helm: add additional security settings

Signed-off-by: Simon L. <[email protected]>
nextcloud · Nov 5, 2024 · d7e69d9 · d7e69d9
1 parent 89739b2
commit d7e69d9
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -173,7 +173,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20241017_085101"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20241017_08510"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
@@ -423,6 +423,12 @@ find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec se
 # shellcheck disable=SC1083
 find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 
+cat << EOL >> /tmp/security.conf
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+EOL
+find ./ -name "*deployment.yaml" -exec sed -i "/^.*securityContext:$/r /tmp/security.conf" \{} \; 
+
 chmod 777 -R ./
 
 # Seems like the dir needs to match the name of the chart