From c1f6ed45f58c2c45a1c07f5096281e4a312ef9f5 Mon Sep 17 00:00:00 2001
From: "David J. M. Karlsen" <david@davidkarlsen.com>
Date: Mon, 16 Dec 2019 03:55:09 +0100
Subject: [PATCH] feat: Add securityContext. Fixes #96 (#185)

* make securityContext optional
* add docs
* bump chart version
Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>
---
 charts/argo-cd/Chart.yaml                                     | 2 +-
 charts/argo-cd/README.md                                      | 1 +
 .../templates/argocd-application-controller/deployment.yaml   | 3 +++
 charts/argo-cd/templates/argocd-repo-server/deployment.yaml   | 3 +++
 charts/argo-cd/templates/argocd-server/deployment.yaml        | 3 +++
 charts/argo-cd/templates/redis/deployment.yaml                | 3 +++
 charts/argo-cd/values.yaml                                    | 4 ++++
 7 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index ee2b381c..fa18260f 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.3.6"
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 1.4.8
+version: 1.5.0
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
 keywords:
diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index a007f491..a232385c 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -32,6 +32,7 @@ $ helm install --name my-release argo/argo-cd
 | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
 | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
 | global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.3.6"` |
+| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | 
 | nameOverride | Provide a name in place of `argocd` | `"argocd"` |
 | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
 | configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` |
diff --git a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
index 12189424..8fec2fdb 100644
--- a/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/deployment.yaml
@@ -35,6 +35,9 @@ spec:
 {{- toYaml .Values.controller.podLabels | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - command:
         - argocd-application-controller
diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
index 0c66a115..458a7ee3 100644
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@@ -35,6 +35,9 @@ spec:
 {{- toYaml .Values.controller.podLabels | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ .Values.repoServer.name }}
         image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}
diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml
index 5b728d5e..6b84c4ad 100644
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@@ -35,6 +35,9 @@ spec:
 {{- toYaml .Values.controller.podLabels | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ .Values.server.name }}
         image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }}
diff --git a/charts/argo-cd/templates/redis/deployment.yaml b/charts/argo-cd/templates/redis/deployment.yaml
index 87d6a024..ada5dc9a 100644
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@@ -25,6 +25,9 @@ spec:
         app.kubernetes.io/component: {{ .Values.redis.name }}
     spec:
       automountServiceAccountToken: false
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ template "argo-cd.redis.fullname" . }}
         args:
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 5ec75f6a..8413e94d 100644
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -12,6 +12,10 @@ global:
     repository: argoproj/argocd
     tag: v1.3.6
     imagePullPolicy: IfNotPresent
+  securityContext: {}
+  #  runAsUser: 999
+  #  runAsGroup: 999
+  #  fsGroup: 999
 
 ## Controller
 controller: