sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7348547d9602edb2f52c73d26749c4a4d8aadd91
opendesk/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl
Dominik Kaminski 7348547d96 feat(helmfile): Add fine-granular registry overwrites
2024-08-29 10:43:55 +00:00

154 lines
4.7 KiB
Go Template
Raw Blame History

{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
clamd:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 100
runAsGroup: 101
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.clamd | toYaml | nindent 6 }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.clamd.registry | quote }}
repository: {{ .Values.images.clamd.repository | quote }}
tag: {{ .Values.images.clamd.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.clamd }}
resources:
{{ .Values.resources.clamd | toYaml | nindent 4 }}
containerSecurityContext:
allowPrivilegeEscalation: false
enabled: true
readOnlyRootFilesystem: true
runAsUser: 0
runAsGroup: 0
seccompProfile:
type: "RuntimeDefault"
runAsNonRoot: false
capabilities:
drop: []
privileged: false
seLinuxOptions:
{{ .Values.seLinuxOptions.clamav | toYaml | nindent 4 }}
freshclam:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 100
runAsGroup: 101
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.freshclam | toYaml | nindent 6 }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.freshclam.registry | quote }}
repository: {{ .Values.images.freshclam.repository | quote }}
tag: {{ .Values.images.freshclam.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.freshclam }}
resources:
{{ .Values.resources.freshclam | toYaml | nindent 4 }}
settings:
database:
auth:
{{ .Values.repositories.clamav.auth | toYaml | nindent 8 }}
mirror:
scheme: {{ .Values.repositories.clamav.mirror.scheme | quote }}
url: {{ .Values.repositories.clamav.mirror.url | quote }}
customURLs:
{{ .Values.repositories.clamav.customURLs | toYaml | nindent 8 }}
global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
icap:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
runAsUser: 100
runAsGroup: 101
privileged: false
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.icap | toYaml | nindent 6 }}
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.icap.registry | quote }}
repository: {{ .Values.images.icap.repository | quote }}
tag: {{ .Values.images.icap.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.icap }}
resources:
{{ .Values.resources.icap | toYaml | nindent 4 }}
milter:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
runAsUser: 100
runAsGroup: 101
privileged: false
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.milter | toYaml | nindent 6 }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.milter.registry | quote }}
repository: {{ .Values.images.milter.repository | quote }}
tag: {{ .Values.images.milter.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.milter }}
resources:
{{ .Values.resources.milter | toYaml | nindent 4 }}
persistence:
storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }}
size: {{ .Values.persistence.size.clamav | quote }}
...
Reference in New Issue View Git Blame Copy Permalink