eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Revert "helm: add a default for RPSS_ENABLED"

Browse source
This commit is contained in:
Simon L. 2024-11-26 11:08:55 +01:00 committed by GitHub
parent e74436c3c1
commit b1353d309e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 30 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nextcloud-aio-helm-chart/update-helm.sh
View file

@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
USER=33
GROUP=33
echo ' {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
echo ' {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
else
USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')"
GROUP="$USER"
@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
runAsUser: $USER
runAsGroup: $GROUP
runAsNonRoot: true
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
seccompProfile:
type: RuntimeDefault
{{- end }}
@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]
@ -470,12 +470,12 @@ EOL
find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^ securityContext:$/r /tmp/security.conf" \{} \;
cat << EOL > /tmp/security.conf
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
{{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
securityContext:
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
{{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
{{- if eq .Values.RPSS_ENABLED "yes" }}
drop: ["ALL"]
{{- else }}
drop: ["NET_RAW"]