From 011ad2cd6bfe552e04a598452e8814d4d1029152 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Fri, 8 Mar 2024 10:39:16 +0100 Subject: [PATCH] fix(helmfile): YAML handling of seLinuxOptions and align overall `toYaml` syntax --- helmfile/apps/collabora/values.yaml.gotmpl | 11 +++---- helmfile/apps/cryptpad/values.yaml.gotmpl | 3 +- .../apps/element/values-element.yaml.gotmpl | 3 +- .../values-matrix-neoboard-widget.yaml.gotmpl | 3 +- ...values-matrix-neochoice-widget.yaml.gotmpl | 3 +- ...atrix-neodatefix-bot-bootstrap.yaml.gotmpl | 3 +- .../values-matrix-neodatefix-bot.yaml.gotmpl | 3 +- ...alues-matrix-neodatefix-widget.yaml.gotmpl | 3 +- ...verification-service-bootstrap.yaml.gotmpl | 3 +- ...trix-user-verification-service.yaml.gotmpl | 3 +- .../element/values-synapse-web.yaml.gotmpl | 3 +- .../apps/element/values-synapse.yaml.gotmpl | 3 +- .../element/values-well-known.yaml.gotmpl | 3 +- .../apps/intercom-service/values.yaml.gotmpl | 3 +- helmfile/apps/jitsi/values-jitsi.yaml.gotmpl | 18 +++++++---- .../values-nextcloud-mgmt.yaml.gotmpl | 3 +- .../nextcloud/values-nextcloud.yaml.gotmpl | 17 ++++++----- .../open-xchange/values-dovecot.yaml.gotmpl | 3 +- .../values-openxchange.yaml.gotmpl | 30 ++++++++++++------- .../openproject-bootstrap/values.yaml.gotmpl | 3 +- helmfile/apps/openproject/values.yaml.gotmpl | 3 +- .../values-oxconnector.yaml.gotmpl | 3 +- .../values-clamav-distributed.yaml.gotmpl | 15 ++++++---- .../services/values-clamav-simple.yaml.gotmpl | 3 +- .../apps/services/values-mariadb.yaml.gotmpl | 3 +- .../services/values-memcached.yaml.gotmpl | 3 +- .../apps/services/values-minio.yaml.gotmpl | 5 ++-- .../apps/services/values-postfix.yaml.gotmpl | 3 +- .../services/values-postgresql.yaml.gotmpl | 3 +- .../apps/services/values-redis.yaml.gotmpl | 3 +- ...ues-guardian-authorization-api.yaml.gotmpl | 3 +- ...values-guardian-management-api.yaml.gotmpl | 3 +- .../values-guardian-management-ui.yaml.gotmpl | 3 +- .../values-ldap-notifier.yaml.gotmpl | 3 +- .../values-ldap-server.yaml.gotmpl | 3 +- .../values-notifications-api.yaml.gotmpl | 3 +- .../values-open-policy-agent.yaml.gotmpl | 3 +- ...es-opendesk-keycloak-bootstrap.yaml.gotmpl | 3 +- .../values-portal-frontend.yaml.gotmpl | 3 +- .../values-portal-listener.yaml.gotmpl | 3 +- .../values-portal-server.yaml.gotmpl | 3 +- .../values-selfservice-listener.yaml.gotmpl | 3 +- .../values-stack-data-swp.yaml.gotmpl | 3 +- .../values-stack-data-ums.yaml.gotmpl | 3 +- .../values-store-dav.yaml.gotmpl | 3 +- .../values-udm-rest-api.yaml.gotmpl | 3 +- .../values-umc-gateway.yaml.gotmpl | 3 +- .../values-umc-server.yaml.gotmpl | 3 +- .../values-ums-keycloak-bootstrap.yaml.gotmpl | 3 +- ...values-ums-keycloak-extensions.yaml.gotmpl | 6 ++-- .../values-ums-keycloak.yaml.gotmpl | 3 +- .../values-ums-stack-gateway.yaml.gotmpl | 3 +- helmfile/apps/xwiki/values.yaml.gotmpl | 3 +- 53 files changed, 157 insertions(+), 83 deletions(-) diff --git a/helmfile/apps/collabora/values.yaml.gotmpl b/helmfile/apps/collabora/values.yaml.gotmpl index c89334a8..aec3d8ce 100644 --- a/helmfile/apps/collabora/values.yaml.gotmpl +++ b/helmfile/apps/collabora/values.yaml.gotmpl @@ -19,9 +19,9 @@ grafana: dashboards: enabled: {{ .Values.grafana.dashboards.enabled }} labels: - {{- toYaml .Values.grafana.dashboards.labels | nindent 6 }} + {{ .Values.grafana.dashboards.labels | toYaml | nindent 6 }} annotations: - {{- toYaml .Values.grafana.dashboards.annotations | nindent 6 }} + {{ .Values.grafana.dashboards.annotations | toYaml | nindent 6 }} image: repository: "{{ .Values.global.imageRegistry | default .Values.images.collabora.registry }}/{{ .Values.images.collabora.repository }}" @@ -90,11 +90,11 @@ prometheus: servicemonitor: enabled: {{ .Values.prometheus.serviceMonitors.enabled }} labels: - {{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }} + {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 6 }} rules: enabled: {{ .Values.prometheus.prometheusRules.enabled }} additionalLabels: - {{- toYaml .Values.prometheus.prometheusRules.labels | nindent 6 }} + {{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 6 }} replicaCount: {{ .Values.replicas.collabora }} @@ -126,7 +126,8 @@ securityContext: - "NET_RAW" - "SYS_CHROOT" - "MKNOD" - seLinuxOptions: {{ .Values.seLinuxOptions.collabora }} + seLinuxOptions: + {{ .Values.seLinuxOptions.collabora | toYaml | nindent 4 }} serviceAccount: create: true ... diff --git a/helmfile/apps/cryptpad/values.yaml.gotmpl b/helmfile/apps/cryptpad/values.yaml.gotmpl index 