From 93f593c7b970e59bc39884518bf8971f0901a224 Mon Sep 17 00:00:00 2001
From: Frederik Weber <frederikweber.93@gmail.com>
Date: Tue, 14 Jul 2020 11:58:55 +0200
Subject: [PATCH] fix: #404 - Set Security Context for Redis Pod

---
 charts/argo-cd/README.md                       | 1 +
 charts/argo-cd/templates/redis/deployment.yaml | 4 ++--
 charts/argo-cd/values.yaml                     | 8 ++++----
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index 8b1f0bb9..44a907a0 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -311,6 +311,7 @@ through `xxx.extraArgs`
 | redis.podLabels | Labels for the Redis server pods | `{}` |
 | redis.priorityClassName | Priority class for redis | `""` |
 | redis.resources | Resource limits and requests for redis | `{}` |
+| redis.securityContext | Redis Pod Security Context | See [values.yaml](values.yaml) |
 | redis.servicePort | Redis service port | `6379` |
 | redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
 | redis-ha | Configures [Redis HA subchart](https://github.com/helm/charts/tree/master/stable/redis-ha) The properties below have been changed from the subchart defaults | |
diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml
index e5c673de..58934683 100755
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@@ -41,8 +41,8 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       automountServiceAccountToken: false
-      {{- if .Values.global.securityContext }}
-      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- if .Values.redis.securityContext }}
+      securityContext: {{- toYaml .Values.redis.securityContext | nindent 8 }}
       {{- end }}
       containers:
       - name: {{ template "argo-cd.redis.fullname" . }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 05b0a276..8de32160 100755
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -272,10 +272,10 @@ redis:
   priorityClassName: ""
 
   ## Labels to set container specific security contexts
-  containerSecurityContext: {}
-    # capabilities:
-    #   drop:
-    #     - all
+  securityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+    runAsNonRoot: true
 
 
   resources: {}