Merge pull request #5664 from nextcloud/revert-5662-enh/noid/add-defa…

…ult-for-rpss_enabled Revert "helm: add a default for RPSS_ENABLED"
nextcloud · Nov 26, 2024 · 421dc6c · 421dc6c
2 parents e74436c + b1353d3
commit 421dc6c
Show file tree

Hide file tree

Showing 11 changed files with 30 additions and 30 deletions.
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -74,7 +74,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 100
         runAsGroup: 100
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -73,7 +73,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -76,7 +76,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -49,7 +49,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,7 +23,7 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
-      {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
+      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
       securityContext:
         # The items below only work in pod context
         fsGroup: 33
@@ -32,7 +32,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -179,12 +179,12 @@ spec:
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
           image: nextcloud/aio-nextcloud:20241125_091756
-          {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
+          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 33
         runAsGroup: 33
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -64,7 +64,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -31,7 +31,7 @@ spec:
         runAsUser: 999
         runAsGroup: 999
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -50,7 +50,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 1000
         runAsGroup: 1000
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -67,7 +67,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -32,7 +32,7 @@ spec:
         runAsUser: 122
         runAsGroup: 122
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -55,7 +55,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -30,7 +30,7 @@ spec:
         runAsUser: 65534
         runAsGroup: 65534
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -57,7 +57,7 @@ spec:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]

diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
@@ -158,7 +158,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         if echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
             USER=33
             GROUP=33
-            echo '      {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
+            echo '      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
         else
             USER="$(grep runAsUser "$variable" | grep -oP '[0-9]+')"
             GROUP="$USER"
@@ -176,7 +176,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
         runAsUser: $USER
         runAsGroup: $GROUP
         runAsNonRoot: true
-        {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }}
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
@@ -446,7 +446,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -460,7 +460,7 @@ cat << EOL > /tmp/security.conf
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]
@@ -470,12 +470,12 @@ EOL
 find ./ -name '*imaginary-deployment.yaml*' -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 
 cat << EOL > /tmp/security.conf
-          {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }} # AIO-config - do not change this comment!
+          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
-              {{- if eq .Values.RPSS_ENABLED "yes" | default "no" }}
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
               {{- else }}
               drop: ["NET_RAW"]