diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 790e810d..ab674f0e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 33 runAsGroup: 33 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -74,7 +74,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 77d60f93..38f0a21b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -32,7 +32,7 @@ spec: runAsUser: 100 runAsGroup: 100 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -50,7 +50,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -73,7 +73,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 332c41fb..5f6b3236 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 999 runAsGroup: 999 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -49,7 +49,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -76,7 +76,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 22879334..a2ff0059 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -30,7 +30,7 @@ spec: runAsUser: 65534 runAsGroup: 65534 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -49,7 +49,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 0a2fe740..a154b421 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -23,7 +23,7 @@ spec: labels: io.kompose.service: nextcloud-aio-nextcloud spec: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment! + {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in pod context fsGroup: 33 @@ -32,7 +32,7 @@ spec: runAsUser: 33 runAsGroup: 33 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -179,12 +179,12 @@ spec: - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" image: nextcloud/aio-nextcloud:20241125_091756 - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment! + {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 6e93cb51..f9256d2e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 33 runAsGroup: 33 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -64,7 +64,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index f81c13de..375e52bd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 999 runAsGroup: 999 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -50,7 +50,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 19ecd60e..31ecd663 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -30,7 +30,7 @@ spec: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -67,7 +67,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 41b209c9..5379a069 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -32,7 +32,7 @@ spec: runAsUser: 122 runAsGroup: 122 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -55,7 +55,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 2a0d27c0..98979a5b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -30,7 +30,7 @@ spec: runAsUser: 65534 runAsGroup: 65534 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -57,7 +57,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index e2791ff7..d9876213 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then USER=33 GROUP=33 - echo ' {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext + echo ' {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext else USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')" GROUP="$USER" @@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do runAsUser: $USER runAsGroup: $GROUP runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -470,12 +470,12 @@ EOL find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^ securityContext:$/r /tmp/security.conf" \{} \; cat << EOL > /tmp/security.conf - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment! + {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} + {{- if eq .Values.RPSS_ENABLED "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"]