eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 14:06:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

helm: automatically enforce RPSS if configured

Browse source 
Signed-off-by: Simon L. <szaimen@e.mail.de>
This commit is contained in:
Simon L. 2025-05-02 15:47:58 +02:00
parent f49a0f0b69
commit efce94a6ef
2 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nextcloud-aio-helm-chart/update-helm.sh
View file

@ -259,6 +259,15 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \;
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if and \(ne .Values.NAMESPACE \"default\"\) \(ne .Values.NAMESPACE_DISABLED \"yes\"\) }}" \{} \;
# Additional config
cat << EOL > /tmp/additional-namespace.config
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
labels:
pod-security.kubernetes.io/enforce: restricted
{{- end }}
EOL
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i "/namespace.*/r /tmp/additional-namespace.config" \{} \;
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \;
# shellcheck disable=SC1083