From b8c689e3c7d34c9145f0d3aa3b0795b21502e786 Mon Sep 17 00:00:00 2001 From: Simon Ninon Date: Sat, 6 Nov 2021 01:23:27 -0700 Subject: [PATCH] fix(argo-cd) Make argocd-server /home/argocd/.aws writeable when using readOnlyRootFilesystem=false security context (#1006) Signed-off-by: Simon Ninon --- charts/argo-cd/Chart.yaml | 4 ++-- charts/argo-cd/templates/argocd-server/deployment.yaml | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index aaf5bf72..947d3e5e 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v2.1.6 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.26.5 +version: 3.26.6 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: README update to reflect correct helm install syntax" + - "[Changed]: Make argocd-server /home/argocd/.aws writeable when using readOnlyRootFilesystem=false security context" diff --git a/charts/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo-cd/templates/argocd-server/deployment.yaml index 697dabbd..93e87e95 100755 --- a/charts/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-server/deployment.yaml @@ -90,6 +90,10 @@ spec: subPath: "custom.styles.css" name: custom-styles {{- end }} + {{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }} + - mountPath: /home/argocd/.aws + name: aws-config + {{- end }} - mountPath: /tmp name: tmp-dir ports: @@ -164,6 +168,10 @@ spec: name: static-files - emptyDir: {} name: tmp-dir + {{- if .Values.server.containerSecurityContext.readOnlyRootFilesystem }} + - emptyDir: {} + name: aws-config + {{- end }} {{- if .Values.configs.styles }} - configMap: name: argocd-custom-styles