diff --git a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml index 1abda8bb..26b9d2f5 100644 --- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -255,10 +255,10 @@ spec: failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.controller.resources | nindent 10 }} - {{- if .Values.controller.containerSecurityContext.enabled }} + {{- with .Values.controller.containerSecurityContext }} securityContext: - {{- omit .Values.controller.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} + {{- toYaml . | nindent 10 }} + {{- end }} workingDir: /home/argocd volumeMounts: {{- with .Values.controller.volumeMounts }} diff --git a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml index 09ce6d77..f3ce127a 100644 --- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -182,9 +182,9 @@ spec: {{- end }} resources: {{- toYaml .Values.applicationSet.resources | nindent 12 }} - {{- if .Values.applicationSet.containerSecurityContext.enabled }} + {{- with .Values.applicationSet.containerSecurityContext }} securityContext: - {{- omit .Values.applicationSet.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: {{- with .Values.applicationSet.extraVolumeMounts }} diff --git a/charts/argo-cd/templates/argocd-notifications/deployment.yaml b/charts/argo-cd/templates/argocd-notifications/deployment.yaml index 0fe996b3..d3f21b02 100644 --- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml +++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml @@ -80,9 +80,9 @@ spec: protocol: TCP resources: {{- toYaml .Values.notifications.resources | nindent 12 }} - {{- if .Values.notifications.containerSecurityContext.enabled }} + {{- with .Values.notifications.containerSecurityContext }} securityContext: - {{- omit .Values.notifications.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- toYaml . | nindent 12 }} {{- end }} workingDir: /app volumeMounts: diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9a307e72..fe82a337 100755 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -273,9 +273,9 @@ spec: failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.repoServer.resources | nindent 10 }} - {{- if .Values.repoServer.containerSecurityContext.enabled }} + {{- if .Values.repoServer.containerSecurityContext }} securityContext: - {{- omit .Values.repoServer.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} {{- with .Values.repoServer.lifecycle }} lifecycle: @@ -297,11 +297,9 @@ spec: resources: {{- toYaml . | nindent 10 }} {{- end }} - {{- if .Values.repoServer.containerSecurityContext.enabled }} {{- with .Values.repoServer.containerSecurityContext }} securityContext: - {{- omit . "enabled" | toYaml | nindent 10 }} - {{- end }} + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - mountPath: /var/run/argocd diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 3671a94e..62436af7 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -334,9 +334,9 @@ spec: failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} resources: {{- toYaml .Values.server.resources | nindent 10 }} - {{- if .Values.server.containerSecurityContext.enabled }} + {{- with .Values.server.containerSecurityContext }} securityContext: - {{- omit .Values.server.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} {{- with .Values.server.lifecycle }} lifecycle: @@ -348,9 +348,9 @@ spec: imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }} resources: {{- toYaml .Values.server.extensions.resources | nindent 10 }} - {{- if .Values.server.extensions.containerSecurityContext.enabled }} + {{- with .Values.server.extensions.containerSecurityContext }} securityContext: - {{- omit .Values.server.extensions.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - name: extensions diff --git a/charts/argo-cd/templates/dex/deployment.yaml b/charts/argo-cd/templates/dex/deployment.yaml index 2a8597c8..80f3e264 100755 --- a/charts/argo-cd/templates/dex/deployment.yaml +++ b/charts/argo-cd/templates/dex/deployment.yaml @@ -117,10 +117,10 @@ spec: {{- end }} resources: {{- toYaml .Values.dex.resources | nindent 10 }} - {{- if .Values.dex.containerSecurityContext.enabled }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- omit .Values.dex.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: {{- with .Values.dex.volumeMounts }} {{- toYaml . | nindent 8 }} @@ -150,10 +150,10 @@ spec: name: dexconfig resources: {{- toYaml .Values.dex.resources | nindent 10 }} - {{- if .Values.dex.containerSecurityContext.enabled }} + {{- with .Values.dex.containerSecurityContext }} securityContext: - {{- omit .Values.dex.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end}} + {{- toYaml . | nindent 10 }} + {{- end}} {{- with .Values.dex.initContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml index 20f37249..bfe7c480 100755 --- a/charts/argo-cd/templates/redis/deployment.yaml +++ b/charts/argo-cd/templates/redis/deployment.yaml @@ -41,11 +41,9 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.redis.containerSecurityContext.enabled }} {{- with .Values.redis.securityContext }} securityContext: - {{- omit . "enabled" | toYaml | nindent 8 }} - {{- end }} + {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.redis.priorityClassName | default .Values.global.priorityClassName }} priorityClassName: {{ . }} @@ -77,9 +75,9 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.resources | nindent 10 }} - {{- if .Values.redis.containerSecurityContext.enabled }} + {{- with .Values.redis.containerSecurityContext }} securityContext: - {{- omit .Values.redis.containerSecurityContext "enabled" | toYaml | nindent 10 }} + {{- toYaml . | nindent 10 }} {{- end }} {{- with .Values.redis.volumeMounts }} volumeMounts: @@ -103,10 +101,10 @@ spec: protocol: TCP resources: {{- toYaml .Values.redis.exporter.resources | nindent 10 }} - {{- if .Values.redis.exporter.containerSecurityContext.enabled }} + {{- with .Values.redis.exporter.containerSecurityContext }} securityContext: - {{- omit .Values.redis.exporter.containerSecurityContext "enabled" | toYaml | nindent 10 }} - {{- end }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- end }} {{- with .Values.redis.extraContainers }} {{- tpl (toYaml .) $ | nindent 6 }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index ebd741e2..2906eb82 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -699,7 +699,6 @@ controller: # -- Application controller container-level security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -1018,7 +1017,6 @@ dex: # -- Dex container-level security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -1170,7 +1168,6 @@ redis: # -- Redis exporter security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -1264,7 +1261,6 @@ redis: # -- Redis container-level security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true allowPrivilegeEscalation: false capabilities: drop: @@ -1528,7 +1524,6 @@ server: # -- Server UI extensions container-level security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -1633,7 +1628,6 @@ server: # -- Server container-level security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -2165,7 +2159,6 @@ repoServer: # -- Repo server container-level security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -2519,7 +2512,6 @@ applicationSet: # -- ApplicationSet controller container-level security context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false @@ -2858,7 +2850,6 @@ notifications: # -- Notification controller container-level security Context # @default -- See [values.yaml] containerSecurityContext: - enabled: true runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false