feat(argo-cd): Set container security contexts (#1579)

Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
2022-10-30 20:12:46 +01:00 · 2022-10-30 20:12:46 +01:00 · 3d9e2f35a6
commit 3d9e2f35a6
parent b249ebf2a9
12 changed files with 195 additions and 139 deletions
--- a/charts/argo-cd/templates/argocd-notifications/deployment.yaml
+++ b/charts/argo-cd/templates/argocd-notifications/deployment.yaml
@ -38,30 +38,16 @@ spec:
        - name: {{ .Values.notifications.name }}
          image: {{ default .Values.global.image.repository .Values.notifications.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.notifications.image.tag }}
          imagePullPolicy: {{ default .Values.global.image.imagePullPolicy .Values.notifications.image.imagePullPolicy }}
-          resources:
-            {{- toYaml .Values.notifications.resources | nindent 12 }}
          command:
            - argocd-notifications
            - --loglevel={{ default .Values.global.logging.level .Values.notifications.logLevel }}
            - --logformat={{ default .Values.global.logging.format .Values.notifications.logFormat }}
-            {{- if .Values.notifications.metrics.enabled }}
            - --metrics-port={{ .Values.notifications.metrics.port }}
-            {{- end }}
            - --namespace={{ .Release.Namespace }}
            - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }}
            {{- range .Values.notifications.extraArgs }}
            - {{ . | squote }}
            {{- end }}
-          workingDir: /app
-          ports:
-          {{- if .Values.notifications.metrics.enabled }}
-          - containerPort: {{ .Values.notifications.metrics.port }}
-            name: metrics
-            protocol: TCP
-          {{- end }}
-          {{- if .Values.notifications.containerSecurityContext }}
-          securityContext: {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
-          {{- end }}
          {{- with .Values.notifications.extraEnv }}
          env:
            {{- toYaml . | nindent 12 }}
@ -70,6 +56,15 @@ spec:
          envFrom:
            {{- toYaml . | nindent 12 }}
          {{- end }}
+          ports:
+          - name: metrics
+            containerPort: {{ .Values.notifications.metrics.port }}
+            protocol: TCP
+          resources:
+            {{- toYaml .Values.notifications.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.notifications.containerSecurityContext | nindent 12 }}
+          workingDir: /app
          volumeMounts:
            - name: tls-certs
              mountPath: /app/config/tls