From 9d962a7efe77f684983eb19fa2c539468ab7e42c Mon Sep 17 00:00:00 2001
From: szaimen <42591237+szaimen@users.noreply.github.com>
Date: Thu, 21 Nov 2024 19:42:58 +0000
Subject: [PATCH] Helm Chart updates

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
---
 nextcloud-aio-helm-chart/Chart.yaml           |  2 +-
 .../nextcloud-aio-nextcloud-deployment.yaml   | 26 +++++++++++++------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index 87d387b8b30..96ea008d19d 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 9.8.0
+version: 10.0.0
 apiVersion: v2
 keywords:
   - latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index b33febd8464..0bde53983ff 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -23,7 +23,7 @@ spec:
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
-      {{- if eq .Values.RPSS_ENABLED "yes" }}
+      {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
       securityContext:
         # The items below only work in pod context
         fsGroup: 33
@@ -36,7 +36,7 @@ spec:
         seccompProfile:
           type: RuntimeDefault
         {{- end }}
-      {{- end }}
+      {{- end }} # AIO-config - do not change this comment!
       initContainers:
         - name: "delete-lost-found"
           image: "alpine:3.20"
@@ -49,12 +49,18 @@ spec:
               mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
-        {{- if eq .Values.RPSS_ENABLED "yes" }}
+        {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context
             allowPrivilegeEscalation: false
+            capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
-        {{- else }}
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
+              add: ["NET_BIND_SERVICE"]
+        {{- if ne .Values.RPSS_ENABLED "yes" }} 
         - name: init-volumes
           image: "alpine:3.20"
           command:
@@ -68,6 +74,7 @@ spec:
             - name: nextcloud-aio-nextcloud
               mountPath: /nextcloud-aio-nextcloud
         {{- end }}
+        {{- end }} # AIO-config - do not change this comment!
       containers:
         - env:
             - name: SMTP_HOST
@@ -194,15 +201,18 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20241106_10160
-          {{- if eq .Values.RPSS_ENABLED "yes" }}
-          securityContext:
+          image: nextcloud/aio-nextcloud:20241106_101604
+          {{- if eq .Values.RPSS_ENABLED "yes" }} # AIO-config - do not change this comment!
             # The items below only work in container context
             allowPrivilegeEscalation: false
             capabilities:
+              {{- if eq .Values.RPSS_ENABLED "yes" }}
               drop: ["ALL"]
+              {{- else }}
+              drop: ["NET_RAW"]
+              {{- end }}
               add: ["NET_BIND_SERVICE"]
-          {{- end }}
+          {{- end }} # AIO-config - do not change this comment!
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000