feat(argocd-image-updater): update deployment as following upstream

Signed-off-by: yu-croco <yu.croco@gmail.com>
2024-05-16 08:18:42 +09:00 · 2024-05-16 08:18:42 +09:00 · aded3c2923
commit aded3c2923
parent 29f505abdd
3 changed files with 15 additions and 10 deletions
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@ -114,7 +114,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | rbac.enabled | bool | `true` | Enable RBAC creation |
 | replicaCount | int | `1` | Replica count for the deployment. It is not advised to run more than one replica. |
 | resources | object | `{}` | Pod memory and cpu resource settings for the deployment |
-| securityContext | object | `{}` | Security context settings for the deployment |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context settings for the deployment |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.labels | object | `{}` | Labels to add to the service account |
--- a/charts/argocd-image-updater/templates/deployment.yaml
+++ b/charts/argocd-image-updater/templates/deployment.yaml
@ -34,8 +34,7 @@ spec:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ .Chart.Name }}
-          command:
-            - /usr/local/bin/argocd-image-updater
+          args:
            - run
            {{- with .Values.extraArgs }}
              {{- toYaml . | nindent 12 }}
@ -142,6 +141,8 @@ spec:
            name: ssh-known-hosts
          - mountPath: /app/.ssh
            name: ssh-config
+          - mountPath: /tmp
+            name: tmp
          {{- if .Values.authScripts.enabled }}
          - mountPath: /scripts
            name: authscripts
@ -175,6 +176,8 @@ spec:
          name: argocd-image-updater-ssh-config
          optional: true
        name: ssh-config
+      - emptyDir: {}
+        name: tmp
      {{- with .Values.volumes }}
        {{- toYaml . | nindent 6}}
      {{- end }}
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@ -205,13 +205,15 @@ podSecurityContext: {}
  # fsGroup: 2000

 # -- Security context settings for the deployment
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault

 rbac:
  # -- Enable RBAC creation