Remove security context

customers/base/nextcloud-configmap.yml

@@ -32,48 +32,6 @@ data:
             </IfModule>
         </Directory>
     </VirtualHost>
-  apache2.conf: |
-    DefaultRuntimeDir ${APACHE_RUN_DIR}
-    PidFile ${APACHE_PID_FILE}
-    Timeout 300
-    KeepAlive On
-    MaxKeepAliveRequests 100
-    KeepAliveTimeout 5
-    User ${APACHE_RUN_USER}
-    Group ${APACHE_RUN_GROUP}
-    HostnameLookups Off
-    ErrorLog /dev/stderr
-    CustomLog /dev/stdout common
-    TransferLog /dev/stdout
-    LogLevel debug
-    IncludeOptional mods-enabled/*.load
-    IncludeOptional mods-enabled/*.conf
-    Include ports.conf
-    <Directory />
-      Options FollowSymLinks
-      AllowOverride None
-      Require all denied
-    </Directory>
-    <Directory /usr/share>
-      AllowOverride None
-      Require all granted
-    </Directory>
-    <Directory /var/www/>
-      Options Indexes FollowSymLinks
-      AllowOverride None
-      Require all granted
-    </Directory>
-    AccessFileName .htaccess
-    <FilesMatch "^\.ht">
-      Require all denied
-    </FilesMatch>
-    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
-    IncludeOptional conf-enabled/*.conf
-    IncludeOptional sites-enabled/*.conf
   config.php: |
     <?php
     $CONFIG = array (
@@ -179,20 +137,5 @@ data:
       ),
 
     );
-  envars: |
-    unset HOME
-    if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
-      SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
-    else
-      SUFFIX=
-    fi
-    export APACHE_RUN_USER=www-data
-    export APACHE_RUN_GROUP=www-data
-    export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
-    export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
-    export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
-    export APACHE_LOG_DIR=/tmp$SUFFIX
-    export LANG=C
-    export LANG
   ports.conf: |
     Listen 8080

customers/base/nextcloud-deployment.yml

@@ -27,13 +27,6 @@ spec:
         app: customer-node
     spec:
       restartPolicy: Always
-      securityContext:
-        privileged: false
-        runAsNonRoot: true
-        allowPrivilegeEscalation: false
-        runAsUser: 33
-        runAsGroup: 33
-        fsGroup: 33
       containers:
         - name: customer
           image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4
@@ -44,24 +37,9 @@ spec:
             - name: default-config
               mountPath: /etc/apache2/sites-enabled/000-default.conf
               subPath: 000-default.conf
-            - name: apache2-config
-              mountPath: /etc/apache2/apache2.conf
-              subPath: apache2.conf
-            - name: envars
-              mountPath: /etc/apache2/envars
-              subPath: envars
             - name: ports-config
               mountPath: /etc/apache2/ports.conf
               subPath: ports.conf
-            - name: log-volume
-              mountPath: /var/log/apache2
-              subPath: apache2
-            - name: conf-volume
-              mountPath: /etc/apache2/mods-enabled
-              subPath: mods-enabled
-            - name: run-volume
-              mountPath: /var/run/apache2
-              subPath: apache2
             - name: hugepage
               mountPath: /dev/hugepages
           resources:
@@ -87,13 +65,11 @@ spec:
             - containerPort: 8080
               name: nextcloud-http
           command: ["/bin/bash"]
-          args: ["-c", "cp /etc/apache2/mods-available/{access_compat.load,alias.conf,alias.load,auth_basic.load,authn_core.load,authn_file.load,authz_core.load,authz_host.load,authz_user.load,autoindex.conf,autoindex.load,deflate.conf,deflate.load,dir.conf,dir.load,env.load,filter.load,mime.conf,mime.load,mpm_prefork.conf,mpm_prefork.load,negotiation.conf,negotiation.load,php8.0.conf,php8.0.load,reqtimeout.conf,reqtimeout.load,rewrite.load,setenvif.conf,setenvif.load,socache_shmcb.load,status.conf,status.load} /etc/apache2/mods-enabled; apachectl -D FOREGROUND"]
+          args: ["-c", "apachectl -D FOREGROUND"]
             #command: ["/bin/sh","-c", "apachectl -D FOREGROUND; tail -f /dev/null"]
       initContainers:
         - image: docker.sunet.se/sunet/docker-jinja:latest
           name: init-config
-          securityContext:
-            privileged: true
           volumeMounts:
             - name: nextcloud-config-template
               mountPath: /tmp/config.php.template
@@ -101,9 +77,6 @@ spec:
             - name: nextcloud-data
               mountPath: /var/www/html/config
               subPath: config
-            - name: conf-volume
-              mountPath: /etc/apache2/mods-enabled
-              subPath: mods-enabled
           env:
             - name: GSS_MASTER_URL
               value: "https://drive.test.sunet.se"
@@ -205,39 +178,18 @@ spec:
             items:
               - key: "config.php"
                 path: "config.php"
-        - name: apache2-config
-          configMap:
-            name: nextcloud-configmap
-            items:
-              - key: "apache2.conf"
-                path: "apache2.conf"
         - name: default-config
           configMap:
             name: nextcloud-configmap
             items:
               - key: "000-default.conf"
                 path: "000-default.conf"
-        - name: envars
-          configMap:
-            name: nextcloud-configmap
-            items:
-              - key: "envars"
-                path: "envars"
         - name: ports-config
           configMap:
             name: nextcloud-configmap
             items:
               - key: "ports.conf"
                 path: "ports.conf"
-        - name: run-volume
-          emptyDir:
-            sizeLimit: 500Mi
-        - name: log-volume
-          emptyDir:
-            sizeLimit: 500Mi
-        - name: conf-volume
-          emptyDir:
-            sizeLimit: 500Mi
         - name: hugepage
           emptyDir:
             medium: HugePages