diff --git a/charts/argocd-notifications/Chart.yaml b/charts/argocd-notifications/Chart.yaml index 96825383..27d5f907 100644 --- a/charts/argocd-notifications/Chart.yaml +++ b/charts/argocd-notifications/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v1.2.1 description: A Helm chart for ArgoCD notifications, an add-on to ArgoCD. name: argocd-notifications type: application -version: 1.7.1 +version: 1.8.0 home: https://github.com/argoproj/argo-helm icon: https://argocd-notifications.readthedocs.io/en/stable/assets/logo.png keywords: @@ -15,4 +15,4 @@ maintainers: - name: andyfeller annotations: artifacthub.io/changes: | - - "[Changed]: Consistent .helmignore" + - "[Added]: Ability to define security context for Slack bot deployment" diff --git a/charts/argocd-notifications/README.md b/charts/argocd-notifications/README.md index 81bd8358..ec7caf6c 100644 --- a/charts/argocd-notifications/README.md +++ b/charts/argocd-notifications/README.md @@ -65,6 +65,7 @@ docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:late | Key | Type | Default | Description | |-----|------|---------|-------------| | bots.slack.affinity | object | `{}` | Assign custom [affinity] rules | +| bots.slack.containerSecurityContext | object | `{}` | Container Security Context | | bots.slack.enabled | bool | `false` | Enable slack bot | | bots.slack.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for the Slack bot | | bots.slack.image.repository | string | `"argoprojlabs/argocd-notifications"` | Repository to use for the Slack bot | @@ -72,6 +73,7 @@ docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:late | bots.slack.imagePullSecrets | list | `[]` | Secrets with credentials to pull images from a private registry | | bots.slack.nodeSelector | object | `{}` | [Node selector] | | bots.slack.resources | object | `{}` | Resource limits and requests for the Slack bot | +| bots.slack.securityContext | object | `{"runAsNonRoot":true}` | Pod Security Context | | bots.slack.service.annotations | object | `{}` | Service annotations for Slack bot | | bots.slack.service.port | int | `80` | Service port for Slack bot | | bots.slack.service.type | string | `"LoadBalancer"` | Service type for Slack bot | diff --git a/charts/argocd-notifications/templates/bots/slack/deployment.yaml b/charts/argocd-notifications/templates/bots/slack/deployment.yaml index 83efd6ba..1230034a 100644 --- a/charts/argocd-notifications/templates/bots/slack/deployment.yaml +++ b/charts/argocd-notifications/templates/bots/slack/deployment.yaml @@ -21,6 +21,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "argocd-notifications.bots.slack.serviceAccountName" . }} + {{- with .Values.bots.slack.securityContext }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ include "argocd-notifications.name" . }}-bot image: "{{ .Values.bots.slack.image.repository }}:{{ default .Chart.AppVersion .Values.bots.slack.image.tag }}" @@ -34,6 +37,9 @@ spec: ports: - containerPort: 8080 name: http + {{- with .Values.bots.slack.containerSecurityContext }} + securityContext: {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.bots.slack.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argocd-notifications/values.yaml b/charts/argocd-notifications/values.yaml index 054faffe..c5e5be06 100644 --- a/charts/argocd-notifications/values.yaml +++ b/charts/argocd-notifications/values.yaml @@ -428,6 +428,13 @@ bots: # -- Annotations applied to created service account annotations: {} + # -- Pod Security Context + securityContext: + runAsNonRoot: true + + # -- Container Security Context + containerSecurityContext: {} + # -- Resource limits and requests for the Slack bot resources: {} # limits: