Fix Kapitan plugin securityContext on non-Openshift clusters

projectsyn · Nov 17, 2023 · 70a086c · 70a086c
1 parent 9ee292d
commit 70a086c
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/component/argocd.jsonnet b/component/argocd.jsonnet
@@ -147,6 +147,11 @@ local repoServer = {
       image: common.render_image('kapitan', include_tag=true),
       securityContext: {
         runAsNonRoot: true,
+        // use user 999, since the main repo-server container also uses user
+        // 999 and we need to make sure that the main repo-server container
+        // has write permissions on the cmp-server socket created by this
+        // container.
+        [if !isOpenshift then 'runAsUser']: 999,
       },
       volumeMounts_: {
         'var-files': {

diff --git a/tests/golden/defaults/argocd/argocd/30_argocd/10_argocd.yaml b/tests/golden/defaults/argocd/argocd/30_argocd/10_argocd.yaml
@@ -74,6 +74,7 @@ spec:
         ports: []
         securityContext:
           runAsNonRoot: true
+          runAsUser: 100
         stdin: false
         tty: false
         volumeMounts:

diff --git a/tests/golden/params/argocd/argocd/30_argocd/10_argocd.yaml b/tests/golden/params/argocd/argocd/30_argocd/10_argocd.yaml
@@ -58,6 +58,7 @@ spec:
         ports: []
         securityContext:
           runAsNonRoot: true
+          runAsUser: 100
         stdin: false
         tty: false
         volumeMounts: