bug: duplicate `securityContext` on confluence container in statefulset breaks helm chart install
Description
There is a duplicate securityContext on the confluence container in the stateful set. I'm noticing a lot of null values as well such as hostAliases, initContainers and a lot of the properties inside of the securityContexts are null. There's also a lot of whitespace which doesn't necessarily matter.
Steps to reproduce
- git checkout 1.15.0-bb.4
- cd chart
- helm template --values values.yaml confluence .
- see rendered StatefulSet
# Source: confluence/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: confluence
labels:
helm.sh/chart: confluence-1.15.0-bb.4
app.kubernetes.io/name: confluence
app.kubernetes.io/instance: confluence
app.kubernetes.io/version: "7.19.12"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
serviceName: confluence
selector:
matchLabels:
app.kubernetes.io/name: confluence
app.kubernetes.io/instance: confluence
template:
metadata:
annotations:
checksum/config-jvm: 9d977537c96d49ae2dcec717e6c3728aa7142001d7596c63e7c52f59db79c063
labels:
app.kubernetes.io/name: confluence
app.kubernetes.io/instance: confluence
spec:
serviceAccountName: confluence
terminationGracePeriodSeconds: 1
securityContext:
# This is intended to ensure that the shared-home volume is group-writeable by the GID used by the Cnfluence container.
# However, this doesn't appear to work for NFS volumes due to a K8s bug: https://github.com/kubernetes/examples/issues/260
fsGroup:
hostAliases:
initContainers:
# We have removed an include to the common jmx initcontainer and replaced it with a dupe and revised snippet
# This snippet is modified to remove the run as root and modify the arguments in order to work with ironbank image
imagePullSecrets:
- name: private-registry
containers:
- name: confluence
image: "registry1.dso.mil/ironbank/atlassian/confluence-data-center/confluence-node:8.4.0"
imagePullPolicy: IfNotPresent
securityContext:
runAsUser:
runAsGroup:
ports:
- name: http
containerPort: 8090
protocol: TCP
- name: hazelcast
containerPort: 5701
protocol: TCP
- name: intersvc
containerPort: 8081
protocol: TCP
- name: synchrony
containerPort: 8091
protocol: TCP
readinessProbe:
httpGet:
port: 8090
path: /status
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 6
startupProbe:
tcpSocket:
port: 8090
periodSeconds: 5
failureThreshold: 120
securityContext:
runAsGroup: 2002
runAsNonRoot: true
runAsUser: 2002
resources:
requests:
cpu: "2"
memory: 2G
volumeMounts:
- name: local-home
mountPath: "/var/atlassian/application-data/confluence"
- name: local-home
mountPath: "/opt/atlassian/confluence/logs"
subPath: "logs"
- name: shared-home
mountPath: "/var/atlassian/confluence-datacenter"
- mountPath: /opt/atlassian/etc/server.xml.j2
name: server-xml-j2
subPath: server.xml.j2
- mountPath: /opt/atlassian/confluence/conf/server.xml
name: server-xml
subPath: server.xml
- mountPath: /opt/atlassian/confluence/confluence/decorators/includes/footer-content.vm
name: footer-content-vm
subPath: footer-content.vm
env:
- name: ATL_TOMCAT_SCHEME
value: "https"
- name: ATL_TOMCAT_SECURE
value: "true"
- name: ATL_PRODUCT_HOME_SHARED
value: "/var/atlassian/confluence-datacenter"
- name: JVM_SUPPORT_RECOMMENDED_ARGS
valueFrom:
configMapKeyRef:
key: additional_jvm_args
name: confluence-jvm-config
- name: JVM_MINIMUM_MEMORY
valueFrom:
configMapKeyRef:
key: min_heap
name: confluence-jvm-config
- name: JVM_MAXIMUM_MEMORY
valueFrom:
configMapKeyRef:
key: max_heap
name: confluence-jvm-config
- name: JVM_RESERVED_CODE_CACHE_SIZE
valueFrom:
configMapKeyRef:
key: reserved_code_cache
name: confluence-jvm-config
volumes:
- name: local-home
emptyDir: {}
- name: shared-home
emptyDir: {}
- configMap:
defaultMode: 484
name: server-xml-j2
name: server-xml-j2
- configMap:
defaultMode: 484
name: server-xml
name: server-xml
- configMap:
defaultMode: 484
name: footer-content-vm
name: footer-content-vm