3a71f900..65085cab 100644 --- a/helmfile/apps/cryptpad/values.yaml.gotmpl +++ b/helmfile/apps/cryptpad/values.yaml.gotmpl @@ -70,7 +70,8 @@ securityContext: runAsNonRoot: true runAsUser: 4001 runAsGroup: 4001 - seLinuxOptions: {{ .Values.seLinuxOptions.cryptpad }} + seLinuxOptions: + {{ .Values.seLinuxOptions.cryptpad | toYaml | nindent 4 }} serviceAccount: create: true diff --git a/helmfile/apps/element/values-element.yaml.gotmpl b/helmfile/apps/element/values-element.yaml.gotmpl index ea59361e..5825a407 100644 --- a/helmfile/apps/element/values-element.yaml.gotmpl +++ b/helmfile/apps/element/values-element.yaml.gotmpl @@ -107,7 +107,8 @@ containerSecurityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.element }} + seLinuxOptions: + {{ .Values.seLinuxOptions.element | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl b/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl index 55195f71..db12935a 100644 --- a/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl @@ -14,7 +14,8 @@ containerSecurityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.matrixNeoBoardWidget }} + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoBoardWidget | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl b/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl index ec614789..34cf7c41 100644 --- a/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl @@ -14,7 +14,8 @@ containerSecurityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.matrixNeoChoiceWidget }} + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoChoiceWidget | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl b/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl index a8f1af9a..49b3f9ae 100644 --- a/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl @@ -35,6 +35,7 @@ securityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.synapseCreateUser }} + seLinuxOptions: + {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl index c76fbcbb..c97873fb 100644 --- a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl @@ -35,7 +35,8 @@ containerSecurityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.matrixNeoDateFixBot }} + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoDateFixBot | toYaml | nindent 4 }} extraEnvVars: - name: "ACCESS_TOKEN" diff --git a/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl b/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl index 564a56af..79fc0c10 100644 --- a/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl @@ -18,7 +18,8 @@ containerSecurityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.matrixNeoDateFixWidget }} + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoDateFixWidget | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl b/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl index 8f8c2fba..fbac759f 100644 --- a/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl @@ -35,5 +35,6 @@ securityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.synapseCreateUser }} + seLinuxOptions: + {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl b/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl index ca23138c..57eec944 100644 --- a/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl @@ -14,7 +14,8 @@ containerSecurityContext: runAsUser: 0 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.matrixUserVerificationService }} + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixUserVerificationService | toYaml | nindent 4 }} extraEnvVars: - name: "UVS_ACCESS_TOKEN" diff --git a/helmfile/apps/element/values-synapse-web.yaml.gotmpl b/helmfile/apps/element/values-synapse-web.yaml.gotmpl index 271736bf..6499a6cb 100644 --- a/helmfile/apps/element/values-synapse-web.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse-web.yaml.gotmpl @@ -14,7 +14,8 @@ containerSecurityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.synapseWeb }} + seLinuxOptions: + {{ .Values.seLinuxOptions.synapseWeb | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/element/values-synapse.yaml.gotmpl b/helmfile/apps/element/values-synapse.yaml.gotmpl index 4f815a4e..47dfb325 100644 --- a/helmfile/apps/element/values-synapse.