fix: Add update logic to handle addition of PSS to deployments #1533
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What does this PR do / why we need it:
#1288 and #1493 introduced Pod Security Standards (PSS) to ensure all Argo CD component pods comply with the restricted security policy. However, these changes only apply to new installations.
This PR addresses the gap by adding logic to update existing installations. It ensures that the necessary
securityContext
is applied to existing pods and automatically reconciles any manual changes back to the intended configuration.Which issue(s) this PR fixes:
Closes #1492
How to test changes / Special notes to the reviewer:
I performed an upgrade test as follows:
make run
with thev0.11.0
tag.ArgoCD
CR.make run
and switched to thisPR branch
.make run
again.The following command should return no warnings: