From 165a3be26e0751dda63fbbef85f49698e2b4c0e7 Mon Sep 17 00:00:00 2001 From: mamutmk5 <3045922+mamutmk5@users.noreply.github.com> Date: Wed, 17 Jul 2024 15:31:25 +0200 Subject: [PATCH] Revert "BC-7676 Updated k8s jobs to run as non-root users (#5109)" (#5112) This reverts commit b750b8df4dd57e0fb383b6aa75142f1c076a2c72. --- .../templates/api-h5p-library-management-cronjob.yml.j2 | 5 ----- .../templates/api-delete-s3-files-cronjob.yml.j2 | 5 ----- .../templates/data-deletion-trigger-cronjob.yml.j2 | 5 ----- .../schulcloud-server-core/templates/migration-job.yml.j2 | 5 ----- .../templates/tldraw-delete-files-cronjob.yml.j2 | 5 ----- .../roles/schulcloud-server-init/templates/job_init.yml.j2 | 5 ----- .../templates/api-ldap-sync-full-cronjob.yml.j2 | 5 ----- 7 files changed, 35 deletions(-) diff --git a/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 b/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 index e369044ea85..a3290e08f3e 100644 --- a/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 +++ b/ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2 @@ -30,11 +30,6 @@ spec: git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }} git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }} spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true volumes: - name: libraries-list configMap: diff --git a/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 index 95443ef537b..84d6f11e4fb 100644 --- a/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2 @@ -20,11 +20,6 @@ spec: spec: template: spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true containers: - name: delete-s3-files-cronjob image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }} diff --git a/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 index a8c02d02769..7f350b86c97 100644 --- a/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2 @@ -29,11 +29,6 @@ spec: spec: template: spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true containers: - name: data-deletion-trigger-cronjob image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }} diff --git a/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2 b/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2 index 42edd22f4a0..f9b76dc34a7 100644 --- a/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2 @@ -11,11 +11,6 @@ spec: labels: app: api-migration spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true containers: - name: api-migration-job image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }} diff --git a/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2 b/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2 index 3f702e42e72..80b8e5e5e41 100644 --- a/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2 @@ -20,11 +20,6 @@ spec: spec: template: spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true containers: - name: tldraw-delete-files-cronjob image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }} diff --git a/ansible/roles/schulcloud-server-init/templates/job_init.yml.j2 b/ansible/roles/schulcloud-server-init/templates/job_init.yml.j2 index 66d4e563983..b6c777a1ef2 100644 --- a/ansible/roles/schulcloud-server-init/templates/job_init.yml.j2 +++ b/ansible/roles/schulcloud-server-init/templates/job_init.yml.j2 @@ -7,11 +7,6 @@ metadata: spec: template: spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true containers: - name: api-init image: quay.io/schulcloudverbund/infra-tools:latest diff --git a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 index 44e1d95d5c4..41a4d21c783 100644 --- a/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 +++ b/ansible/roles/schulcloud-server-ldapsync/templates/api-ldap-sync-full-cronjob.yml.j2 @@ -20,11 +20,6 @@ spec: activeDeadlineSeconds: {{ SERVER_LDAP_SYNC_FULL_CRONJOB_TIMEOUT|default("39600", true) }} template: spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - runAsNonRoot: true containers: - name: api-ldapsync-cronjob image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}