From 39e1322df2b15446796356d9bf027250c5d75c35 Mon Sep 17 00:00:00 2001
From: "argoproj-renovate[bot]"
 <161757507+argoproj-renovate[bot]@users.noreply.github.com>
Date: Thu, 16 May 2024 20:06:49 +0900
Subject: [PATCH] chore(argocd-image-updater): Update dependency
 argoproj-labs/argocd-image-updater to v0.13.0 (#2692)

* chore(argocd-image-updater): Update dependency argoproj-labs/argocd-image-updater to v0.13.0

* feat(argocd-image-updater): update deployment as following upstream

Signed-off-by: yu-croco <yu.croco@gmail.com>

* fix(argocd-image-updater): correct doc

Signed-off-by: yu-croco <yu.croco@gmail.com>

* fix(argocd-image-updater): fix manifest

Signed-off-by: yu-croco <yu.croco@gmail.com>

* chore(argocd-image-updater): bump version

Signed-off-by: yu-croco <yu.croco@gmail.com>

---------

Signed-off-by: yu-croco <yu.croco@gmail.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: yu-croco <yu.croco@gmail.com>
---
 charts/argocd-image-updater/Chart.yaml          |  8 ++++----
 charts/argocd-image-updater/README.md           |  2 +-
 .../templates/deployment.yaml                   | 11 +++++------
 charts/argocd-image-updater/values.yaml         | 17 ++++++++++-------
 4 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/charts/argocd-image-updater/Chart.yaml b/charts/argocd-image-updater/Chart.yaml
index 7f299aef..d3143726 100644
--- a/charts/argocd-image-updater/Chart.yaml
+++ b/charts/argocd-image-updater/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: argocd-image-updater
 description: A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
 type: application
-version: 0.9.7
-appVersion: v0.12.2
+version: 0.10.0
+appVersion: v0.13.0
 home: https://github.com/argoproj-labs/argocd-image-updater
 icon: https://argocd-image-updater.readthedocs.io/en/stable/assets/logo.png
 keywords:
@@ -18,5 +18,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: added
-      description: Allow defining extraEnvFrom for the deployment
+    - kind: changed
+      description: Bump argocd-image-updater to v0.13.0
diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md
index a8d28699..ea57d402 100644
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@@ -114,7 +114,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | rbac.enabled | bool | `true` | Enable RBAC creation |
 | replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. |
 | resources | object | `{}` | Pod memory and cpu resource settings for the deployment |
-| securityContext | object | `{}` | Security context settings for the deployment |
+| securityContext | object | See [values.yaml] | Security context settings for the deployment |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.labels | object | `{}` | Labels to add to the service account |
diff --git a/charts/argocd-image-updater/templates/deployment.yaml b/charts/argocd-image-updater/templates/deployment.yaml
index cfd87a47..b6aa13fe 100644
--- a/charts/argocd-image-updater/templates/deployment.yaml
+++ b/charts/argocd-image-updater/templates/deployment.yaml
@@ -34,8 +34,7 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          command:
-            - /usr/local/bin/argocd-image-updater
+          args:
             - run
             {{- with .Values.extraArgs }}
               {{- toYaml . | nindent 12 }}
@@ -136,12 +135,12 @@ spec:
           volumeMounts:
           - mountPath: /app/config
             name: image-updater-conf
-          - mountPath: /tmp
-            name: tmp-dir
           - mountPath: /app/config/ssh
             name: ssh-known-hosts
           - mountPath: /app/.ssh
             name: ssh-config
+          - mountPath: /tmp
+            name: tmp
           {{- if .Values.authScripts.enabled }}
           - mountPath: /scripts
             name: authscripts
@@ -165,8 +164,6 @@ spec:
           name: argocd-image-updater-authscripts
         name: authscripts
       {{- end }}
-      - emptyDir: {}
-        name: tmp-dir
       - configMap:
           name: argocd-ssh-known-hosts-cm
           optional: true
@@ -175,6 +172,8 @@ spec:
           name: argocd-image-updater-ssh-config
           optional: true
         name: ssh-config
+      - emptyDir: {}
+        name: tmp
       {{- with .Values.volumes }}
         {{- toYaml . | nindent 6}}
       {{- end }}
diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml
index 0f2a4e33..2791890a 100644
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@@ -205,13 +205,16 @@ podSecurityContext: {}
   # fsGroup: 2000
 
 # -- Security context settings for the deployment
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+# @default -- See [values.yaml]
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
 
 rbac:
   # -- Enable RBAC creation