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse.yaml.gotmpl @@ -79,7 +79,8 @@ containerSecurityContext: runAsGroup: 10991 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.synapse }} + seLinuxOptions: + {{ .Values.seLinuxOptions.synapse | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/element/values-well-known.yaml.gotmpl b/helmfile/apps/element/values-well-known.yaml.gotmpl index 4fd861ba..0ee057bc 100644 --- a/helmfile/apps/element/values-well-known.yaml.gotmpl +++ b/helmfile/apps/element/values-well-known.yaml.gotmpl @@ -18,7 +18,8 @@ containerSecurityContext: runAsUser: 101 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.wellKnown }} + seLinuxOptions: + {{ .Values.seLinuxOptions.wellKnown | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/intercom-service/values.yaml.gotmpl b/helmfile/apps/intercom-service/values.yaml.gotmpl index de502176..f8fb2286 100644 --- a/helmfile/apps/intercom-service/values.yaml.gotmpl +++ b/helmfile/apps/intercom-service/values.yaml.gotmpl @@ -14,7 +14,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.intercom }} + seLinuxOptions: + {{ .Values.seLinuxOptions.intercom | toYaml | nindent 4 }} global: domain: {{ .Values.global.domain | quote }} diff --git a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl index 4e836ded..2c303d89 100644 --- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl +++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl @@ -23,7 +23,8 @@ containerSecurityContext: runAsUser: 1993 runAsGroup: 1993 runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.jitsiKeycloakAdapter }} + seLinuxOptions: + {{ .Values.seLinuxOptions.jitsiKeycloakAdapter | toYaml | nindent 4 }} cleanup: deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} @@ -75,7 +76,8 @@ jitsi: runAsUser: 0 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.jitsi }} + seLinuxOptions: + {{ .Values.seLinuxOptions.jitsi | toYaml | nindent 8 }} prosody: image: repository: "{{ .Values.global.imageRegistry | default .Values.images.prosody.registry }}/{{ .Values.images.prosody.repository }}" @@ -123,7 +125,8 @@ jitsi: runAsUser: 0 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.prosody }} + seLinuxOptions: + {{ .Values.seLinuxOptions.prosody | toYaml | nindent 8 }} jicofo: replicaCount: {{ .Values.replicas.jicofo }} image: @@ -145,7 +148,8 @@ jitsi: runAsUser: 0 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.jicofo }} + seLinuxOptions: + {{ .Values.seLinuxOptions.jicofo | toYaml | nindent 8 }} jvb: replicaCount: {{ .Values.replicas.jvb }} image: @@ -168,7 +172,8 @@ jitsi: runAsUser: 0 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.jvb }} + seLinuxOptions: + {{ .Values.seLinuxOptions.jvb | toYaml | nindent 8 }} jibri: replicaCount: {{ .Values.replicas.jibri }} image: @@ -206,7 +211,8 @@ patchJVB: runAsNonRoot: true seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.jitsiPatchJVB }} + seLinuxOptions: + {{ .Values.seLinuxOptions.jitsiPatchJVB | toYaml | nindent 6 }} image: imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} registry: {{ .Values.global.imageRegistry | default .Values.images.jitsiPatchJVB.registry | quote }} diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index 10381d48..941fc546 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -95,7 +95,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: false runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.nextcloudManagement }} + seLinuxOptions: + {{ .Values.seLinuxOptions.nextcloudManagement | toYaml | nindent 4 }} debug: loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"1"{{ end }} diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl index 57697df9..382ee354 100644 --- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl @@ -25,7 +25,8 @@ exporter: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.nextcloudExporter }} + seLinuxOptions: + {{ .Values.seLinuxOptions.nextcloudExporter | toYaml | nindent 6 }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.nextcloudExporter.registry | quote }} repository: "{{ .Values.images.nextcloudExporter.repository }}" @@ -35,11 +36,11 @@ exporter: serviceMonitor: enabled: {{ .Values.prometheus.serviceMonitors.enabled }} labels: - {{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 8 }} + {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} prometheusRule: enabled: {{ .Values.prometheus.prometheusRules.enabled }} additionalLabels: - {{- toYaml .Values.prometheus.prometheusRules.labels | nindent 8 }} + {{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 8 }} replicaCount: {{ .Values.replicas.nextcloudExporter }} resources: {{ .Values.resources.nextcloudExporter | toYaml | nindent 4 }} @@ -78,7 +79,8 @@ php: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.nextcloudPHP }} + seLinuxOptions: + {{ .Values.seLinuxOptions.nextcloudPHP | toYaml | nindent 6 }} cron: successfulJobsHistoryLimit: {{ if .Values.debug.enabled }}"3"{{ else }}"0"{{ end }} debug: @@ -92,11 +94,11 @@ php: serviceMonitor: enabled: {{ .Values.prometheus.serviceMonitors.enabled }} labels: - {{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 8 }} + {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 8 }} prometheusRule: enabled: {{ .Values.prometheus.prometheusRules.enabled }} additionalLabels: - {{- toYaml .Values.prometheus.prometheusRules.labels | nindent 8 }} + {{ .Values.prometheus.prometheusRules.labels | toYaml | nindent 8 }} replicaCount: {{ .Values.replicas.nextcloudPHP }} resources: {{ .Values.resources.nextcloudPHP | toYaml | nindent 4 }} @@ -118,7 +120,8 @@ apache2: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.nextcloudApache2 }} + seLinuxOptions: + {{ .Values.seLinuxOptions.nextcloudApache2 | toYaml | nindent 6 }} ingress: enabled: {{ .Values.ingress.enabled }} ingressClassName: {{ .Values.ingress.ingressClassName | quote }} diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index 6dc15720..1f943b28 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -66,7 +66,8 @@ containerSecurityContext: readOnlyRootFilesystem: true seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.dovecot }} + seLinuxOptions: + {{ .Values.seLinuxOptions.dovecot | toYaml | nindent 4 }} podSecurityContext: enabled: true diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index 9bb8b68c..8f301b29 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -40,7 +40,8 @@ nextcloud-integration-ui: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeNextcloudIntegrationUI }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeNextcloudIntegrationUI | toYaml | nindent 6 }} public-sector-ui: image: @@ -67,7 +68,8 @@ public-sector-ui: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangePublicSectorUI }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangePublicSectorUI | toYaml | nindent 6 }} appsuite: appsuite-toolkit: @@ -131,7 +133,8 @@ appsuite: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeGotenberg }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeGotenberg | toYaml | nindent 10 }} hooks: beforeAppsuiteStart: create-guard-dir.sh: | @@ -356,7 +359,8 @@ appsuite: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreUI }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeCoreUI | toYaml | nindent 8 }} core-ui-middleware: enabled: true @@ -398,7 +402,8 @@ appsuite: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreUIMiddleware }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeCoreUIMiddleware | toYaml | nindent 8 }} core-cacheservice: enabled: false @@ -428,7 +433,8 @@ appsuite: - "ALL" seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeDocumentConverter }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeDocumentConverter | toYaml | nindent 8 }} core-documents-collaboration: enabled: false @@ -470,7 +476,8 @@ appsuite: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreGuidedtours }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeCoreGuidedtours | toYaml | nindent 8 }} core-imageconverter: enabled: true @@ -500,7 +507,8 @@ appsuite: - "ALL" seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeImageConverter }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeImageConverter | toYaml | nindent 8 }} guard-ui: enabled: true @@ -526,7 +534,8 @@ appsuite: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeGuardUI }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeGuardUI | toYaml | nindent 8 }} core-spellcheck: enabled: false @@ -555,5 +564,6 @@ appsuite: privileged: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.openxchangeCoreUserGuide }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openxchangeCoreUserGuide | toYaml | nindent 8 }} ... diff --git a/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl b/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl index 949f8035..8570dc39 100644 --- a/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl +++ b/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl @@ -38,7 +38,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.openprojectBootstrap }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openprojectBootstrap | toYaml | nindent 4 }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.openprojectBootstrap.registry | quote }} diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl index 698e22d0..f8855baf 100644 --- a/helmfile/apps/openproject/values.yaml.gotmpl +++ b/helmfile/apps/openproject/values.yaml.gotmpl @@ -20,7 +20,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.openproject }} + seLinuxOptions: + {{ .Values.seLinuxOptions.openproject | toYaml | nindent 4 }} environment: # For more details and more options see diff --git a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl index 16ac437e..985ef269 100644 --- a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl +++ b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl @@ -85,7 +85,8 @@ securityContext: runAsGroup: 0 runAsNonRoot: false readOnlyRootFilesystem: false - seLinuxOptions: {{ .Values.seLinuxOptions.oxConnector }} + seLinuxOptions: + {{ .Values.seLinuxOptions.oxConnector | toYaml | nindent 4 }} serviceAccount: create: true diff --git a/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl b/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl index 0a9ffd65..44a0e8e2 100644 --- a/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl +++ b/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl @@ -15,7 +15,8 @@ clamd: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.clamd }} + seLinuxOptions: + {{ .Values.seLinuxOptions.clamd | toYaml | nindent 6 }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.clamd.registry | quote }} repository: {{ .Values.images.clamd.repository | quote }} @@ -41,7 +42,8 @@ containerSecurityContext: capabilities: drop: [] privileged: false - seLinuxOptions: {{ .Values.seLinuxOptions.clamav }} + seLinuxOptions: + {{ .Values.seLinuxOptions.clamav | toYaml | nindent 4 }} freshclam: containerSecurityContext: @@ -57,7 +59,8 @@ freshclam: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.freshclam }} + seLinuxOptions: + {{ .Values.seLinuxOptions.freshclam | toYaml | nindent 6 }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.freshclam.registry | quote }} repository: {{ .Values.images.freshclam.repository | quote }} @@ -89,7 +92,8 @@ icap: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.icap }} + seLinuxOptions: + {{ .Values.seLinuxOptions.icap | toYaml | nindent 6 }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.icap.registry | quote }} repository: {{ .Values.images.icap.repository | quote }} @@ -117,7 +121,8 @@ milter: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.milter }} + seLinuxOptions: + {{ .Values.seLinuxOptions.milter | toYaml | nindent 6 }} image: registry: {{ .Values.global.imageRegistry | default .Values.images.milter.registry | quote }} repository: {{ .Values.images.milter.repository | quote }} diff --git a/helmfile/apps/services/values-clamav-simple.yaml.gotmpl b/helmfile/apps/services/values-clamav-simple.yaml.gotmpl index e60d00f5..a50f1108 100644 --- a/helmfile/apps/services/values-clamav-simple.yaml.gotmpl +++ b/helmfile/apps/services/values-clamav-simple.yaml.gotmpl @@ -14,7 +14,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.clamavSimple }} + seLinuxOptions: + {{ .Values.seLinuxOptions.clamavSimple | toYaml | nindent 4 }} global: imagePullSecrets: diff --git a/helmfile/apps/services/values-mariadb.yaml.gotmpl b/helmfile/apps/services/values-mariadb.yaml.gotmpl index 3f5362a3..ebcba547 100644 --- a/helmfile/apps/services/values-mariadb.yaml.gotmpl +++ b/helmfile/apps/services/values-mariadb.yaml.gotmpl @@ -17,7 +17,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.mariadb }} + seLinuxOptions: + {{ .Values.seLinuxOptions.mariadb | toYaml | nindent 4 }} global: imagePullSecrets: diff --git a/helmfile/apps/services/values-memcached.yaml.gotmpl b/helmfile/apps/services/values-memcached.yaml.gotmpl index a4ec0a72..fe43257b 100644 --- a/helmfile/apps/services/values-memcached.yaml.gotmpl +++ b/helmfile/apps/services/values-memcached.yaml.gotmpl @@ -16,7 +16,8 @@ containerSecurityContext: seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: true - seLinuxOptions: {{ .Values.seLinuxOptions.memcached }} + seLinuxOptions: + {{ .Values.seLinuxOptions.memcached | toYaml | nindent 4 }} global: imagePullSecrets: diff --git a/helmfile/apps/services/values-minio.yaml.gotmpl b/helmfile/apps/services/values-minio.yaml.gotmpl index c73d57bf..db6fc5bd 100644 --- a/helmfile/apps/services/values-minio.yaml.gotmpl +++ b/helmfile/apps/services/values-minio.yaml.gotmpl @@ -29,7 +29,8 @@ containerSecurityContext: readOnlyRootFilesystem: false seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.minio }} + seLinuxOptions: + {{ .Values.seLinuxOptions.minio | toYaml | nindent 4 }} defaultBuckets: "openproject,openxchange,ums,nextcloud" @@ -68,7 +69,7 @@ metrics: serviceMonitor: enabled: {{ .Values.prometheus.serviceMonitors.enabled }} additionalLabels: - {{- toYaml .Values.prometheus.serviceMonitors.labels | nindent 6 }} + {{ .Values.prometheus.serviceMonitors.labels | toYaml | nindent 6 }} networkPolicy: enabled: false diff --git a/helmfile/apps/services/values-postfix.yaml.gotmpl b/helmfile/apps/services/values-postfix.yaml.gotmpl index 7001bb15..2e3ea506 100644 --- a/helmfile/apps/services/values-postfix.yaml.gotmpl +++ b/helmfile/apps/services/values-postfix.yaml.gotmpl @@ -17,7 +17,8 @@ containerSecurityContext: runAsUser: 0 runAsGroup: 0 privileged: true - seLinuxOptions: {{ .Values.seLinuxOptions.postfix }} + seLinuxOptions: + {{ .Values.seLinuxOptions.postfix | toYaml | nindent 4 }} global: imagePullSecrets: diff --git a/helmfile/apps/services/values-postgresql.yaml.gotmpl b/helmfile/apps/services/values-postgresql.yaml.gotmpl index b44c26cf..c0cf5328 100644 --- a/helmfile/apps/services/values-postgresql.yaml.gotmpl +++ b/helmfile/apps/services/values-postgresql.yaml.gotmpl @@ -14,7 +14,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.postgresql }} + seLinuxOptions: + {{ .Values.seLinuxOptions.postgresql | toYaml | nindent 4 }} job: diff --git a/helmfile/apps/services/values-redis.yaml.gotmpl b/helmfile/apps/services/values-redis.yaml.gotmpl index 55952964..9ab57c1c 100644 --- a/helmfile/apps/services/values-redis.yaml.gotmpl +++ b/helmfile/apps/services/values-redis.yaml.gotmpl @@ -30,7 +30,8 @@ master: capabilities: drop: - "ALL" - seLinuxOptions: {{ .Values.seLinuxOptions.redis }} + seLinuxOptions: + {{ .Values.seLinuxOptions.redis | toYaml | nindent 6 }} count: {{ .Values.replicas.redis }} persistence: size: {{ .Values.persistence.size.redis | quote }} diff --git a/helmfile/apps/univention-management-stack/values-guardian-authorization-api.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-guardian-authorization-api.yaml.gotmpl index 076d7263..58759300 100644 --- a/helmfile/apps/univention-management-stack/values-guardian-authorization-api.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-guardian-authorization-api.yaml.gotmpl @@ -55,6 +55,7 @@ securityContext: runAsGroup: 1000 runAsNonRoot: true readOnlyRootFilesystem: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsGuardianAuthorizationApi }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsGuardianAuthorizationApi | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-guardian-management-api.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-guardian-management-api.yaml.gotmpl index b01d166f..df93cb64 100644 --- a/helmfile/apps/univention-management-stack/values-guardian-management-api.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-guardian-management-api.yaml.gotmpl @@ -73,6 +73,7 @@ securityContext: runAsGroup: 1000 runAsNonRoot: true readOnlyRootFilesystem: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsGuardianManagementApi }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsGuardianManagementApi | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-guardian-management-ui.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-guardian-management-ui.yaml.gotmpl index fdc2043b..08704e78 100644 --- a/helmfile/apps/univention-management-stack/values-guardian-management-ui.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-guardian-management-ui.yaml.gotmpl @@ -46,6 +46,7 @@ securityContext: runAsGroup: 0 runAsNonRoot: false readOnlyRootFilesystem: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsGuardianManagementUi }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsGuardianManagementUi | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-ldap-notifier.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ldap-notifier.yaml.gotmpl index 431213d3..6d146395 100644 --- a/helmfile/apps/univention-management-stack/values-ldap-notifier.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-ldap-notifier.yaml.gotmpl @@ -27,7 +27,8 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsLdapNotifier }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsLdapNotifier | toYaml | nindent 4 }} volumes: claims: diff --git a/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl index 9328883f..08fb9962 100644 --- a/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-ldap-server.yaml.gotmpl @@ -76,7 +76,8 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsLdapServer }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsLdapServer | toYaml | nindent 4 }} service: type: "ClusterIP" diff --git a/helmfile/apps/univention-management-stack/values-notifications-api.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-notifications-api.yaml.gotmpl index 7cdc5e38..d65fb975 100644 --- a/helmfile/apps/univention-management-stack/values-notifications-api.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-notifications-api.yaml.gotmpl @@ -44,6 +44,7 @@ securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsNotificationsApi }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsNotificationsApi | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-open-policy-agent.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-open-policy-agent.yaml.gotmpl index 2e440c88..26de7ad7 100644 --- a/helmfile/apps/univention-management-stack/values-open-policy-agent.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-open-policy-agent.yaml.gotmpl @@ -46,6 +46,7 @@ securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.umsOpenPolicyAgent }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsOpenPolicyAgent | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl index 001c7365..8698bfc5 100644 --- a/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl @@ -597,7 +597,8 @@ containerSecurityContext: type: "RuntimeDefault" readOnlyRootFilesystem: true runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.opendeskKeycloakBootstrap }} + seLinuxOptions: + {{ .Values.seLinuxOptions.opendeskKeycloakBootstrap | toYaml | nindent 4 }} podAnnotations: intents.otterize.com/service-name: "ums-keycloak-bootstrap" diff --git a/helmfile/apps/univention-management-stack/values-portal-frontend.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-frontend.yaml.gotmpl index 6146b405..f660c28b 100644 --- a/helmfile/apps/univention-management-stack/values-portal-frontend.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-portal-frontend.yaml.gotmpl @@ -112,5 +112,6 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsPortalFrontend }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsPortalFrontend | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl index 288ccb73..0fa45bc6 100644 --- a/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl @@ -79,6 +79,7 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsPortalListener }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl index 8c848b51..0c3dc1e3 100644 --- a/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl @@ -56,6 +56,7 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsPortalServer }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsPortalServer | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-selfservice-listener.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-selfservice-listener.yaml.gotmpl index 14b11cfc..d1cb2c03 100644 --- a/helmfile/apps/univention-management-stack/values-selfservice-listener.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-selfservice-listener.yaml.gotmpl @@ -73,6 +73,7 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsSelfserviceListener }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsSelfserviceListener | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-stack-data-swp.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-swp.yaml.gotmpl index c67ca381..9183a521 100644 --- a/helmfile/apps/univention-management-stack/values-stack-data-swp.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-stack-data-swp.yaml.gotmpl @@ -29,7 +29,8 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsDataLoader }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsDataLoader | toYaml | nindent 4 }} stackDataContext: ldapBase: "dc=swp-ldap,dc=internal" diff --git a/helmfile/apps/univention-management-stack/values-stack-data-ums.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-ums.yaml.gotmpl index 5fed9312..fc622e48 100644 --- a/helmfile/apps/univention-management-stack/values-stack-data-ums.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.yaml.gotmpl @@ -29,7 +29,8 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsDataLoader }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsDataLoader | toYaml | nindent 4 }} stackDataContext: idpSamlMetadataUrlInternal: null diff --git a/helmfile/apps/univention-management-stack/values-store-dav.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-store-dav.yaml.gotmpl index 560cd975..8a0b85bd 100644 --- a/helmfile/apps/univention-management-stack/values-store-dav.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-store-dav.yaml.gotmpl @@ -53,7 +53,8 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsStoreDav }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsStoreDav | toYaml | nindent 4 }} storeDav: auth: diff --git a/helmfile/apps/univention-management-stack/values-udm-rest-api.