fix: #404 - Set Security Context for Redis Pod

charts/argo-cd/README.md

@@ -311,6 +311,7 @@ through `xxx.extraArgs`
 | redis.podLabels | Labels for the Redis server pods | `{}` |
 | redis.priorityClassName | Priority class for redis | `""` |
 | redis.resources | Resource limits and requests for redis | `{}` |
+| redis.securityContext | Redis Pod Security Context | See [values.yaml](values.yaml) |
 | redis.servicePort | Redis service port | `6379` |
 | redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
 | redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | |

charts/argo-cd/templates/redis/deployment.yaml

@@ -41,8 +41,8 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       automountServiceAccountToken: false
-      {{- if .Values.global.securityContext }}
-      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- if .Values.redis.securityContext }}
+      securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }}
       {{- end }}
       containers:
       - name: {{ template "argo-cd.redis.fullname" . }}

charts/argo-cd/values.yaml

@@ -272,10 +272,10 @@ redis:
   priorityClassName: ""
 
   ## Labels to set container specific security contexts
-  containerSecurityContext: {}
-    # capabilities:
-    #   drop:
-    #     - all
+  securityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+    runAsNonRoot: true
 
 
   resources: {}