feat(argo-cd): Set container security contexts (#1579)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
2022-10-30 20:12:46 +01:00 · 2022-10-30 20:12:46 +01:00 · 3d9e2f35a6
commit 3d9e2f35a6
parent b249ebf2a9
12 changed files with 195 additions and 139 deletions
--- a/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/bots/slack/deployment.yaml
@ -20,14 +20,15 @@ spec:
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with .Values.global.securityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      serviceAccountName: {{ template "argo-cd.notificationsBotsSlackServiceAccountName" . }}
-      securityContext: {{- toYaml (mergeOverwrite (deepCopy .Values.global.securityContext) .Values.notifications.securityContext) | nindent 8 }}
      containers:
        - name: {{ template "argo-cd.notifications.fullname" . }}-bot
          image: {{ default .Values.global.image.repository .Values.notifications.bots.slack.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.bots.slack.image.tag }}
          imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.bots.slack.image.pullPolicy }}
-          resources:
-            {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
          command:
            - argocd-notifications
            - bot
@ -35,19 +36,20 @@ spec:
          ports:
          - containerPort: 8080
            name: http
-          {{- with .Values.notifications.bots.slack.containerSecurityContext }}
-          securityContext: {{- toYaml . | nindent 12 }}
-          {{- end }}
+          resources:
+            {{- toYaml .Values.notifications.bots.slack.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.notifications.bots.slack.containerSecurityContext | nindent 12 }}
      {{- with .Values.notifications.bots.slack.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
-    {{- with .Values.notifications.bots.slack.affinity }}
+      {{- with .Values.notifications.bots.slack.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with .Values.notifications.bots.slack.tolerations }}
+      {{- end }}
+      {{- with .Values.notifications.bots.slack.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
-    {{- end }}
+      {{- end }}
 {{ end }}
--- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml
@ -38,30 +38,16 @@ spec:
        - name: {{ .Values.notifications.name }}
          image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
          imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }}
-          resources:
-            {{- toYaml .Values.notifications.resources | nindent 12 }}
          command:
            - argocd-notifications
            - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
            - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
-            {{- if .Values.notifications.metrics.enabled }}
            - --metrics-port={{ .Values.notifications.metrics.port }}
-            {{- end }}
            - --namespace={{ .Release.Namespace }}
            - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
            {{- range .Values.notifications.extraArgs }}
            - {{ . | squote }}
            {{- end }}
-          workingDir: /app
-          ports:
-          {{- if .Values.notifications.metrics.enabled }}
-          - containerPort: {{ .Values.notifications.metrics.port }}
-            name: metrics
-            protocol: TCP
-          {{- end }}
-          {{- if .Values.notifications.containerSecurityContext }}
-          securityContext: {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
-          {{- end }}
          {{- with .Values.notifications.extraEnv }}
          env:
            {{- toYaml . | nindent 12 }}
@ -70,6 +56,15 @@ spec:
          envFrom:
            {{- toYaml . | nindent 12 }}
          {{- end }}
+          ports:
+          - name: metrics
+            containerPort: {{ .Values.notifications.metrics.port }}
+            protocol: TCP
+          resources:
+            {{- toYaml .Values.notifications.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
+          workingDir: /app
          volumeMounts:
            - name: tls-certs
              mountPath: /app/config/tls