mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
chore(helmfile): Fix linting errors for yamllint
This commit is contained in:
Dominik Kaminski
@@ -463,6 +463,7 @@ generate-release-assets:
|
||||
- when: "never"
|
||||
script:
|
||||
- |
|
||||
# yamllint disable-line rule:line-length
|
||||
git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/bmi/souveraener_arbeitsplatz/tooling/opendesk-asset-generator
|
||||
cd opendesk-asset-generator
|
||||
export OPENDESK_DEPLOYMENT_AUTOMATION_PATH=${CI_PROJECT_DIR}
|
||||
|
||||
19
README.md
19
README.md
@@ -311,16 +311,15 @@ actual scalability of the components (see column `Scales at least to 2`).
|
||||
This list gives you an overview of default security settings and if they comply with security standards:
|
||||
|
||||
|
||||
| Component | Process | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|------------|------------|------------------------------------|----------------------------------------------------------|-----------------------------------|---------------------------------|-----------------------|-----------|------------|---------|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Postfix | postfix | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | | | 101 |
|
||||
| | | | `DAC_OVERRIDE, FOWNER, SETUID, SETGID, NET_BIND_SERVICE` | | | | | | |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Component | Process | allowPrivilegeEscalation (`false`) | capabilities (`drop: ALL`) | seccompProfile (`RuntimeDefault`) | readOnlyRootFilesystem (`true`) | runAsNonRoot (`true`) | runAsUser | runAsGroup | fsGroup |
|
||||
|------------|------------|:-----------------------------------:|:----------------------------------------------------------------------:|:---------------------------------:|:-------------------------------:|:---------------------:|:---------:|:----------:|:-------:|
|
||||
| ClamAV | clamd | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | freshclam | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| MariaDB | mariadb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
| Postfix | postfix | :white_check_mark: | :x: (`DAC_OVERRIDE`, `FOWNER`, `SETUID`, `SETGID`, `NET_BIND_SERVICE`) | :white_check_mark: | :x: | :x: | - | - | 101 |
|
||||
| PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 |
|
||||
|
||||
|
||||
# Component integration
|
||||
|
||||
@@ -5,8 +5,10 @@ repositories:
|
||||
- name: "opendesk-nextcloud-bootstrap-repo"
|
||||
oci: true
|
||||
url: >-
|
||||
# yamllint disable rule:line-length
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
|
||||
"external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
- name: "nextcloud-repo"
|
||||
url: >-
|
||||
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
|
||||
|
||||
@@ -23,8 +23,8 @@ cronjob:
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 4G
|
||||
nginx.org/client-max-body-size: 4G
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "4G"
|
||||
nginx.org/client-max-body-size: "4G"
|
||||
|
||||
internalDatabase:
|
||||
enabled: false
|
||||
|
||||
Reference in New Issue
Block a user