helm: refactor securityContext to support restricted pod security standard

Signed-off-by: Simon L. <szaimen@e.mail.de>
2025-12-19 22:16:49 +00:00 · 2024-11-15 16:52:55 +01:00 · 2024-11-15 16:52:55 +01:00 · cf6adc1075
commit cf6adc1075
parent f7de6f6704
16 changed files with 337 additions and 152 deletions
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@ -36,19 +36,14 @@ spec:
              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
            - name: server_name
              value: "{{ .Values.NC_DOMAIN }}"
-          image: "nextcloud/aio-collabora:20241106_101604"
+          image: nextcloud/aio-collabora:20241106_101604
          name: nextcloud-aio-collabora
          ports:
            - containerPort: 9980
              protocol: TCP
          securityContext:
-            allowPrivilegeEscalation: false
-            runAsNonRoot: true
            capabilities:
              add:
                - MKNOD
                - SYS_ADMIN
-              drop:
-                - NET_RAW
-            runAsUser: 100
 {{- end }}