fix: Redis HA Server StatefulSet SecurityContext Not Updated During Upgrade (#1703)

* add missing check for security context

Signed-off-by: Mangaal <[email protected]>

* update unit test for RedisStatefulSet

Signed-off-by: Mangaal <[email protected]>

---------

Signed-off-by: Mangaal <[email protected]>

Author: Mangaal

controllers/argocd/statefulset.go

@@ -498,6 +498,14 @@ func (r *ReconcileArgoCD) reconcileRedisStatefulSet(cr *argoproj.ArgoCD) error {
 				changed = true
 			}
 		}
+		if !reflect.DeepEqual(ss.Spec.Template.Spec.SecurityContext, existing.Spec.Template.Spec.SecurityContext) {
+			existing.Spec.Template.Spec.SecurityContext = ss.Spec.Template.Spec.SecurityContext
+			if changed {
+				explanation += ", "
+			}
+			explanation += "security context"
+			changed = true
+		}
 		if !reflect.DeepEqual(ss.Spec.Template.Spec.Volumes, existing.Spec.Template.Spec.Volumes) {
 			existing.Spec.Template.Spec.Volumes = ss.Spec.Template.Spec.Volumes
 			if changed {
@@ -943,6 +951,14 @@ func (r *ReconcileArgoCD) reconcileApplicationControllerStatefulSet(cr *argoproj
 			explanation += "replicas"
 			changed = true
 		}
+		if !reflect.DeepEqual(ss.Spec.Template.Spec.SecurityContext, existing.Spec.Template.Spec.SecurityContext) {
+			existing.Spec.Template.Spec.SecurityContext = ss.Spec.Template.Spec.SecurityContext
+			if changed {
+				explanation += ", "
+			}
+			explanation += "security context"
+			changed = true
+		}
 
 		if !reflect.DeepEqual(ss.Spec.Template.Spec.Containers[1:],
 			existing.Spec.Template.Spec.Containers[1:]) {

controllers/argocd/statefulset_test.go

@@ -3,6 +3,7 @@ package argocd
 import (
 	"context"
 	"fmt"
+	"reflect"
 	"testing"
 	"time"
 
@@ -931,6 +932,20 @@ func TestReconcileArgoCD_reconcileRedisStatefulSet_ModifyContainerSpec(t *testin
 	}
 	assert.False(t, envVarFound, "NEW_ENV_VAR should not be present")
 
+	// Modify the SecurityContext
+	assert.NoError(t, r.Client.Get(context.TODO(), types.NamespacedName{Name: s.Name, Namespace: a.Namespace}, s))
+	expectedSecurityContext := s.Spec.Template.Spec.SecurityContext
+	fsGroup := int64(2000)
+	newSecurityContext := &corev1.PodSecurityContext{
+		FSGroup: &fsGroup,
+	}
+	s.Spec.Template.Spec.SecurityContext = newSecurityContext
+	assert.NoError(t, r.Client.Update(context.TODO(), s))
+	// Reconcile again and check if the SecurityContext is reverted
+	assert.NoError(t, r.reconcileRedisStatefulSet(a))
+	assert.NoError(t, r.Client.Get(context.TODO(), types.NamespacedName{Name: s.Name, Namespace: a.Namespace}, s))
+	assert.Equal(t, true, reflect.DeepEqual(expectedSecurityContext, s.Spec.Template.Spec.SecurityContext))
+
 	// Modify the initcontainer environment variable
 	s.Spec.Template.Spec.Containers[0].Env = append(s.Spec.Template.Spec.InitContainers[0].Env, corev1.EnvVar{
 		Name:  "NEW_ENV_VAR",