diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml index 39a1bbfd..2a845430 100644 --- a/charts/argo/Chart.yaml +++ b/charts/argo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v2.8.0 description: A Helm chart for Argo Workflows name: argo -version: 0.10.0 +version: 0.10.1 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png home: https://github.com/argoproj/argo-helm maintainers: diff --git a/charts/argo/templates/server-deployment.yaml b/charts/argo/templates/server-deployment.yaml index 2593d07f..0d5c8af5 100644 --- a/charts/argo/templates/server-deployment.yaml +++ b/charts/argo/templates/server-deployment.yaml @@ -26,6 +26,10 @@ spec: {{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }} spec: serviceAccountName: {{ .Values.server.serviceAccount | quote }} + {{- if .Values.server.podSecurityContext }} + securityContext: + {{- toYaml .Values.server.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: argo-server args: diff --git a/charts/argo/templates/workflow-controller-config-map.yaml b/charts/argo/templates/workflow-controller-config-map.yaml index 5dde9ff3..54ba076e 100644 --- a/charts/argo/templates/workflow-controller-config-map.yaml +++ b/charts/argo/templates/workflow-controller-config-map.yaml @@ -16,7 +16,7 @@ data: {{- end }} {{- end }} containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }} - {{- if or .Values.executor.resources .Values.executor.env }} + {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}} executor: {{- with .Values.executor.resources }} resources: {{- toYaml . | nindent 8 }} @@ -24,6 +24,9 @@ data: {{- with .Values.executor.env }} env: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.executor.securityContext }} + securityContext: {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }} artifactRepository: diff --git a/charts/argo/templates/workflow-controller-deployment.yaml b/charts/argo/templates/workflow-controller-deployment.yaml index 752183ea..ca80c816 100644 --- a/charts/argo/templates/workflow-controller-deployment.yaml +++ b/charts/argo/templates/workflow-controller-deployment.yaml @@ -26,6 +26,10 @@ spec: {{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }} spec: serviceAccountName: {{ .Values.controller.serviceAccount | quote }} + {{- if .Values.controller.podSecurityContext }} + securityContext: + {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: controller image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}" diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml index 8358572f..731b68ca 100644 --- a/charts/argo/values.yaml +++ b/charts/argo/values.yaml @@ -31,6 +31,8 @@ controller: podAnnotations: {} # Optional labels to add to the controller pods podLabels: {} + # SecurityContext to set on the controller pods + podSecurityContext: {} # podPortName: http metricsConfig: enabled: false @@ -121,6 +123,8 @@ executor: resources: {} # Adds environment variables for the executor. env: {} + # sets security context for the executor container + securityContext: {} server: enabled: true @@ -135,6 +139,8 @@ server: podAnnotations: {} # Optional labels to add to the UI pods podLabels: {} + # SecurityContext to set on the server pods + podSecurityContext: {} name: server serviceType: ClusterIP servicePort: 2746