spec.template.spec.containers.securityContext is not supported

Question

spec.template.spec.containers.securityContext is not supported

DimamoN opened this issue 5 years ago · comments

Hi, I found an issue in k2tf, version 0.2.5.
The spec.template.spec.containers.securityContext is not appears in a result file.

Example:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: metricbeat
  namespace: default
  labels:
    k8s-app: metricbeat
spec:
  template:
    metadata:
      labels:
        k8s-app: metricbeat
    spec:
      serviceAccountName: metricbeat
      containers:
        - name: metricbeat
          image: docker.elastic.co/beats/metricbeat:7.0.0-alpha2
          args: [
            "-c", "/etc/metricbeat.yml",
            "-e",
          ]
          env:
            - name: ELASTICSEARCH_HOST
              value: elastic-service
          securityContext:
            runAsUser: 0

Converting:

k2tf -F -f file.yaml -o output.tf

Result:

resource "kubernetes_deployment" "metricbeat" {
  metadata {
    name      = "metricbeat"
    namespace = "default"
    labels    = { k8s-app = "metricbeat" }
  }
  spec {
    template {
      metadata {
        labels = { k8s-app = "metricbeat" }
      }
      spec {
        container {
          name  = "metricbeat"
          image = "docker.elastic.co/beats/metricbeat:7.0.0-alpha2"
          args  = ["-c", "/etc/metricbeat.yml", "-e"]
          env {
            name  = "ELASTICSEARCH_HOST"
            value = "elastic-service"
          }
        }
        service_account_name = "metricbeat"
      }
    }
  }
}

There no securityContext in converted terraform file.
How it should be:

resource "kubernetes_deployment" "metricbeat" {
  metadata {
    name      = "metricbeat"
    namespace = "default"
    labels    = { k8s-app = "metricbeat" }
  }
  spec {
    template {
      metadata {
        labels = { k8s-app = "metricbeat" }
      }
      spec {
        container {
          name  = "metricbeat"
          image = "docker.elastic.co/beats/metricbeat:7.0.0-alpha2"
          args  = ["-c", "/etc/metricbeat.yml", "-e"]
          env {
            name  = "ELASTICSEARCH_HOST"
            value = "elastic-service"
          }
          security_context {
            run_as_user = 0
          }
        }
        service_account_name = "metricbeat"
      }
    }
  }
}

Pedro de la Cruz Jr. · Answer 1 · Wed Aug 28 2019 10:34:29 GMT+0800 (China Standard Time)

I also ran into this issue. Please fix.

Matt Morrison · Answer 2 · Fri Sep 06 2019 09:32:34 GMT+0800 (China Standard Time)

The issue here is that k2tf skips outputting any attribute that appear to be unset (e.g. empty string or zero value).
In this case run_as_user is 0, so it's deliberately not included in the output. I'm exploring ways to fix this.

chandankashyap19 · Answer 3 · Wed Sep 29 2021 14:45:52 GMT+0800 (China Standard Time)

Any fix on the reported issue. Getting same error at my end.