daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-06-04 18:00:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

helm: automatically enforce RPSS if configured

Browse Source 
Signed-off-by: Simon L. <szaimen@e.mail.de>
This commit is contained in:
Simon L.
2025-05-02 15:47:58 +02:00
parent f49a0f0b69
commit efce94a6ef
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
nextcloud-aio-helm-chart/update-helm.sh
View File

@@ -259,6 +259,15 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \;
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if and \(ne .Values.NAMESPACE \"default\"\) \(ne .Values.NAMESPACE_DISABLED \"yes\"\) }}" \{} \;
# Additional config
cat << EOL > /tmp/additional-namespace.config
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
labels:
pod-security.kubernetes.io/enforce: restricted
{{- end }}
EOL
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i "/namespace.*/r /tmp/additional-namespace.config" \{} \;
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \;
# shellcheck disable=SC1083