Remove security context
This commit is contained in:
parent
761eb6362f
commit
cd9db1cd36
GPG key ID:
0DA0A7A5708FE257
|
|
@ -32,48 +32,6 @@ data:
|
|||
</IfModule>
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
apache2.conf: |
|
||||
DefaultRuntimeDir ${APACHE_RUN_DIR}
|
||||
PidFile ${APACHE_PID_FILE}
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
HostnameLookups Off
|
||||
ErrorLog /dev/stderr
|
||||
CustomLog /dev/stdout common
|
||||
TransferLog /dev/stdout
|
||||
LogLevel debug
|
||||
IncludeOptional mods-enabled/*.load
|
||||
IncludeOptional mods-enabled/*.conf
|
||||
Include ports.conf
|
||||
<Directory />
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all denied
|
||||
</Directory>
|
||||
<Directory /usr/share>
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
<Directory /var/www/>
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
AccessFileName .htaccess
|
||||
<FilesMatch "^\.ht">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
IncludeOptional conf-enabled/*.conf
|
||||
IncludeOptional sites-enabled/*.conf
|
||||
config.php: |
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
|
|
@ -179,20 +137,5 @@ data:
|
|||
),
|
||||
|
||||
);
|
||||
envars: |
|
||||
unset HOME
|
||||
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
|
||||
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
|
||||
else
|
||||
SUFFIX=
|
||||
fi
|
||||
export APACHE_RUN_USER=www-data
|
||||
export APACHE_RUN_GROUP=www-data
|
||||
export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
|
||||
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
|
||||
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
|
||||
export APACHE_LOG_DIR=/tmp$SUFFIX
|
||||
export LANG=C
|
||||
export LANG
|
||||
ports.conf: |
|
||||
Listen 8080
|
||||
|
|
|
|||
|
|
@ -27,13 +27,6 @@ spec:
|
|||
app: customer-node
|
||||
spec:
|
||||
restartPolicy: Always
|
||||
securityContext:
|
||||
privileged: false
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
runAsUser: 33
|
||||
runAsGroup: 33
|
||||
fsGroup: 33
|
||||
containers:
|
||||
- name: customer
|
||||
image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4
|
||||
|
|
@ -44,24 +37,9 @@ spec:
|
|||
- name: default-config
|
||||
mountPath: /etc/apache2/sites-enabled/000-default.conf
|
||||
subPath: 000-default.conf
|
||||
- name: apache2-config
|
||||
mountPath: /etc/apache2/apache2.conf
|
||||
subPath: apache2.conf
|
||||
- name: envars
|
||||
mountPath: /etc/apache2/envars
|
||||
subPath: envars
|
||||
- name: ports-config
|
||||
mountPath: /etc/apache2/ports.conf
|
||||
subPath: ports.conf
|
||||
- name: log-volume
|
||||
mountPath: /var/log/apache2
|
||||
subPath: apache2
|
||||
- name: conf-volume
|
||||
mountPath: /etc/apache2/mods-enabled
|
||||
subPath: mods-enabled
|
||||
- name: run-volume
|
||||
mountPath: /var/run/apache2
|
||||
subPath: apache2
|
||||
- name: hugepage
|
||||
mountPath: /dev/hugepages
|
||||
resources:
|
||||
|
|
@ -87,13 +65,11 @@ spec:
|
|||
- containerPort: 8080
|
||||
name: nextcloud-http
|
||||
command: ["/bin/bash"]
|
||||
args: ["-c", "cp /etc/apache2/mods-available/{access_compat.load,alias.conf,alias.load,auth_basic.load,authn_core.load,authn_file.load,authz_core.load,authz_host.load,authz_user.load,autoindex.conf,autoindex.load,deflate.conf,deflate.load,dir.conf,dir.load,env.load,filter.load,mime.conf,mime.load,mpm_prefork.conf,mpm_prefork.load,negotiation.conf,negotiation.load,php8.0.conf,php8.0.load,reqtimeout.conf,reqtimeout.load,rewrite.load,setenvif.conf,setenvif.load,socache_shmcb.load,status.conf,status.load} /etc/apache2/mods-enabled; apachectl -D FOREGROUND"]
|
||||
args: ["-c", "apachectl -D FOREGROUND"]
|
||||
#command: ["/bin/sh","-c", "apachectl -D FOREGROUND; tail -f /dev/null"]
|
||||
initContainers:
|
||||
- image: docker.sunet.se/sunet/docker-jinja:latest
|
||||
name: init-config
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: nextcloud-config-template
|
||||
mountPath: /tmp/config.php.template
|
||||
|
|
@ -101,9 +77,6 @@ spec:
|
|||
- name: nextcloud-data
|
||||
mountPath: /var/www/html/config
|
||||
subPath: config
|
||||
- name: conf-volume
|
||||
mountPath: /etc/apache2/mods-enabled
|
||||
subPath: mods-enabled
|
||||
env:
|
||||
- name: GSS_MASTER_URL
|
||||
value: "https://drive.test.sunet.se"
|
||||
|
|
@ -205,39 +178,18 @@ spec:
|
|||
items:
|
||||
- key: "config.php"
|
||||
path: "config.php"
|
||||
- name: apache2-config
|
||||
configMap:
|
||||
name: nextcloud-configmap
|
||||
items:
|
||||
- key: "apache2.conf"
|
||||
path: "apache2.conf"
|
||||
- name: default-config
|
||||
configMap:
|
||||
name: nextcloud-configmap
|
||||
items:
|
||||
- key: "000-default.conf"
|
||||
path: "000-default.conf"
|
||||
- name: envars
|
||||
configMap:
|
||||
name: nextcloud-configmap
|
||||
items:
|
||||
- key: "envars"
|
||||
path: "envars"
|
||||
- name: ports-config
|
||||
configMap:
|
||||
name: nextcloud-configmap
|
||||
items:
|
||||
- key: "ports.conf"
|
||||
path: "ports.conf"
|
||||
- name: run-volume
|
||||
emptyDir:
|
||||
sizeLimit: 500Mi
|
||||
- name: log-volume
|
||||
emptyDir:
|
||||
sizeLimit: 500Mi
|
||||
- name: conf-volume
|
||||
emptyDir:
|
||||
sizeLimit: 500Mi
|
||||
- name: hugepage
|
||||
emptyDir:
|
||||
medium: HugePages
|
||||
|
|
|
|||
Loading…
Reference in a new issue