feat: allow for configuring security context of all components (#410)

charts/argo/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: v2.8.0
 description: A Helm chart for Argo Workflows
 name: argo
-version: 0.10.0
+version: 0.10.1
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:

charts/argo/templates/server-deployment.yaml

@@ -26,6 +26,10 @@ spec:
 {{ toYaml .Values.server.podAnnotations | indent 8}}{{- end }}
     spec:
       serviceAccountName: {{ .Values.server.serviceAccount | quote }}
+      {{- if .Values.server.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.server.podSecurityContext | nindent 8 }}
+      {{- end }}
       containers:
         - name: argo-server
           args:

charts/argo/templates/workflow-controller-config-map.yaml

@@ -16,7 +16,7 @@ data:
     {{- end }}
     {{- end }}
     containerRuntimeExecutor: {{ .Values.controller.containerRuntimeExecutor }}
-    {{- if or .Values.executor.resources .Values.executor.env }}
+    {{- if or .Values.executor.resources .Values.executor.env .Values.executor.securityContext}}
     executor:
       {{- with .Values.executor.resources }}
       resources: {{- toYaml . | nindent 8 }}
@@ -24,6 +24,9 @@ data:
       {{- with .Values.executor.env }}
       env: {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.executor.securityContext }}
+      securityContext: {{- toYaml . | nindent 8 }}
+      {{- end }}
     {{- end }}
     {{- if or .Values.minio.install .Values.useDefaultArtifactRepo }}
     artifactRepository:

charts/argo/templates/workflow-controller-deployment.yaml

@@ -26,6 +26,10 @@ spec:
 {{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
     spec:
       serviceAccountName: {{ .Values.controller.serviceAccount | quote }}
+      {{- if .Values.controller.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
+      {{- end }}
       containers:
         - name: controller
           image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ default .Values.images.tag .Values.controller.image.tag }}"

charts/argo/values.yaml

@@ -31,6 +31,8 @@ controller:
   podAnnotations: {}
   # Optional labels to add to the controller pods
   podLabels: {}
+  # SecurityContext to set on the controller pods
+  podSecurityContext: {}
   # podPortName: http
   metricsConfig:
     enabled: false
@@ -121,6 +123,8 @@ executor:
   resources: {}
   # Adds environment variables for the executor.
   env: {}
+  # sets security context for the executor container
+  securityContext: {}
 
 server:
   enabled: true
@@ -135,6 +139,8 @@ server:
   podAnnotations: {}
   # Optional labels to add to the UI pods
   podLabels: {}
+  # SecurityContext to set on the server pods
+  podSecurityContext: {}
   name: server
   serviceType: ClusterIP
   servicePort: 2746