search

sl1pm4t / k2tf

Kubernetes YAML to Terraform HCL converter
Mozilla Public License 2.0
1.17k stars 108 forks source link

spec.template.spec.containers.securityContext is not supported #34

Closed DimamoN closed 2 years ago

DimamoN commented 5 years ago

Hi, I found an issue in k2tf, version 0.2.5. The spec.template.spec.containers.securityContext is not appears in a result file.

Example:

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: metricbeat
  namespace: default
  labels:
    k8s-app: metricbeat
spec:
  template:
    metadata:
      labels:
        k8s-app: metricbeat
    spec:
      serviceAccountName: metricbeat
      containers:
        - name: metricbeat
          image: docker.elastic.co/beats/metricbeat:7.0.0-alpha2
          args: [
            "-c", "/etc/metricbeat.yml",
            "-e",
          ]
          env:
            - name: ELASTICSEARCH_HOST
              value: elastic-service
          securityContext:
            runAsUser: 0

Converting:

k2tf -F -f file.yaml -o output.tf

Result:

resource "kubernetes_deployment" "metricbeat" {
  metadata {
    name      = "metricbeat"
    namespace = "default"
    labels    = { k8s-app = "metricbeat" }
  }
  spec {
    template {
      metadata {
        labels = { k8s-app = "metricbeat" }
      }
      spec {
        container {
          name  = "metricbeat"
          image = "docker.elastic.co/beats/metricbeat:7.0.0-alpha2"
          args  = ["-c", "/etc/metricbeat.yml", "-e"]
          env {
            name  = "ELASTICSEARCH_HOST"
            value = "elastic-service"
          }
        }
        service_account_name = "metricbeat"
      }
    }
  }
}

There no securityContext in converted terraform file. How it should be:

resource "kubernetes_deployment" "metricbeat" {
  metadata {
    name      = "metricbeat"
    namespace = "default"
    labels    = { k8s-app = "metricbeat" }
  }
  spec {
    template {
      metadata {
        labels = { k8s-app = "metricbeat" }
      }
      spec {
        container {
          name  = "metricbeat"
          image = "docker.elastic.co/beats/metricbeat:7.0.0-alpha2"
          args  = ["-c", "/etc/metricbeat.yml", "-e"]
          env {
            name  = "ELASTICSEARCH_HOST"
            value = "elastic-service"
          }
          security_context {
            run_as_user = 0
          }
        }
        service_account_name = "metricbeat"
      }
    }
  }
}
delaman commented 5 years ago

I also ran into this issue. Please fix.

sl1pm4t commented 5 years ago

The issue here is that k2tf skips outputting any attribute that appear to be unset (e.g. empty string or zero value). In this case run_as_user is 0, so it's deliberately not included in the output. I'm exploring ways to fix this.

chandankashyap19 commented 2 years ago

Any fix on the reported issue. Getting same error at my end.