diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index ab674f0e372..3b7de1e6fdd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 33 runAsGroup: 33 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -74,7 +74,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 38f0a21bce5..23975bb03de 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -32,7 +32,7 @@ spec: runAsUser: 100 runAsGroup: 100 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -50,7 +50,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -73,7 +73,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 5f6b32369be..93b5fb8878a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 999 runAsGroup: 999 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -49,7 +49,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -76,7 +76,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index a2ff00595bc..062a95df1f7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -30,7 +30,7 @@ spec: runAsUser: 65534 runAsGroup: 65534 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -49,7 +49,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index a154b4215de..2b6e3e9d2a9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -23,7 +23,7 @@ spec: labels: io.kompose.service: nextcloud-aio-nextcloud spec: - {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment! + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in pod context fsGroup: 33 @@ -32,7 +32,7 @@ spec: runAsUser: 33 runAsGroup: 33 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -179,12 +179,12 @@ spec: - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" image: nextcloud/aio-nextcloud:20241125_091756 - {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment! + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index f9256d2eb20..83008b74092 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 33 runAsGroup: 33 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -64,7 +64,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 375e52bd6fe..bdd3842b102 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -31,7 +31,7 @@ spec: runAsUser: 999 runAsGroup: 999 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -50,7 +50,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 31ecd663f15..52abc135429 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -30,7 +30,7 @@ spec: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -67,7 +67,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 5379a069795..04b00131850 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -32,7 +32,7 @@ spec: runAsUser: 122 runAsGroup: 122 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -55,7 +55,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 98979a5b62f..bd6fbf3e86c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -30,7 +30,7 @@ spec: runAsUser: 65534 runAsGroup: 65534 runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -57,7 +57,7 @@ spec: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index d9876213309..a8719b1b1e0 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then USER=33 GROUP=33 - echo ' {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext + echo ' {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext else USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')" GROUP="$USER" @@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do runAsUser: $USER runAsGroup: $GROUP runAsNonRoot: true - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} seccompProfile: type: RuntimeDefault {{- end }} @@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"] @@ -470,12 +470,12 @@ EOL find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^ securityContext:$/r /tmp/security.conf" \{} \; cat << EOL > /tmp/security.conf - {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment! + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context allowPrivilegeEscalation: false capabilities: - {{- if eq .Values.RPSS_ENABLED "yes" }} + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} drop: ["ALL"] {{- else }} drop: ["NET_RAW"]