sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c8801b49a62bb7c9b91e43e3d59b726524609b8f
opendesk/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl

143 lines
4.1 KiB
Go Template
Raw Blame History

# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
clamd:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 100
runAsGroup: 101
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.clamd | toYaml | nindent 6 }}
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.clamd.registry | quote }}
repository: {{ .Values.images.clamd.repository | quote }}
tag: {{ .Values.images.clamd.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.clamd }}
resources:
{{ .Values.resources.clamd | toYaml | nindent 4 }}
containerSecurityContext:
allowPrivilegeEscalation: false
enabled: true
readOnlyRootFilesystem: true
runAsUser: 0
runAsGroup: 0
seccompProfile:
type: "RuntimeDefault"
runAsNonRoot: false
capabilities:
drop: []
privileged: false
seLinuxOptions:
{{ .Values.seLinuxOptions.clamav | toYaml | nindent 4 }}
freshclam:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
runAsUser: 100
runAsGroup: 101
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.freshclam | toYaml | nindent 6 }}
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.freshclam.registry | quote }}
repository: {{ .Values.images.freshclam.repository | quote }}
tag: {{ .Values.images.freshclam.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.freshclam }}
resources:
{{ .Values.resources.freshclam | toYaml | nindent 4 }}
global:
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
icap:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
runAsUser: 100
runAsGroup: 101
privileged: false
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.icap | toYaml | nindent 6 }}
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.icap.registry | quote }}
repository: {{ .Values.images.icap.repository | quote }}
tag: {{ .Values.images.icap.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.icap }}
resources:
{{ .Values.resources.icap | toYaml | nindent 4 }}
milter:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
runAsUser: 100
runAsGroup: 101
privileged: false
seccompProfile:
type: "RuntimeDefault"
readOnlyRootFilesystem: true
runAsNonRoot: true
seLinuxOptions:
{{ .Values.seLinuxOptions.milter | toYaml | nindent 6 }}
image:
registry: {{ .Values.global.imageRegistry | default .Values.images.milter.registry | quote }}
repository: {{ .Values.images.milter.repository | quote }}
tag: {{ .Values.images.milter.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
podSecurityContext:
enabled: true
fsGroup: 101
fsGroupChangePolicy: "Always"
replicaCount: {{ .Values.replicas.milter }}
resources:
{{ .Values.resources.milter | toYaml | nindent 4 }}
persistence:
storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }}
size: {{ .Values.persistence.size.clamav | quote }}
...
Reference in New Issue View Git Blame Copy Permalink