fix(argo-cd): Allow to disable containerSecurityContext (#2072)

* Allow to disable containerSecurityContext Add a `enabled` property to allow the whole containerSecurityContext to be disabled. Fixes https://github.com/argoproj/argo-helm/issues/2071 Signed-off-by: wim.fournier <github@fournier.nl> Signed-off-by: Wim Fournier <github@fournier.nl> * fix missing space Signed-off-by: Wim Fournier <github@fournier.nl> * remove enabled key Signed-off-by: Wim Fournier <github@fournier.nl> * fix typo Signed-off-by: Wim Fournier <github@fournier.nl> * missed one Signed-off-by: Wim Fournier <github@fournier.nl> * simplify using `with`, thx @pborn-ionos! Signed-off-by: wim.fournier <wim.fournier@adevinta.com> * missed one Signed-off-by: wim.fournier <wim.fournier@adevinta.com> --------- Signed-off-by: wim.fournier <github@fournier.nl> Signed-off-by: Wim Fournier <github@fournier.nl> Signed-off-by: wim.fournier <wim.fournier@adevinta.com> Co-authored-by: wim.fournier <wim.fournier@adevinta.com>
2023-05-23 22:29:26 +02:00 · 2023-05-23 22:29:26 +02:00 · cd4c291e47
commit cd4c291e47
parent feb7fc0bb8
8 changed files with 32 additions and 12 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v2.7.2
 kubeVersion: ">=1.22.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 5.34.3
+version: 5.34.4
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -27,4 +27,4 @@ annotations:
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
    - kind: fixed
-      description: Align with upstream dex initContainers
+      description: Allow to disable containerSecurityContext
--- a/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
@ -255,8 +255,10 @@ spec:
          failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
        resources:
          {{- toYaml .Values.controller.resources | nindent 10 }}
+        {{- with .Values.controller.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.controller.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
        workingDir: /home/argocd
        volumeMounts:
        {{- with .Values.controller.volumeMounts }}
--- a/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/deployment.yaml
@ -182,8 +182,10 @@ spec:
          {{- end }}
          resources:
            {{- toYaml .Values.applicationSet.resources | nindent 12 }}
+          {{- with .Values.applicationSet.containerSecurityContext }}
          securityContext:
-            {{- toYaml .Values.applicationSet.containerSecurityContext | nindent 12 }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
          volumeMounts:
            {{- with .Values.applicationSet.extraVolumeMounts }}
              {{- toYaml . | nindent 12 }}
--- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml
@ -80,8 +80,10 @@ spec:
            protocol: TCP
          resources:
            {{- toYaml .Values.notifications.resources | nindent 12 }}
+          {{- with .Values.notifications.containerSecurityContext }}
          securityContext:
-            {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
          workingDir: /app
          volumeMounts:
            - name: tls-certs
--- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
@ -273,8 +273,10 @@ spec:
          failureThreshold: {{ .Values.repoServer.readinessProbe.failureThreshold }}
        resources:
          {{- toYaml .Values.repoServer.resources | nindent 10 }}
+        {{- with .Values.repoServer.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.repoServer.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
        {{- with .Values.repoServer.lifecycle }}
        lifecycle:
          {{- toYaml . | nindent 10 }}
--- a/charts/argo-cd/templates/argocd-server/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-server/deployment.yaml
@ -334,8 +334,10 @@ spec:
          failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
        resources:
          {{- toYaml .Values.server.resources | nindent 10 }}
+        {{- with .Values.server.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.server.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
        {{- with .Values.server.lifecycle }}
        lifecycle:
          {{- toYaml . | nindent 10 }}
@ -346,8 +348,10 @@ spec:
        imagePullPolicy: {{ .Values.server.extensions.image.imagePullPolicy }}
        resources:
          {{- toYaml .Values.server.extensions.resources | nindent 10 }}
+        {{- with .Values.server.extensions.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.server.extensions.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
        volumeMounts:
          - name: extensions
            mountPath: /tmp/extensions/
--- a/charts/argo-cd/templates/dex/deployment.yaml
+++ b/charts/argo-cd/templates/dex/deployment.yaml
@ -117,8 +117,10 @@ spec:
        {{- end }}
        resources:
          {{- toYaml .Values.dex.resources | nindent 10 }}
+        {{- with .Values.dex.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
        volumeMounts:
        {{- with .Values.dex.volumeMounts }}
          {{- toYaml . | nindent 8 }}
@ -148,8 +150,10 @@ spec:
          name: dexconfig
        resources:
          {{- toYaml .Values.dex.resources | nindent 10 }}
+        {{- with .Values.dex.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.dex.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
      {{- with .Values.dex.initContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}
      {{- end }}
--- a/charts/argo-cd/templates/redis/deployment.yaml
+++ b/charts/argo-cd/templates/redis/deployment.yaml
@ -75,8 +75,10 @@ spec:
          protocol: TCP
        resources:
          {{- toYaml .Values.redis.resources | nindent 10 }}
+        {{- with .Values.redis.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.redis.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
        {{- with .Values.redis.volumeMounts }}
        volumeMounts:
          {{- toYaml . | nindent 10 }}
@ -99,8 +101,10 @@ spec:
          protocol: TCP
        resources:
          {{- toYaml .Values.redis.exporter.resources | nindent 10 }}
+        {{- with .Values.redis.exporter.containerSecurityContext }}
        securityContext:
-          {{- toYaml .Values.redis.exporter.containerSecurityContext | nindent 10 }}
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
      {{- end }}
      {{- with .Values.redis.extraContainers }}
        {{- tpl (toYaml .) $ | nindent 6 }}