mirror of
https://github.com/nextcloud/all-in-one.git
synced 2025-12-19 22:16:49 +00:00
helm: add a default for RPSS_ENABLED
Signed-off-by: Simon L. <szaimen@e.mail.de>
This commit is contained in:
Simon L.
parent
be08b618b9
commit
21b5842813
11 changed files with 30 additions and 30 deletions
|
|
@ -31,7 +31,7 @@ spec:
|
|||
runAsUser: 33
|
||||
runAsGroup: 33
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -74,7 +74,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ spec:
|
|||
runAsUser: 100
|
||||
runAsGroup: 100
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -50,7 +50,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
@ -73,7 +73,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ spec:
|
|||
runAsUser: 999
|
||||
runAsGroup: 999
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -49,7 +49,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
@ -76,7 +76,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ spec:
|
|||
runAsUser: 65534
|
||||
runAsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -49,7 +49,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ spec:
|
|||
labels:
|
||||
io.kompose.service: nextcloud-aio-nextcloud
|
||||
spec:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in pod context
|
||||
fsGroup: 33
|
||||
|
|
@ -32,7 +32,7 @@ spec:
|
|||
runAsUser: 33
|
||||
runAsGroup: 33
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -179,12 +179,12 @@ spec:
|
|||
- name: WHITEBOARD_SECRET
|
||||
value: "{{ .Values.WHITEBOARD_SECRET }}"
|
||||
image: nextcloud/aio-nextcloud:20241125_091756
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ spec:
|
|||
runAsUser: 33
|
||||
runAsGroup: 33
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -64,7 +64,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ spec:
|
|||
runAsUser: 999
|
||||
runAsGroup: 999
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -50,7 +50,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ spec:
|
|||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -67,7 +67,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ spec:
|
|||
runAsUser: 122
|
||||
runAsGroup: 122
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -55,7 +55,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ spec:
|
|||
runAsUser: 65534
|
||||
runAsGroup: 65534
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -57,7 +57,7 @@ spec:
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
|
|||
if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
|
||||
USER=33
|
||||
GROUP=33
|
||||
echo ' {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
|
||||
echo ' {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
|
||||
else
|
||||
USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')"
|
||||
GROUP="$USER"
|
||||
|
|
@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
|
|||
runAsUser: $USER
|
||||
runAsGroup: $GROUP
|
||||
runAsNonRoot: true
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{{- end }}
|
||||
|
|
@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf
|
|||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
@ -470,12 +470,12 @@ EOL
|
|||
find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^ securityContext:$/r /tmp/security.conf" \{} \;
|
||||
|
||||
cat << EOL > /tmp/security.conf
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
|
||||
securityContext:
|
||||
# The items below only work in container context
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" }}
|
||||
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
|
||||
drop: ["ALL"]
|
||||
{{- else }}
|
||||
drop: ["NET_RAW"]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue