From 5b32315b6f60e18016f168c3be9a2e163c52b9c9 Mon Sep 17 00:00:00 2001
From: James Rhoat <james@rhoat.com>
Date: Fri, 8 Nov 2024 11:31:04 -0500
Subject: [PATCH 1/4] updating security context

---
 CHANGELOG.md                                            | 6 ++++++
 charts/factorio-server-charts/Chart.yaml                | 2 +-
 charts/factorio-server-charts/templates/deployment.yaml | 1 -
 charts/factorio-server-charts/values.yaml               | 5 ++++-
 4 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2963c14..c79b4de 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 ## Changelog
 
+### V2.4.0
+
+#### Potentially Breaking Changes
+
+- Removing the chown of the data directory initialization and instead switching the security context to use the factorio user specified in [factorio docker](https://github.com/factoriotools/factorio-docker/blob/master/docker/Dockerfile). This will fix the nfs permissions but could potentially cause issues elsewhere if you were setting the security context. 
+
 ### V2.3.0
 
 #### Non-Breaking Changes
diff --git a/charts/factorio-server-charts/Chart.yaml b/charts/factorio-server-charts/Chart.yaml
index cd9e624..49d253b 100644
--- a/charts/factorio-server-charts/Chart.yaml
+++ b/charts/factorio-server-charts/Chart.yaml
@@ -20,7 +20,7 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.3.0
+version: 2.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/factorio-server-charts/templates/deployment.yaml b/charts/factorio-server-charts/templates/deployment.yaml
index 93b4e12..bc68bae 100644
--- a/charts/factorio-server-charts/templates/deployment.yaml
+++ b/charts/factorio-server-charts/templates/deployment.yaml
@@ -53,7 +53,6 @@ spec:
                 jq -M --rawfile game_password /gamePassword/game_password '.game_password=($game_password|gsub("[\\n\\t]"; ""))' /factorio/configs/server-settings.json > /tmp/server-settings.json && mv /tmp/server-settings.json /factorio/configs/server-settings.json
               fi
               #sleep 100
-              chown -vR factorio:factorio /factorio
               chmod -vR 777 /factorio/configs
               ls -alth /factorio
           {{- with .Values.securityContext }}
diff --git a/charts/factorio-server-charts/values.yaml b/charts/factorio-server-charts/values.yaml
index abb68ea..8056eb2 100644
--- a/charts/factorio-server-charts/values.yaml
+++ b/charts/factorio-server-charts/values.yaml
@@ -14,8 +14,11 @@ replicaCount: 1
 
 hostNetworkEnabled: true
 
+# https://github.com/factoriotools/factorio-docker/blob/master/docker/Dockerfile
 securityContext:
-  runAsUser: 0
+  runAsUser: 845
+  runAsGroup: 845
+  fsGroup: 845
 
 #### Image Configuration ####
 ## @section Image Parameters

From b3b164d0f9d88cec80157a0348c40b0955dfe9fe Mon Sep 17 00:00:00 2001
From: James Rhoat <james@rhoat.com>
Date: Fri, 8 Nov 2024 11:52:57 -0500
Subject: [PATCH 2/4] splitting security context

---
 .../templates/deployment.yaml                 | 24 +++++++++++--------
 charts/factorio-server-charts/values.yaml     |  4 +++-
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/charts/factorio-server-charts/templates/deployment.yaml b/charts/factorio-server-charts/templates/deployment.yaml
index bc68bae..c595780 100644
--- a/charts/factorio-server-charts/templates/deployment.yaml
+++ b/charts/factorio-server-charts/templates/deployment.yaml
@@ -9,6 +9,10 @@ metadata:
     heritage: "{{ .Release.Service }}"
 spec:
   replicas: 1
+  {{- with .Values.securityContext }}
+  securityContext:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   selector:
     matchLabels:
       app: {{ template "factorio-server-charts.fullname" . }}
@@ -55,8 +59,8 @@ spec:
               #sleep 100
               chmod -vR 777 /factorio/configs
               ls -alth /factorio
-          {{- with .Values.securityContext }}
-          securityContext:
+          {{- with .Values.podSecurityContext }}
+          podSecurityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
@@ -86,8 +90,8 @@ spec:
             - |
               mkdir -p /factorio/mods
               bash /scripts/mod-downloader.sh
-          {{- with .Values.securityContext }}
-          securityContext:
+          {{- with .Values.podSecurityContext }}
+          podSecurityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
@@ -109,8 +113,8 @@ spec:
             - -ec
             - |
               bash /scripts/save-importer.sh
-          {{- with .Values.securityContext }}
-          securityContext:
+          {{- with .Values.podSecurityContext }}
+          podSecurityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
@@ -123,8 +127,8 @@ spec:
       - name: {{ template "factorio-server-charts.fullname" . }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
-        {{- with .Values.securityContext }}
-        securityContext:
+        {{- with .Values.podSecurityContext }}
+        podSecurityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}
         livenessProbe:
@@ -209,8 +213,8 @@ spec:
       - name: {{ template "factorio-server-charts.fullname" . }}-port-fixer
         image: "{{ .Values.port_fixer.image.repository }}:{{ .Values.port_fixer.image.tag }}"
         imagePullPolicy: {{ .Values.port_fixer.image.pullPolicy }}
-        {{- with .Values.securityContext }}
-        securityContext:
+        {{- with .Values.podSecurityContext }}
+        podSecurityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}
         command: ["/factorio-port-fixer"]
diff --git a/charts/factorio-server-charts/values.yaml b/charts/factorio-server-charts/values.yaml
index 8056eb2..01bcd35 100644
--- a/charts/factorio-server-charts/values.yaml
+++ b/charts/factorio-server-charts/values.yaml
@@ -16,9 +16,11 @@ hostNetworkEnabled: true
 
