helm-chart: Prevent few more occasions of template injection

By adding quotes you prevent users from injecting yaml based template attacks.

Author: marcofranssen

charts/fluent-operator/templates/fluentbit-clusterinput-systemd.yaml

@@ -4,7 +4,7 @@
 apiVersion: fluentbit.fluent.io/v1alpha2
 kind: ClusterInput
 metadata:
-  name: {{ .Values.containerRuntime }}
+  name: {{ .Values.containerRuntime | quote }}
   labels:
     fluentbit.fluent.io/enabled: "true"
     fluentbit.fluent.io/component: logging
@@ -17,7 +17,7 @@ spec:
     stripUnderscores: {{ .Values.fluentbit.input.systemd.stripUnderscores | quote }}
     systemdFilter:
       {{- if .Values.fluentbit.input.systemd.systemdFilter.enable }}
-      - _SYSTEMD_UNIT={{ .Values.containerRuntime }}.service
+      - {{ printf "_SYSTEMD_UNIT=%s.service" .Values.containerRuntime }}
       {{- if .Values.fluentbit.input.systemd.includeKubelet }}
       - _SYSTEMD_UNIT=kubelet.service
       {{- end }}

charts/fluent-operator/templates/fluentbit-output-forward.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   matchRegex: (?:kube|service)\.(.*)
   forward:
-    host: {{ .Values.fluentd.name }}.{{ .Release.Namespace }}.svc
+    host: {{ printf "%s.%s.svc" .Values.fluentd.name .Release.Namespace | quote }}
     port: {{ .Values.fluentd.forward.port }}
 {{- end }}
 {{- end }}

charts/fluent-operator/templates/fluentbitconfig-fluentBitConfig.yaml

@@ -17,7 +17,7 @@ spec:
       - /fluent-bit/config/parsers_multiline.conf
     httpServer: true
     {{- with .Values.fluentbit.logLevel }}
-    logLevel: {{ . }}
+    logLevel: {{ . | quote }}
     {{- end }}
     {{- with .Values.fluentbit.service.storage }}
     storage: