {{- if (has $domain $nginx_conf.additional_external_env_domains) }} + {{- if (hasKey $nginxConf "additional_external_env_domains") }} + {{- range $domain, $config := $nginxConf.multi_ingress_deeplink }} + {{- if (has $domain $nginxConf.additional_external_env_domains) }} {{- $backendURL := $config.endpoints.backendURL }} - {{- $deeplink_json := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} - {{- $deeplink_html := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} - {{ $deeplink_json }}: | + {{- $deeplinkJson := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} + {{- $deeplinkHtml := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} + {{ $deeplinkJson }}: | {{- $deeplink := dict "endpoints" (dict "backendURL" $config.endpoints.backendURL @@ -86,6 +86,20 @@ data: {{- end }} {{ toJson $deeplink | indent 4 }} {{ printf "\n" }} + {{ $deeplinkHtml }}: | + + + Deeplink for {{ $domain }} + + + Click here for access + + + {{- end }} + {{- end }} + {{- end }} + {{ toJson $deeplink | indent 4 }} + {{ printf "\n" }} {{ $deeplink_html }}: | diff --git a/charts/outlook-addin/templates/deployment.yaml b/charts/outlook-addin/templates/deployment.yaml index 3a0ab24413d..00987401818 100644 --- a/charts/outlook-addin/templates/deployment.yaml +++ b/charts/outlook-addin/templates/deployment.yaml @@ -7,6 +7,7 @@ metadata: {{- include "outlook.labels" . | nindent 4 }} spec: replicas: 3 + automountServiceAccountToken: false selector: matchLabels: app: {{ include "outlook.fullname" . }} @@ -45,3 +46,9 @@ spec: httpGet: path: / port: http + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" diff --git a/charts/restund/templates/statefulset.yaml b/charts/restund/templates/statefulset.yaml index 8ae1b05f76a..3c6321a10f9 100644 --- a/charts/restund/templates/statefulset.yaml +++ b/charts/restund/templates/statefulset.yaml @@ -37,6 +37,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} hostNetwork: true serviceAccountName: {{ include "restund.fullname" . }} + automountServiceAccountToken: false volumes: - name: external-ip emptyDir: {} diff --git a/charts/restund/values.yaml b/charts/restund/values.yaml index e45c63670c2..d759aa8185f 100644 --- a/charts/restund/values.yaml +++ b/charts/restund/values.yaml @@ -34,6 +34,13 @@ restundUDPStatusPort: 33000 restundHTTPStatusPort: 8080 restundMetricsListenPort: 8443 +resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + federate: enabled: false port: 9191 diff --git a/charts/wire-server-enterprise/values.yaml b/charts/wire-server-enterprise/values.yaml index 2a569c5d646..6beaafe6c5e 100644 --- a/charts/wire-server-enterprise/values.yaml +++ b/charts/wire-server-enterprise/values.yaml @@ -8,6 +8,7 @@ resources: requests: memory: "200Mi" cpu: "100m" + ephemeral-storage: "1Gi" limits: memory: "512Mi" diff --git a/charts/wire-server/templates/background-worker/configmap.yaml b/charts/wire-server/templates/background-worker/configmap.yaml index 49c0c3d38d7..5c6a5173bbb 100644 --- a/charts/wire-server/templates/background-worker/configmap.yaml +++ b/charts/wire-server/templates/background-worker/configmap.yaml @@ -104,10 +104,10 @@ data: migrateConversationCodes: {{ .migrateConversationCodes }} migrateTeamFeatures: {{ .migrateTeamFeatures }} migrateConversationsOptions: -{{toYaml .migrateConversationsOptions | indent 6 }} +{{ toYaml .migrateConversationsOptions | indent 6 }} backendNotificationPusher: -{{toYaml .backendNotificationPusher | indent 6 }} +{{ toYaml .backendNotificationPusher | indent 6 }} {{- with .backgroundJobs }} backgroundJobs: {{ toYaml . | indent 6 }} diff --git a/charts/wire-server/templates/brig/tests/brig-integration.yaml b/charts/wire-server/templates/brig/tests/brig-integration.yaml index c2c9372217b..d9dd91b0551 100644 --- a/charts/wire-server/templates/brig/tests/brig-integration.yaml +++ b/charts/wire-server/templates/brig/tests/brig-integration.yaml @@ -48,12 +48,12 @@ spec: - name: elasticsearch-ca secret: secretName: {{ include "brig.elasticsearchTlsSecretName" .Values.brig.config }} - {{- end}} + {{- end }} {{- if eq (include "useCassandraTLS" .Values.brig.config.cassandra) "true" }} - name: "brig-cassandra" secret: secretName: {{ (include "brig.tlsSecretRef" .Values.brig.config | fromYaml).name }} - {{- end}} + {{- end }} {{- if .Values.brig.config.rabbitmq.tlsCaSecretRef }} - name: "rabbitmq-ca" secret: @@ -119,7 +119,7 @@ spec: {{- if eq (include "brig.configureElasticSearchCa" .Values.brig.config) "true" }} - name: elasticsearch-ca mountPath: "/etc/wire/brig/elasticsearch-ca" - {{- end}} + {{- end }} {{- if eq (include "useCassandraTLS" .Values.brig.config.cassandra) "true" }} - name: "brig-cassandra" mountPath: "/etc/wire/brig/cassandra" diff --git a/charts/wire-server/templates/cargohold/deployment.yaml b/charts/wire-server/templates/cargohold/deployment.yaml index 10fca7259ed..40b6c475508 100644 --- a/charts/wire-server/templates/cargohold/deployment.yaml +++ b/charts/wire-server/templates/cargohold/deployment.yaml @@ -28,6 +28,7 @@ spec: checksum/secret: {{ include (print .Template.BasePath "/cargohold/secret.yaml") . | sha256sum }} spec: serviceAccountName: {{ .Values.cargohold.serviceAccount.name }} + automountServiceAccountToken: false topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" diff --git a/charts/wire-server/templates/galley/configmap.yaml b/charts/wire-server/templates/galley/configmap.yaml index 1afe5e88786..77f6d58469e 100644 --- a/charts/wire-server/templates/galley/configmap.yaml +++ b/charts/wire-server/templates/galley/configmap.yaml @@ -85,7 +85,7 @@ data: {{- else if .settings.multiIngress }} multiIngress: {{- toYaml .settings.multiIngress | nindent 8 }} {{- else }} - {{ fail "Either settings.conversationCodeURI or settings.multiIngress have to be set"}} + {{ fail "Either settings.conversationCodeURI or settings.multiIngress have to be set" }} {{- end }} {{- if (and .settings.conversationCodeURI .settings.multiIngress) }} {{ fail "settings.conversationCodeURI and settings.multiIngress are mutually exclusive" }} diff --git a/charts/wire-server/templates/gundeck/configmap.yaml b/charts/wire-server/templates/gundeck/configmap.yaml index 9f102742700..10be21c34e1 100644 --- a/charts/wire-server/templates/gundeck/configmap.yaml +++ b/charts/wire-server/templates/gundeck/configmap.yaml @@ -48,7 +48,7 @@ data: enableTls: {{ .redis.enableTls }} insecureSkipVerifyTls: {{ .redis.insecureSkipVerifyTls }} {{- if eq (include "gundeck.configureRedisCa" .) "true" }} - tlsCa: /etc/wire/gundeck/redis-ca/{{ include "gundeck.redisTlsSecretKey" .}} + tlsCa: /etc/wire/gundeck/redis-ca/{{ include "gundeck.redisTlsSecretKey" . }} {{- end }} {{- if .redisAdditionalWrite }} @@ -59,7 +59,7 @@ data: enableTls: {{ .redisAdditionalWrite.enableTls }} insecureSkipVerifyTls: {{ .redisAdditionalWrite.insecureSkipVerifyTls }} {{- if eq (include "gundeck.configureAdditionalRedisCa" .) "true" }} - tlsCa: /etc/wire/gundeck/additional-redis-ca/{{ include "gundeck.additionalRedisTlsSecretKey" .}} + tlsCa: /etc/wire/gundeck/additional-redis-ca/{{ include "gundeck.additionalRedisTlsSecretKey" . }} {{- end }} {{- end }} diff --git a/charts/wire-server/templates/gundeck/deployment.yaml b/charts/wire-server/templates/gundeck/deployment.yaml index b7d677c88c7..bc46a53ec0d 100644 --- a/charts/wire-server/templates/gundeck/deployment.yaml +++ b/charts/wire-server/templates/gundeck/deployment.yaml @@ -49,7 +49,7 @@ spec: - name: "gundeck-cassandra" secret: secretName: {{ (include "gundeck.tlsSecretRef" .Values.gundeck.config | fromYaml).name }} - {{- end}} + {{- end }} {{- if eq (include "gundeck.configureRedisCa" .Values.gundeck.config) "true" }} - name: "redis-ca" secret: diff --git a/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml b/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml index b70752b3ead..f1a661b4a58 100644 --- a/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml +++ b/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml @@ -17,7 +17,7 @@ spec: - name: "gundeck-cassandra" secret: secretName: {{ (include "gundeck.tlsSecretRef" .Values.gundeck.config | fromYaml).name }} - {{- end}} + {{- end }} {{- if eq (include "gundeck.configureRedisCa" .Values.gundeck.config) "true" }} - name: "redis-ca" secret: diff --git a/charts/wire-server/templates/spar/tests/spar-integration.yaml b/charts/wire-server/templates/spar/tests/spar-integration.yaml index 259018d6338..49b861e1c73 100644 --- a/charts/wire-server/templates/spar/tests/spar-integration.yaml +++ b/charts/wire-server/templates/spar/tests/spar-integration.yaml @@ -20,7 +20,7 @@ spec: - name: "spar-cassandra" secret: secretName: {{ (include "spar.tlsSecretRef" .Values.spar.config | fromYaml).name }} - {{- end}} + {{- end }} containers: - name: integration image: "{{ .Values.spar.image.repository }}-integration:{{ .Values.spar.image.tag }}" diff --git a/charts/wire-server/values.yaml b/charts/wire-server/values.yaml index 5b6f0c99b0e..cd993eee99b 100644 --- a/charts/wire-server/values.yaml +++ b/charts/wire-server/values.yaml @@ -937,6 +937,7 @@ background-worker: requests: memory: "200Mi" cpu: "100m" + ephemeral-storage: "1Gi" limits: memory: "512Mi" metrics: From 1e580ed844b74a5c32f5d5d1a85ef1a5580fa8ea Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Tue, 31 Mar 2026 14:44:56 +0200 Subject: [PATCH 2/8] fix: try something --- charts/nginz/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nginz/templates/configmap.yaml b/charts/nginz/templates/configmap.yaml index 200c99f67fe..9650234dc5f 100644 --- a/charts/nginz/templates/configmap.yaml +++ b/charts/nginz/templates/configmap.yaml @@ -3,7 +3,7 @@ {{- if hasKey $nginxConf "external_env_domain" }} {{- $externalEnvDomain := $nginxConf.external_env_domain }} - {{- range $nginx_conf.additional_external_env_domains }} + {{- range $nginxConf.additional_external_env_domains }} {{- if eq $externalEnvDomain . }} {{- fail (printf "Error: external_env_domain (%s) cannot be part of additional_external_env_domains list." $externalEnvDomain) }} {{- end }} From f99b72d45cacea151a7f7289e3f721d3e01fb103 Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Wed, 1 Apr 2026 13:04:58 +0200 Subject: [PATCH 3/8] fix: feedbacks --- changelog.d/5-internal/WPB-23896 | 36 +------ .../templates/cassandra-certs.yaml | 22 ++--- charts/k8ssandra-test-cluster/values.yaml | 9 +- .../templates/issuer.yaml | 4 +- charts/nginz/templates/configmap.yaml | 94 ++++++++----------- .../outlook-addin/templates/deployment.yaml | 8 +- charts/restund/templates/statefulset.yaml | 1 - charts/restund/values.yaml | 7 -- charts/wire-server-enterprise/values.yaml | 1 - charts/wire-server/values.yaml | 1 - 10 files changed, 56 insertions(+), 127 deletions(-) diff --git a/changelog.d/5-internal/WPB-23896 b/changelog.d/5-internal/WPB-23896 index aedb7c1c5e1..427474b0cde 100644 --- a/changelog.d/5-internal/WPB-23896 +++ b/changelog.d/5-internal/WPB-23896 @@ -1,35 +1 @@ -Fixed SonarQube Helm template formatting, variable naming, and resource/RBAC issues in charts/: - -## Template Formatting (kubernetes:S6893) - 15 issues -- charts/wire-server/templates/background-worker/configmap.yaml: Added whitespace after "{{" on lines 107, 110 -- charts/wire-server/templates/gundeck/configmap.yaml: Added whitespace after "{{" on lines 51, 62 -- charts/wire-server/templates/galley/configmap.yaml: Added whitespace before "}}" on line 88 -- charts/wire-server/templates/gundeck/deployment.yaml: Added whitespace before "}}" on line 52 -- charts/wire-server/templates/brig/tests/brig-integration.yaml: Added whitespace before "}}" on lines 51, 56, 122 -- charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml: Added whitespace before "}}" on line 20 -- charts/wire-server/templates/spar/tests/spar-integration.yaml: Added whitespace before "}}" on line 23 -- charts/cassandra-migrations/templates/cassandra-certs.yaml: Added whitespace before "}}" on lines 18, 37, 56, 75 -- charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml: Added whitespace after "{{" on line 5 -- charts/nginx-ingress-services/templates/issuer.yaml: Added whitespace after "{{" and before "}}" on lines 6, 23, 32 - -## Variable Naming (kubernetes:S117) - 4 issues -- charts/nginz/templates/configmap.yaml: Renamed variables to match camelCase convention: - - $nginx_conf -> $nginxConf - - $external_env_domain -> $externalEnvDomain - - $deeplink_json -> $deeplinkJson - - $deeplink_html -> $deeplinkHtml - Updated all references accordingly - -## Resource Limits/Requests - 6 issues -- charts/outlook-addin/templates/deployment.yaml: Added resources block with memory limit and memory/cpu requests -- charts/restund/values.yaml: Added resources block with memory/cpu limits and requests -- charts/k8ssandra-test-cluster/values.yaml: Added resources block with memory/cpu limits and requests -- charts/backoffice/templates/tests/stern-integration.yaml: Added memory limit to existing resources -- charts/wire-server/values.yaml: Added ephemeral-storage requests to background-worker and wire-server-enterprise resources - -## Service Account RBAC (kubernetes:S6865) - 5 issues -- charts/wire-server/templates/cargohold/deployment.yaml: Added automountServiceAccountToken: false -- charts/restund/templates/statefulset.yaml: Added automountServiceAccountToken: false -- charts/outlook-addin/templates/deployment.yaml: Added automountServiceAccountToken: false -- charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml: Added automountServiceAccountToken: false -- charts/backoffice/templates/tests/stern-integration.yaml: Added automountServiceAccountToken: false +Fixed SonarQube Helm template formatting and RBAC issues in charts/. diff --git a/charts/cassandra-migrations/templates/cassandra-certs.yaml b/charts/cassandra-migrations/templates/cassandra-certs.yaml index 6e6a1171c42..81e38405b39 100644 --- a/charts/cassandra-migrations/templates/cassandra-certs.yaml +++ b/charts/cassandra-migrations/templates/cassandra-certs.yaml @@ -13,8 +13,8 @@ metadata: "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed type: Opaque -data: - ca.pem: {{ include "tlsCaBrig" . | b64enc | quote }} + data: + ca.pem: {{ include "tlsCaBrig" . | b64enc | quote }} {{- end }} {{- if ne (trim (include "tlsCaGalley" .)) "" }} --- @@ -31,9 +31,9 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed -type: Opaque -data: - ca.pem: {{ include "tlsCaGalley" . | b64enc | quote }} + type: Opaque + data: + ca.pem: {{ include "tlsCaGalley" . | b64enc | quote }} {{- end }} {{- if ne (trim (include "tlsCaGundeck" .)) "" }} --- @@ -50,9 +50,9 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed -type: Opaque -data: - ca.pem: {{ include "tlsCaGundeck" . | b64enc | quote }} + type: Opaque + data: + ca.pem: {{ include "tlsCaGundeck" . | b64enc | quote }} {{- end }} {{- if ne (trim (include "tlsCaSpar" .)) "" }} --- @@ -69,7 +69,7 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed -type: Opaque -data: - ca.pem: {{ include "tlsCaSpar" . | b64enc | quote }} + type: Opaque + data: + ca.pem: {{ include "tlsCaSpar" . | b64enc | quote }} {{- end }} diff --git a/charts/k8ssandra-test-cluster/values.yaml b/charts/k8ssandra-test-cluster/values.yaml index 9b9135b9df9..239dba3c21d 100644 --- a/charts/k8ssandra-test-cluster/values.yaml +++ b/charts/k8ssandra-test-cluster/values.yaml @@ -35,13 +35,6 @@ syncCACertToSecret: false prometheus: enabled: true -# Size of datacenter +# Size of the datacenter datacenter: size: 1 - -resources: - requests: - memory: "128Mi" - cpu: "1" - limits: - memory: "512Mi" diff --git a/charts/nginx-ingress-services/templates/issuer.yaml b/charts/nginx-ingress-services/templates/issuer.yaml index 5ec7e7687f6..5fb376ff9a7 100644 --- a/charts/nginx-ingress-services/templates/issuer.yaml +++ b/charts/nginx-ingress-services/templates/issuer.yaml @@ -20,7 +20,7 @@ spec: email: {{ required "Missing value: certmasterEmail" .Values.certManager.certmasterEmail | quote }} # NOTE: this secret doesnt need to be created, it only gets a name with this privateKeySecretRef: - name: {{ include "nginx-ingress-services.getIssuerName" . }}-account-key + name: {{ include "nginx-ingress-services.getIssuerName" . -}}-account-key solvers: {{- if .Values.certManager.customSolvers }} {{ toYaml .Values.certManager.customSolvers | indent 6 }} @@ -28,5 +28,5 @@ spec: - http01: ingress: class: nginx -{{- end }} +{{- end -}} {{- end }} diff --git a/charts/nginz/templates/configmap.yaml b/charts/nginz/templates/configmap.yaml index 9650234dc5f..2d11c0a6588 100644 --- a/charts/nginz/templates/configmap.yaml +++ b/charts/nginz/templates/configmap.yaml @@ -1,4 +1,3 @@ - {{- $nginxConf := .Values.nginx_conf }} {{- if hasKey $nginxConf "external_env_domain" }} @@ -27,10 +26,9 @@ metadata: name: nginz-deeplink data: {{- if and (hasKey .Values.nginx_conf "deeplink") (hasKey .Values.nginx_conf "external_env_domain") }} - {{- $backendURL := .Values.nginx_conf.deeplink.endpoints.backendURL }} - {{- $deeplink_json := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} - {{- $deeplink_html := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} - {{ $deeplink_json }}: | + {{- $deeplinkJson := .Values.nginx_conf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} + {{- $deeplinkHtml := .Values.nginx_conf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} + {{ $deeplinkJson }}: | {{- $deeplink := dict "endpoints" (dict "backendURL" .Values.nginx_conf.deeplink.endpoints.backendURL @@ -50,9 +48,11 @@ data: ) }} {{- end }} {{ toJson $deeplink | indent 4 }} - {{ $deeplink_html }}: | + {{ $deeplinkHtml }}: | - + + Deeplink for {{ .Values.nginx_conf.deeplink.endpoints.backendURL }} + Click here for access @@ -61,54 +61,40 @@ data: {{- if (hasKey $nginxConf "additional_external_env_domains") }} {{- range $domain, $config := $nginxConf.multi_ingress_deeplink }} - {{- if (has $domain $nginxConf.additional_external_env_domains) }} + {{- if (has $domain $nginxConf.additional_external_env_domains) }} {{- $backendURL := $config.endpoints.backendURL }} - {{- $deeplinkJson := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} - {{- $deeplinkHtml := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} - {{ $deeplinkJson }}: | - {{- $deeplink := dict - "endpoints" (dict - "backendURL" $config.endpoints.backendURL - "backendWSURL" $config.endpoints.backendWSURL - "blackListURL" $config.endpoints.blackListURL - "teamsURL" $config.endpoints.teamsURL - "accountsURL" $config.endpoints.accountsURL - "websiteURL" $config.endpoints.websiteURL - ) - "title" $config.title - }} - {{- if hasKey $config "apiProxy" }} - {{- $_ := set $deeplink "apiProxy" (dict - "host" $config.apiProxy.host - "port" $config.apiProxy.port - "needsAuthentication" $config.apiProxy.needsAuthentication - ) }} - {{- end }} - {{ toJson $deeplink | indent 4 }} - {{ printf "\n" }} - {{ $deeplinkHtml }}: | - - - Deeplink for {{ $domain }} - - - Click here for access - - - {{- end }} - {{- end }} - {{- end }} - {{ toJson $deeplink | indent 4 }} - {{ printf "\n" }} - {{ $deeplink_html }}: | - - - Deeplink for {{ $domain }} - - - Click here for access - - + {{- $deeplinkJson := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} + {{- $deeplinkHtml := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} + {{ $deeplinkJson }}: | + {{- $deeplink := dict + "endpoints" (dict + "backendURL" $config.endpoints.backendURL + "backendWSURL" $config.endpoints.backendWSURL + "blackListURL" $config.endpoints.blackListURL + "teamsURL" $config.endpoints.teamsURL + "accountsURL" $config.endpoints.accountsURL + "websiteURL" $config.endpoints.websiteURL + ) + "title" $config.title + }} + {{- if hasKey $config "apiProxy" }} + {{- $_ := set $deeplink "apiProxy" (dict + "host" $config.apiProxy.host + "port" $config.apiProxy.port + "needsAuthentication" $config.apiProxy.needsAuthentication + ) }} + {{- end }} + {{ toJson $deeplink | indent 4 }} + {{ printf "\n" }} + {{ $deeplinkHtml }}: | + + + Deeplink for {{ $domain }} + + + Click here for access + + {{- end }} {{- end }} {{- end }} diff --git a/charts/outlook-addin/templates/deployment.yaml b/charts/outlook-addin/templates/deployment.yaml index 00987401818..d204cb94643 100644 --- a/charts/outlook-addin/templates/deployment.yaml +++ b/charts/outlook-addin/templates/deployment.yaml @@ -7,7 +7,6 @@ metadata: {{- include "outlook.labels" . | nindent 4 }} spec: replicas: 3 - automountServiceAccountToken: false selector: matchLabels: app: {{ include "outlook.fullname" . }} @@ -16,6 +15,7 @@ spec: labels: app: {{ include "outlook.fullname" . }} spec: + automountServiceAccountToken: false topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" @@ -46,9 +46,3 @@ spec: httpGet: path: / port: http - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" diff --git a/charts/restund/templates/statefulset.yaml b/charts/restund/templates/statefulset.yaml index 3c6321a10f9..8ae1b05f76a 100644 --- a/charts/restund/templates/statefulset.yaml +++ b/charts/restund/templates/statefulset.yaml @@ -37,7 +37,6 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} hostNetwork: true serviceAccountName: {{ include "restund.fullname" . }} - automountServiceAccountToken: false volumes: - name: external-ip emptyDir: {} diff --git a/charts/restund/values.yaml b/charts/restund/values.yaml index d759aa8185f..e45c63670c2 100644 --- a/charts/restund/values.yaml +++ b/charts/restund/values.yaml @@ -34,13 +34,6 @@ restundUDPStatusPort: 33000 restundHTTPStatusPort: 8080 restundMetricsListenPort: 8443 -resources: - requests: - memory: "256Mi" - cpu: "100m" - limits: - memory: "512Mi" - federate: enabled: false port: 9191 diff --git a/charts/wire-server-enterprise/values.yaml b/charts/wire-server-enterprise/values.yaml index 6beaafe6c5e..2a569c5d646 100644 --- a/charts/wire-server-enterprise/values.yaml +++ b/charts/wire-server-enterprise/values.yaml @@ -8,7 +8,6 @@ resources: requests: memory: "200Mi" cpu: "100m" - ephemeral-storage: "1Gi" limits: memory: "512Mi" diff --git a/charts/wire-server/values.yaml b/charts/wire-server/values.yaml index cd993eee99b..5b6f0c99b0e 100644 --- a/charts/wire-server/values.yaml +++ b/charts/wire-server/values.yaml @@ -937,7 +937,6 @@ background-worker: requests: memory: "200Mi" cpu: "100m" - ephemeral-storage: "1Gi" limits: memory: "512Mi" metrics: From 4173142a0df05460909df32a73ede2e8679bbd99 Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Wed, 1 Apr 2026 17:35:25 +0200 Subject: [PATCH 4/8] feat: another lint --- charts/openldap/templates/openldap.