 # https://github.com/factoriotools/factorio-docker/blob/master/docker/Dockerfile
 securityContext:
+  fsGroup: 845
+
+podSecurityContext:
   runAsUser: 845
   runAsGroup: 845
-  fsGroup: 845
 
 #### Image Configuration ####
 ## @section Image Parameters

From 71fc1efc604d68f7bcde889d3a12672c6231ff16 Mon Sep 17 00:00:00 2001
From: James Rhoat <james@rhoat.com>
Date: Fri, 8 Nov 2024 11:55:57 -0500
Subject: [PATCH 3/4] fixing securityContext replace issue

---
 .../factorio-server-charts/templates/deployment.yaml   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/factorio-server-charts/templates/deployment.yaml b/charts/factorio-server-charts/templates/deployment.yaml
index c595780..fe9cf42 100644
--- a/charts/factorio-server-charts/templates/deployment.yaml
+++ b/charts/factorio-server-charts/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
               chmod -vR 777 /factorio/configs
               ls -alth /factorio
           {{- with .Values.podSecurityContext }}
-          podSecurityContext:
+          securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
@@ -91,7 +91,7 @@ spec:
               mkdir -p /factorio/mods
               bash /scripts/mod-downloader.sh
           {{- with .Values.podSecurityContext }}
-          podSecurityContext:
+          securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
@@ -114,7 +114,7 @@ spec:
             - |
               bash /scripts/save-importer.sh
           {{- with .Values.podSecurityContext }}
-          podSecurityContext:
+          securityContext:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           volumeMounts:
@@ -128,7 +128,7 @@ spec:
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- with .Values.podSecurityContext }}
-        podSecurityContext:
+        securityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}
         livenessProbe:
@@ -214,7 +214,7 @@ spec:
         image: "{{ .Values.port_fixer.image.repository }}:{{ .Values.port_fixer.image.tag }}"
         imagePullPolicy: {{ .Values.port_fixer.image.pullPolicy }}
         {{- with .Values.podSecurityContext }}
-        podSecurityContext:
+        securityContext:
           {{- toYaml . | nindent 10 }}
         {{- end }}
         command: ["/factorio-port-fixer"]

From 36f809910e1907ff0bfdf297add4965f7c6f58b1 Mon Sep 17 00:00:00 2001
From: James Rhoat <james@rhoat.com>
Date: Fri, 8 Nov 2024 11:58:53 -0500
Subject: [PATCH 4/4] updating securitycontext location

---
 charts/factorio-server-charts/templates/deployment.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/charts/factorio-server-charts/templates/deployment.yaml b/charts/factorio-server-charts/templates/deployment.yaml
index fe9cf42..364e009 100644
--- a/charts/factorio-server-charts/templates/deployment.yaml
+++ b/charts/factorio-server-charts/templates/deployment.yaml
@@ -9,10 +9,6 @@ metadata:
     heritage: "{{ .Release.Service }}"
 spec:
   replicas: 1
-  {{- with .Values.securityContext }}
-  securityContext:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
   selector:
     matchLabels:
       app: {{ template "factorio-server-charts.fullname" . }}
@@ -23,6 +19,10 @@ spec:
       labels:
         app: {{ template "factorio-server-charts.fullname" . }}
     spec:
+      {{- with .Values.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       dnsConfig:
         options:
           - name: ndots