From ca4b1da84f8574af1f59dfd168c6cacd039a3d12 Mon Sep 17 00:00:00 2001 From: Dominik Kaminski Date: Sun, 3 Sep 2023 22:15:04 +0200 Subject: [PATCH] chore(helmfile): Fix linting errors for yamllint --- .gitlab-ci.yml | 1 + README.md | 19 +++++++++---------- helmfile/apps/nextcloud/helmfile.yaml | 2 ++ helmfile/apps/nextcloud/values-nextcloud.yaml | 4 ++-- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a20ef3b0..cfb71aee 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -463,6 +463,7 @@ generate-release-assets: - when: "never" script: - | + # yamllint disable-line rule:line-length git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/bmi/souveraener_arbeitsplatz/tooling/opendesk-asset-generator cd opendesk-asset-generator export OPENDESK_DEPLOYMENT_AUTOMATION_PATH=${CI_PROJECT_DIR} diff --git a/README.md b/README.md index 6053f162..caf47ef6 100644 --- a/README.md +++ b/README.md @@ -311,16 +311,15 @@ actual scalability of the components (see column `Scales at least to 2`). This list gives you an overview of default security settings and if they comply with security standards: -| Component | Process | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup | -|------------|------------|------------------------------------|----------------------------------------------------------|-----------------------------------|---------------------------------|-----------------------|-----------|------------|---------| -| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | -| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | -| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | -| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | -| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 | -| Postfix | postfix | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | | | 101 | -| | | | `DAC_OVERRIDE, FOWNER, SETUID, SETGID, NET_BIND_SERVICE` | | | | | | | -| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 | +| Component | Process | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup | +|------------|------------|:-----------------------------------:|:----------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:| +| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | +| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | +| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | +| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | +| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 | +| Postfix | postfix | :white_check_mark: | :x: (`DAC_OVERRIDE`, `FOWNER`, `SETUID`, `SETGID`, `NET_BIND_SERVICE`) | :white_check_mark: | :x: | :x: | - | - | 101 | +| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 | # Component integration diff --git a/helmfile/apps/nextcloud/helmfile.yaml b/helmfile/apps/nextcloud/helmfile.yaml index 05aa8398..0ac2c639 100644 --- a/helmfile/apps/nextcloud/helmfile.yaml +++ b/helmfile/apps/nextcloud/helmfile.yaml @@ -5,8 +5,10 @@ repositories: - name: "opendesk-nextcloud-bootstrap-repo" oci: true url: >- + # yamllint disable rule:line-length {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }} + # yamllint enable rule:line-length - name: "nextcloud-repo" url: >- {{ env "PRIVATE_CHART_REPOSITORY_URL" | diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml b/helmfile/apps/nextcloud/values-nextcloud.yaml index c8eeccc7..cc747e1c 100644 --- a/helmfile/apps/nextcloud/values-nextcloud.yaml +++ b/helmfile/apps/nextcloud/values-nextcloud.yaml @@ -23,8 +23,8 @@ cronjob: ingress: annotations: - nginx.ingress.kubernetes.io/proxy-body-size: 4G - nginx.org/client-max-body-size: 4G + nginx.ingress.kubernetes.io/proxy-body-size: "4G" + nginx.org/client-max-body-size: "4G" internalDatabase: enabled: false