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-udm-rest-api.yaml.gotmpl index 31d5b5be..46524b9e 100644 --- a/helmfile/apps/univention-management-stack/values-udm-rest-api.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-udm-rest-api.yaml.gotmpl @@ -53,7 +53,8 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsUdmRestApi }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsUdmRestApi | toYaml | nindent 4 }} udmRestApi: # TODO: Stub value currently diff --git a/helmfile/apps/univention-management-stack/values-umc-gateway.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umc-gateway.yaml.gotmpl index 4b8a861a..54ed47d5 100644 --- a/helmfile/apps/univention-management-stack/values-umc-gateway.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umc-gateway.yaml.gotmpl @@ -58,6 +58,7 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsUmcGateway }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsUmcGateway | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl index cc06808c..67ee1d80 100644 --- a/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-umc-server.yaml.gotmpl @@ -94,7 +94,8 @@ securityContext: runAsUser: 0 runAsGroup: 0 runAsNonRoot: false - seLinuxOptions: {{ .Values.seLinuxOptions.umsUmcServer }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 4 }} umcServer: certPemFile: "/var/secrets/ssl/tls.crt" diff --git a/helmfile/apps/univention-management-stack/values-ums-keycloak-bootstrap.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ums-keycloak-bootstrap.yaml.gotmpl index ae8abc61..69b029a3 100644 --- a/helmfile/apps/univention-management-stack/values-ums-keycloak-bootstrap.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-ums-keycloak-bootstrap.yaml.gotmpl @@ -66,7 +66,8 @@ containerSecurityContext: runAsUser: 1000 seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakBootstrap }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsKeycloakBootstrap | toYaml | nindent 4 }} podAnnotations: intents.otterize.com/service-name: "ums-keycloak-bootstrap" diff --git a/helmfile/apps/univention-management-stack/values-ums-keycloak-extensions.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ums-keycloak-extensions.yaml.gotmpl index 80d6e338..bc6768ac 100644 --- a/helmfile/apps/univention-management-stack/values-ums-keycloak-extensions.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-ums-keycloak-extensions.yaml.gotmpl @@ -48,7 +48,8 @@ handler: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsKeycloakExtensionHandler | toYaml | nindent 6 }} resources: {{ .Values.resources.umsKeycloakExtensionHandler | toYaml | nindent 4 }} postgresql: @@ -103,7 +104,8 @@ proxy: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsKeycloakExtensionProxy | toYaml | nindent 6 }} resources: {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 4 }} ... diff --git a/helmfile/apps/univention-management-stack/values-ums-keycloak.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ums-keycloak.yaml.gotmpl index ae57100a..892dce02 100644 --- a/helmfile/apps/univention-management-stack/values-ums-keycloak.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-ums-keycloak.yaml.gotmpl @@ -44,7 +44,8 @@ containerSecurityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true - seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloak }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsKeycloak | toYaml | nindent 4 }} podSecurityContext: fsGroup: 1000 diff --git a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl index 541994a2..3dd550ed 100644 --- a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl +++ b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.yaml.gotmpl @@ -45,7 +45,8 @@ containerSecurityContext: - "ALL" seccompProfile: type: "RuntimeDefault" - seLinuxOptions: {{ .Values.seLinuxOptions.umsStackGateway }} + seLinuxOptions: + {{ .Values.seLinuxOptions.umsStackGateway | toYaml | nindent 4 }} service: type: "ClusterIP" diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl index 1b58bb82..d7a9b0e0 100644 --- a/helmfile/apps/xwiki/values.yaml.gotmpl +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -36,7 +36,8 @@ containerSecurityContext: seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: false - seLinuxOptions: {{ .Values.seLinuxOptions.xwiki }} + seLinuxOptions: + {{ .Values.seLinuxOptions.xwiki | toYaml | nindent 4 }} customConfigs: xwiki.cfg: