DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: set securitycontext for server to something more secure

Browse source 
Signed-off-by: chgl <chgl@users.noreply.github.com>
This commit is contained in:
chgl 2021-04-26 22:12:45 +02:00
parent b652bdd757
commit db34ae67b6
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/argo-workflows/templates/server/server-deployment.yaml
View file

@ -32,6 +32,8 @@ spec:
- name: argo-server - name: argo-server
image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.server.image.registry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.images.pullPolicy }} imagePullPolicy: {{ .Values.images.pullPolicy }}
securityContext:
{{- toYaml .Values.server.securityContext | nindent 12 }}
args: args:
- server - server
- --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap - --configmap={{ .Release.Name }}-{{ .Values.controller.name }}-configmap

7
charts/argo-workflows/values.yaml
View file

@ -172,6 +172,13 @@ server:
podLabels: {} podLabels: {}
# SecurityContext to set on the server pods # SecurityContext to set on the server pods
podSecurityContext: {} podSecurityContext: {}
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
name: server name: server
serviceType: ClusterIP serviceType: ClusterIP
servicePort: 2746 servicePort: 2746