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/openldap/templates/openldap.yaml b/charts/openldap/templates/openldap.yaml index 3a0fdb9f08b..12274bdd601 100644 --- a/charts/openldap/templates/openldap.yaml +++ b/charts/openldap/templates/openldap.yaml @@ -8,6 +8,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: + automountServiceAccountToken: false topologySpreadConstraints: - maxSkew: 1 topologyKey: "kubernetes.io/hostname" From 28ee720c193b0345b163a3dfaabcd01c79dddc10 Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Wed, 1 Apr 2026 18:20:31 +0200 Subject: [PATCH 5/8] Hello CI From d87ae191201063293d2cf7c73b15c8c43ef2cb19 Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Thu, 2 Apr 2026 16:28:37 +0200 Subject: [PATCH 6/8] fix: indent --- .../templates/cassandra-certs.yaml | 10 +- charts/nginz/templates/configmap.yaml | 96 +++++++++---------- 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/charts/cassandra-migrations/templates/cassandra-certs.yaml b/charts/cassandra-migrations/templates/cassandra-certs.yaml index 81e38405b39..bb33009e01e 100644 --- a/charts/cassandra-migrations/templates/cassandra-certs.yaml +++ b/charts/cassandra-migrations/templates/cassandra-certs.yaml @@ -13,7 +13,7 @@ metadata: "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed type: Opaque - data: +data: ca.pem: {{ include "tlsCaBrig" . | b64enc | quote }} {{- end }} {{- if ne (trim (include "tlsCaGalley" .)) "" }} @@ -31,8 +31,8 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed - type: Opaque - data: +type: Opaque +data: ca.pem: {{ include "tlsCaGalley" . | b64enc | quote }} {{- end }} {{- if ne (trim (include "tlsCaGundeck" .)) "" }} @@ -69,7 +69,7 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed - type: Opaque - data: +type: Opaque +data: ca.pem: {{ include "tlsCaSpar" . | b64enc | quote }} {{- end }} diff --git a/charts/nginz/templates/configmap.yaml b/charts/nginz/templates/configmap.yaml index 2d11c0a6588..6ab968cac68 100644 --- a/charts/nginz/templates/configmap.yaml +++ b/charts/nginz/templates/configmap.yaml @@ -25,36 +25,36 @@ kind: ConfigMap metadata: name: nginz-deeplink data: - {{- if and (hasKey .Values.nginx_conf "deeplink") (hasKey .Values.nginx_conf "external_env_domain") }} - {{- $deeplinkJson := .Values.nginx_conf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} - {{- $deeplinkHtml := .Values.nginx_conf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} + {{- if and (hasKey $nginxConf "deeplink") (hasKey $nginxConf "external_env_domain") }} + {{- $deeplinkJson := $nginxConf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} + {{- $deeplinkHtml := $nginxConf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} {{ $deeplinkJson }}: | {{- $deeplink := dict "endpoints" (dict - "backendURL" .Values.nginx_conf.deeplink.endpoints.backendURL - "backendWSURL" .Values.nginx_conf.deeplink.endpoints.backendWSURL - "blackListURL" .Values.nginx_conf.deeplink.endpoints.blackListURL - "teamsURL" .Values.nginx_conf.deeplink.endpoints.teamsURL - "accountsURL" .Values.nginx_conf.deeplink.endpoints.accountsURL - "websiteURL" .Values.nginx_conf.deeplink.endpoints.websiteURL + "backendURL" $nginxConf.deeplink.endpoints.backendURL + "backendWSURL" $nginxConf.deeplink.endpoints.backendWSURL + "blackListURL" $nginxConf.deeplink.endpoints.blackListURL + "teamsURL" $nginxConf.deeplink.endpoints.teamsURL + "accountsURL" $nginxConf.deeplink.endpoints.accountsURL + "websiteURL" $nginxConf.deeplink.endpoints.websiteURL ) - "title" .Values.nginx_conf.deeplink.title + "title" $nginxConf.deeplink.title }} - {{- if hasKey .Values.nginx_conf.deeplink "apiProxy" }} + {{- if hasKey $nginxConf.deeplink "apiProxy" }} {{- $_ := set $deeplink "apiProxy" (dict - "host" .Values.nginx_conf.deeplink.apiProxy.host - "port" .Values.nginx_conf.deeplink.apiProxy.port - "needsAuthentication" .Values.nginx_conf.deeplink.apiProxy.needsAuthentication + "host" $nginxConf.deeplink.apiProxy.host + "port" $nginxConf.deeplink.apiProxy.port + "needsAuthentication" $nginxConf.deeplink.apiProxy.needsAuthentication ) }} {{- end }} {{ toJson $deeplink | indent 4 }} {{ $deeplinkHtml }}: | - Deeplink for {{ .Values.nginx_conf.deeplink.endpoints.backendURL }} + Deeplink for {{ $nginxConf.deeplink.endpoints.backendURL }} - Click here for access + Click here for access {{- end }} @@ -63,38 +63,38 @@ data: {{- range $domain, $config := $nginxConf.multi_ingress_deeplink }} {{- if (has $domain $nginxConf.additional_external_env_domains) }} {{- $backendURL := $config.endpoints.backendURL }} - {{- $deeplinkJson := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} - {{- $deeplinkHtml := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} - {{ $deeplinkJson }}: | - {{- $deeplink := dict - "endpoints" (dict - "backendURL" $config.endpoints.backendURL - "backendWSURL" $config.endpoints.backendWSURL - "blackListURL" $config.endpoints.blackListURL - "teamsURL" $config.endpoints.teamsURL - "accountsURL" $config.endpoints.accountsURL - "websiteURL" $config.endpoints.websiteURL - ) - "title" $config.title - }} - {{- if hasKey $config "apiProxy" }} - {{- $_ := set $deeplink "apiProxy" (dict - "host" $config.apiProxy.host - "port" $config.apiProxy.port - "needsAuthentication" $config.apiProxy.needsAuthentication - ) }} - {{- end }} - {{ toJson $deeplink | indent 4 }} - {{ printf "\n" }} - {{ $deeplinkHtml }}: | - - - Deeplink for {{ $domain }} - - - Click here for access - - + {{- $deeplinkJson := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }} + {{- $deeplinkHtml := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }} + {{ $deeplinkJson }}: | + {{- $deeplink := dict + "endpoints" (dict + "backendURL" $config.endpoints.backendURL + "backendWSURL" $config.endpoints.backendWSURL + "blackListURL" $config.endpoints.blackListURL + "teamsURL" $config.endpoints.teamsURL + "accountsURL" $config.endpoints.accountsURL + "websiteURL" $config.endpoints.websiteURL + ) + "title" $config.title + }} + {{- if hasKey $config "apiProxy" }} + {{- $_ := set $deeplink "apiProxy" (dict + "host" $config.apiProxy.host + "port" $config.apiProxy.port + "needsAuthentication" $config.apiProxy.needsAuthentication + ) }} + {{- end }} + {{ toJson $deeplink | indent 4 }} + {{ printf "\n" }} + {{ $deeplinkHtml }}: | + + + Deeplink for {{ $domain }} + + + Click here for access + + {{- end }} {{- end }} {{- end }} From 21d63d9387bb043586a3540e31f4bce1d8121461 Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Thu, 2 Apr 2026 18:05:26 +0200 Subject: [PATCH 7/8] fix: indent --- changelog.d/0-release-notes/WPB-23896 | 1 + charts/cassandra-migrations/templates/cassandra-certs.yaml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 changelog.d/0-release-notes/WPB-23896 diff --git a/changelog.d/0-release-notes/WPB-23896 b/changelog.d/0-release-notes/WPB-23896 new file mode 100644 index 00000000000..92f70868a7d --- /dev/null +++ b/changelog.d/0-release-notes/WPB-23896 @@ -0,0 +1 @@ +Helm charts updates, specifying resources limit/requests. diff --git a/charts/cassandra-migrations/templates/cassandra-certs.yaml b/charts/cassandra-migrations/templates/cassandra-certs.yaml index bb33009e01e..e3e455c7afe 100644 --- a/charts/cassandra-migrations/templates/cassandra-certs.yaml +++ b/charts/cassandra-migrations/templates/cassandra-certs.yaml @@ -50,8 +50,8 @@ metadata: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "0" "helm.sh/hook-delete-policy": hook-succeeded,hook-failed - type: Opaque - data: +type: Opaque +data: ca.pem: {{ include "tlsCaGundeck" . | b64enc | quote }} {{- end }} {{- if ne (trim (include "tlsCaSpar" .)) "" }} From a4be264d0e09ec48863ea2db31914d7403daa308 Mon Sep 17 00:00:00 2001 From: Gautier DI FOLCO Date: Thu, 2 Apr 2026 18:30:11 +0200 Subject: [PATCH 8/8] feat: outlook-addin resources/limits --- charts/outlook-addin/templates/deployment.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/outlook-addin/templates/deployment.yaml b/charts/outlook-addin/templates/deployment.yaml index d204cb94643..d153cd0083c 100644 --- a/charts/outlook-addin/templates/deployment.yaml +++ b/charts/outlook-addin/templates/deployment.yaml @@ -46,3 +46,9 @@ spec: httpGet: path: / port: http + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "256Mi"