🚨 Breaking: Change securityContext naming

Related to: #177
juice-shop · Sep 23, 2023 · 1fb850a · 1fb850a
1 parent 1233ec6
commit 1fb850a
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 14 deletions.
diff --git a/helm/multi-juicer/templates/cleanup/cron-job.yaml b/helm/multi-juicer/templates/cleanup/cron-job.yaml
@@ -21,15 +21,15 @@ spec:
             {{- include "multi-juicer.cleaner.labels" . | nindent 12 }}
         spec:
           serviceAccountName: 'juice-cleaner'
-          {{- with .Values.juiceShopCleanup.securityContext }}
+          {{- with .Values.juiceShopCleanup.podSecurityContext }}
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           containers:
             - image: '{{ .Values.juiceShopCleanup.repository }}:{{ .Values.juiceShopCleanup.tag | default (printf "v%s" .Chart.Version) }}'
               imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
               name: 'cleanup-job'
-              {{- with .Values.juiceShopCleanup.podSecurityContext }}
+              {{- with .Values.juiceShopCleanup.containerSecurityContext }}
               securityContext:
                 {{- toYaml . | nindent 12 }}
               {{- end }}

diff --git a/helm/multi-juicer/templates/juice-balancer/config-map.yaml b/helm/multi-juicer/templates/juice-balancer/config-map.yaml
@@ -31,8 +31,8 @@ data:
         "ctfKey": {{ .Values.juiceShop.ctfKey | quote }},
         "nodeEnv": {{ .Values.juiceShop.nodeEnv | quote }},
         "resources": {{ .Values.juiceShop.resources | toJson }},
-        "securityContext": {{ .Values.juiceShop.securityContext | toJson }},
         "podSecurityContext": {{ .Values.juiceShop.podSecurityContext | toJson }},
+        "containerSecurityContext": {{ .Values.juiceShop.containerSecurityContext | toJson }},
         "env": {{ .Values.juiceShop.env | toJson }},
         "envFrom": {{ .Values.juiceShop.envFrom | toJson }},
         "volumes": {{ .Values.juiceShop.volumes | toJson }},

diff --git a/helm/multi-juicer/templates/juice-balancer/deployment.yaml b/helm/multi-juicer/templates/juice-balancer/deployment.yaml
@@ -24,15 +24,15 @@ spec:
         {{- end }}
     spec:
       serviceAccountName: juice-balancer
-      {{- with .Values.balancer.securityContext }}
+      {{- with .Values.balancer.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: '{{ .Values.balancer.repository }}:{{ .Values.balancer.tag | default (printf "v%s" .Chart.Version) }}'
           imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
-          {{- with .Values.balancer.podSecurityContext }}
+          {{- with .Values.balancer.containerSecurityContext }}
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}

diff --git a/helm/multi-juicer/templates/progress-watchdog/deployment.yaml b/helm/multi-juicer/templates/progress-watchdog/deployment.yaml
@@ -14,15 +14,15 @@ spec:
         {{- include "multi-juicer.progress-watchdog.labels" . | nindent 8 }}
     spec:
       serviceAccountName: progress-watchdog
-      {{- with .Values.progressWatchdog.securityContext }}
+      {{- with .Values.progressWatchdog.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       containers:
         - name: progress-watchdog
           image: '{{ .Values.progressWatchdog.repository }}:{{ .Values.progressWatchdog.tag | default (printf "v%s" .Chart.Version) }}'
           imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
-          {{- with .Values.progressWatchdog.podSecurityContext }}
+          {{- with .Values.progressWatchdog.containerSecurityContext }}
           securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}

diff --git a/helm/multi-juicer/values.yaml b/helm/multi-juicer/values.yaml
@@ -56,8 +56,10 @@ balancer:
     limits:
       memory: 256Mi
       cpu: 400m
-  securityContext: {}
+  # -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
   podSecurityContext: {}
+  # -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
+  containerSecurityContext: {}
   # -- Optional Configure kubernetes scheduling affinity for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
   affinity: {}
   # -- Optional Configure kubernetes toleration for the created JuiceShops (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
@@ -118,9 +120,10 @@ juiceShop:
   #  limits:
   #    cpu: 100m
   #    memory: 200Mi
-  # -- Optional securityContext definitions to set for each JuiceShop instance
-  securityContext: {}
+  # -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
   podSecurityContext: {}
+  # -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
+  containerSecurityContext: {}
   # -- Optional environment variables to set for each JuiceShop instance (see: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
   env: []
   # env:
@@ -170,7 +173,10 @@ progressWatchdog:
     limits:
       memory: 48Mi
       cpu: 20m
-  securityContext: {}
+  # -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
+  podSecurityContext: {}
+  # -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
+  containerSecurityContext: {}
   # -- Optional Configure kubernetes scheduling affinity for the ProgressWatchdog (see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
   affinity: {}
   # -- Optional Configure kubernetes toleration for the ProgressWatchdog (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
@@ -192,8 +198,10 @@ juiceShopCleanup:
       memory: 256Mi
     limits:
       memory: 256Mi
-  securityContext: {}
+  # -- Optional securityContext on pod level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core
   podSecurityContext: {}
+  # -- Optional securityContext on container level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core
+  containerSecurityContext: {}
   # -- Optional Configure kubernetes scheduling affinity for the JuiceShopCleanup Job(see: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)
   affinity: {}
   # -- Optional Configure kubernetes toleration for the JuiceShopCleanup Job (see: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)

diff --git a/juice-balancer/src/kubernetes.js b/juice-balancer/src/kubernetes.js
@@ -63,14 +63,14 @@ const createDeploymentForTeam = async ({ team, passcodeHash }) => {
         },
         spec: {
           automountServiceAccountToken: false,
-          securityContext: get('juiceShop.securityContext'),
+          securityContext: get('juiceShop.podSecurityContext'),
           containers: [
             {
               name: 'juice-shop',
               image: `${get('juiceShop.image')}:${get('juiceShop.tag')}`,
               imagePullPolicy: get('juiceShop.imagePullPolicy'),
               resources: get('juiceShop.resources'),
-              securityContext: get('juiceShop.podSecurityContext'),
+              securityContext: get('juiceShop.containerSecurityContext'),
               env: [
                 {
                   name: 'NODE_ENV',