change: Set security context by default to restrictive values for argo deployments

argocd/configserver/test/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: https://repo.2martens.de/charts
-  version: 0.3.3
-digest: sha256:d618a82a3ea62186be46e0c52aa3778782feee4ba5ca8c0211c9036aaa3f9581
-generated: "2024-01-10T11:01:13.643998+01:00"
+  version: 0.4.0
+digest: sha256:7a97df7cd21a976a9092fa2c1dc7bd4e2b6eeabfd7c0cfe099545afdf6fe60da
+generated: "2024-02-04T22:29:21.556898+01:00"

argocd/configserver/test/Chart.yaml

@@ -4,5 +4,5 @@ version: 0.1.0
 type: application
 dependencies:
   - name: template
-    version: 0.3.3
+    version: 0.4.0
     repository: https://repo.2martens.de/charts

argocd/configserver/test/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

argocd/kafka/test/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: template
   repository: https://repo.2martens.de/charts
-  version: 0.3.3
+  version: 0.4.0
 - name: prometheus-kafka-exporter
   repository: https://prometheus-community.github.io/helm-charts
-  version: 2.7.0
-digest: sha256:7767fee0e666af815c013da4ed1e14692ce54936f3ebd495af5cdfbdccc60b60
-generated: "2024-01-10T10:56:41.312194+01:00"
+  version: 2.8.0
+digest: sha256:38c3e56ef9785061cd6aacb74a180e503bb2356fe0ac93ce17521cdc9208ec7b
+generated: "2024-02-04T22:29:03.374801+01:00"

argocd/kafka/test/Chart.yaml

@@ -4,8 +4,8 @@ version: 0.1.0
 type: application
 dependencies:
   - name: template
-    version: 0.3.3
+    version: 0.4.0
     repository: https://repo.2martens.de/charts
   - name: prometheus-kafka-exporter
-    version: 2.7.0
+    version: 2.8.0
     repository: https://prometheus-community.github.io/helm-charts

argocd/kafka/test/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

argocd/timetable/test/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: https://repo.2martens.de/charts
-  version: 0.3.3
-digest: sha256:d618a82a3ea62186be46e0c52aa3778782feee4ba5ca8c0211c9036aaa3f9581
-generated: "2024-01-09T22:25:43.437286+01:00"
+  version: 0.4.0
+digest: sha256:7a97df7cd21a976a9092fa2c1dc7bd4e2b6eeabfd7c0cfe099545afdf6fe60da
+generated: "2024-02-04T22:28:25.9401+01:00"

argocd/timetable/test/Chart.yaml

@@ -4,5 +4,5 @@ version: 0.1.0
 type: application
 dependencies:
   - name: template
-    version: 0.3.3
+    version: 0.4.0
     repository: https://repo.2martens.de/charts

argocd/timetable/test/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

argocd/wahlrecht/test/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: https://repo.2martens.de/charts
-  version: 0.3.3
-digest: sha256:d618a82a3ea62186be46e0c52aa3778782feee4ba5ca8c0211c9036aaa3f9581
-generated: "2024-01-10T11:03:36.969925+01:00"
+  version: 0.4.0
+digest: sha256:7a97df7cd21a976a9092fa2c1dc7bd4e2b6eeabfd7c0cfe099545afdf6fe60da
+generated: "2024-02-04T22:28:02.308993+01:00"

argocd/wahlrecht/test/Chart.yaml

@@ -4,5 +4,5 @@ version: 0.1.0
 type: application
 dependencies:
   - name: template
-    version: 0.3.3
+    version: 0.4.0
     repository: https://repo.2martens.de/charts

argocd/wahlrecht/test/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL

argocd/zookeeper/test/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: https://repo.2martens.de/charts
-  version: 0.3.3
-digest: sha256:d618a82a3ea62186be46e0c52aa3778782feee4ba5ca8c0211c9036aaa3f9581
-generated: "2024-01-10T11:02:21.710115+01:00"
+  version: 0.4.0
+digest: sha256:7a97df7cd21a976a9092fa2c1dc7bd4e2b6eeabfd7c0cfe099545afdf6fe60da
+generated: "2024-02-04T22:27:37.828013+01:00"

argocd/zookeeper/test/Chart.yaml

@@ -4,5 +4,5 @@ version: 0.1.0
 type: application
 dependencies:
   - name: template
-    version: 0.3.3
+    version: 0.4.0
     repository: https://repo.2martens.de/charts

argocd/zookeeper/test/values.yaml

@@ -33,7 +33,13 @@ podSecurityContext: {}
 # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL