Merge pull request #69 from SQLJames/bug/nfsPermissions

updating security context

Author: SQLJames

CHANGELOG.md

@@ -1,5 +1,11 @@
 ## Changelog
 
+### V2.4.0
+
+#### Potentially Breaking Changes
+
+- Removing the chown of the data directory initialization and instead switching the security context to use the factorio user specified in [factorio docker](https://github.com/factoriotools/factorio-docker/blob/master/docker/Dockerfile). This will fix the nfs permissions but could potentially cause issues elsewhere if you were setting the security context. 
+
 ### V2.3.0
 
 #### Non-Breaking Changes

charts/factorio-server-charts/Chart.yaml

@@ -20,7 +20,7 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.3.0
+version: 2.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/factorio-server-charts/templates/deployment.yaml

@@ -19,6 +19,10 @@ spec:
       labels:
         app: {{ template "factorio-server-charts.fullname" . }}
     spec:
+      {{- with .Values.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       dnsConfig:
         options:
           - name: ndots
@@ -53,10 +57,9 @@ spec:
                 jq -M --rawfile game_password /gamePassword/game_password '.game_password=($game_password|gsub("[\\n\\t]"; ""))' /factorio/configs/server-settings.json > /tmp/server-settings.json && mv /tmp/server-settings.json /factorio/configs/server-settings.json
               fi
               #sleep 100
-              chown -vR factorio:factorio /factorio
               chmod -vR 777 /factorio/configs
               ls -alth /factorio
-          {{- with .Values.securityContext }}
+          {{- with .Values.podSecurityContext }}
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
@@ -87,7 +90,7 @@ spec:
             - |
               mkdir -p /factorio/mods
               bash /scripts/mod-downloader.sh
-          {{- with .Values.securityContext }}
+          {{- with .Values.podSecurityContext }}
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
@@ -110,7 +113,7 @@ spec:
             - -ec
             - |
               bash /scripts/save-importer.sh
-          {{- with .Values.securityContext }}
+          {{- with .Values.podSecurityContext }}
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
@@ -124,7 +127,7 @@ spec:
       - name: {{ template "factorio-server-charts.fullname" . }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
-        {{- with .Values.securityContext }}
+        {{- with .Values.podSecurityContext }}
         securityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}
@@ -210,7 +213,7 @@ spec:
       - name: {{ template "factorio-server-charts.fullname" . }}-port-fixer
         image: "{{ .Values.port_fixer.image.repository }}:{{ .Values.port_fixer.image.tag }}"
         imagePullPolicy: {{ .Values.port_fixer.image.pullPolicy }}
-        {{- with .Values.securityContext }}
+        {{- with .Values.podSecurityContext }}
         securityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}

charts/factorio-server-charts/values.yaml

@@ -14,8 +14,13 @@ replicaCount: 1
 
 hostNetworkEnabled: true
 
+# https://github.com/factoriotools/factorio-docker/blob/master/docker/Dockerfile
 securityContext:
-  runAsUser: 0
+  fsGroup: 845
+
+podSecurityContext:
+  runAsUser: 845
+  runAsGroup: 845
 
 #### Image Configuration ####
 ## @section Image Parameters