feat: Add securityContext. Fixes #96 (#185)

* make securityContext optional
* add docs
* bump chart version
Signed-off-by: David J. M. Karlsen <david@davidkarlsen.com>

charts/argo-cd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.3.6"
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 1.4.8
+version: 1.5.0
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
 keywords:

charts/argo-cd/README.md

@@ -32,6 +32,7 @@ $ helm install --name my-release argo/argo-cd
 | global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` |
 | global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` |
 | global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v1.3.6"` |
+| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | 
 | nameOverride | Provide a name in place of `argocd` | `"argocd"` |
 | configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) |
 | configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` |

charts/argo-cd/templates/argocd-application-controller/deployment.yaml

@@ -35,6 +35,9 @@ spec:
 {{- toYaml .Values.controller.podLabels | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - command:
         - argocd-application-controller

charts/argo-cd/templates/argocd-repo-server/deployment.yaml

@@ -35,6 +35,9 @@ spec:
 {{- toYaml .Values.controller.podLabels | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ .Values.repoServer.name }}
         image: {{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default .Values.global.image.tag .Values.repoServer.image.tag }}

charts/argo-cd/templates/argocd-server/deployment.yaml

@@ -35,6 +35,9 @@ spec:
 {{- toYaml .Values.controller.podLabels | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ .Values.server.name }}
         image: {{ default .Values.global.image.repository .Values.server.image.repository }}:{{ default .Values.global.image.tag .Values.server.image.tag }}

charts/argo-cd/templates/redis/deployment.yaml

@@ -25,6 +25,9 @@ spec:
         app.kubernetes.io/component: {{ .Values.redis.name }}
     spec:
       automountServiceAccountToken: false
+      {{- if .Values.global.securityContext }}
+      securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ template "argo-cd.redis.fullname" . }}
         args:

charts/argo-cd/values.yaml

@@ -12,6 +12,10 @@ global:
     repository: argoproj/argocd
     tag: v1.3.6
     imagePullPolicy: IfNotPresent
+  securityContext: {}
+  #  runAsUser: 999
+  #  runAsGroup: 999
+  #  fsGroup: 999
 
 ## Controller
 controller: