CVE-2025-32445

@@ -882,6 +882,39 @@
       },
       "type": "object"
     },
+    "io.argoproj.events.v1alpha1.Container": {
+      "description": "Container defines customized spec for a container",
+      "properties": {
+        "env": {
+          "items": {
+            "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar"
+          },
+          "type": "array"
+        },
+        "envFrom": {
+          "items": {
+            "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource"
+          },
+          "type": "array"
+        },
+        "imagePullPolicy": {
+          "type": "string"
+        },
+        "resources": {
+          "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements"
+        },
+        "securityContext": {
+          "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext"
+        },
+        "volumeMounts": {
+          "items": {
+            "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount"
+          },
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
     "io.argoproj.events.v1alpha1.ContainerTemplate": {
       "description": "ContainerTemplate defines customized spec for a container",
       "properties": {
@@ -4236,7 +4269,7 @@
           "description": "If specified, the pod's scheduling constraints"
         },
         "container": {
-          "$ref": "#/definitions/io.k8s.api.core.v1.Container",
+          "$ref": "#/definitions/io.argoproj.events.v1alpha1.Container",
           "description": "Container is the main container image to run in the sensor pod"
         },
         "imagePullSecrets": {

@@ -886,6 +886,39 @@
         }
       }
     },
+    "io.argoproj.events.v1alpha1.Container": {
+      "description": "Container defines customized spec for a container",
+      "type": "object",
+      "properties": {
+        "env": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar"
+          }
+        },
+        "envFrom": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource"
+          }
+        },
+        "imagePullPolicy": {
+          "type": "string"
+        },
+        "resources": {
+          "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements"
+        },
+        "securityContext": {
+          "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext"
+        },
+        "volumeMounts": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount"
+          }
+        }
+      }
+    },
     "io.argoproj.events.v1alpha1.ContainerTemplate": {
       "description": "ContainerTemplate defines customized spec for a container",
       "type": "object",
@@ -4212,7 +4245,7 @@
         },
         "container": {
           "description": "Container is the main container image to run in the sensor pod",
-          "$ref": "#/definitions/io.k8s.api.core.v1.Container"
+          "$ref": "#/definitions/io.argoproj.events.v1alpha1.Container"
         },
         "imagePullSecrets": {
           "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod",

@@ -4469,6 +4469,148 @@ CreateIfNotExist will create configmap if it doesn’t exists
 
 </table>
 
+<h3 id="argoproj.io/v1alpha1.Container">
+
+Container
+</h3>
+
+<p>
+
+(<em>Appears on:</em>
+<a href="#argoproj.io/v1alpha1.Template">Template</a>)
+</p>
+
+<p>
+
+<p>
+
+Container defines customized spec for a container
+</p>
+
+</p>
+
+<table>
+
+<thead>
+
+<tr>
+
+<th>
+
+Field
+</th>
+
+<th>
+
+Description
+</th>
+
+</tr>
+
+</thead>
+
+<tbody>
+
+<tr>
+
+<td>
+
+<code>resources</code></br> <em>
+<a href="https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core">
+Kubernetes core/v1.ResourceRequirements </a> </em>
+</td>
+
+<td>
+
+<em>(Optional)</em>
+</td>
+
+</tr>
+
+<tr>
+
+<td>
+
+<code>imagePullPolicy</code></br> <em>
+<a href="https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#pullpolicy-v1-core">
+Kubernetes core/v1.PullPolicy </a> </em>
+</td>
+
+<td>
+
+<em>(Optional)</em>
+</td>
+
+</tr>
+
+<tr>
+
+<td>
+
+<code>securityContext</code></br> <em>
+<a href="https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core">
+Kubernetes core/v1.SecurityContext </a> </em>
+</td>
+
+<td>
+
+<em>(Optional)</em>
+</td>
+
+</tr>
+
+<tr>
+
+<td>
+
+<code>volumeMounts</code></br> <em>
+<a href="https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#volumemount-v1-core">
+\[\]Kubernetes core/v1.VolumeMount </a> </em>
+</td>
+
+<td>
+
+<em>(Optional)</em>
+</td>
+
+</tr>
+
+<tr>
+
+<td>
+
+<code>env</code></br> <em>
+<a href="https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#envvar-v1-core">
+\[\]Kubernetes core/v1.EnvVar </a> </em>
+</td>
+
+<td>
+
+<em>(Optional)</em>
+</td>
+
+</tr>
+
+<tr>
+
+<td>
+
+<code>envFrom</code></br> <em>
+<a href="https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#envfromsource-v1-core">
+\[\]Kubernetes core/v1.EnvFromSource </a> </em>
+</td>
+
+<td>
+
+<em>(Optional)</em>
+</td>
+
+</tr>
+
+</tbody>
+
+</table>
+
 <h3 id="argoproj.io/v1alpha1.ContainerTemplate">
 
 ContainerTemplate
@@ -4523,6 +4665,7 @@ Kubernetes core/v1.ResourceRequirements </a> </em>
 
 <td>
 
+<em>(Optional)</em>
 </td>
 
 </tr>
@@ -4538,6 +4681,7 @@ Kubernetes core/v1.PullPolicy </a> </em>
 
 <td>
 
+<em>(Optional)</em>
 </td>
 
 </tr>
@@ -4553,6 +4697,7 @@ Kubernetes core/v1.SecurityContext </a> </em>
 
 <td>
 
+<em>(Optional)</em>
 </td>
 
 </tr>
@@ -20080,8 +20225,7 @@ sensor pod. More info:
 <td>
 
 <code>container</code></br> <em>
-<a href="https://v1-18.docs.kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#container-v1-core">
-Kubernetes core/v1.Container </a> </em>
+<a href="#argoproj.io/v1alpha1.Container"> Container </a> </em>
 </td>
 
 <td>

@@ -9,6 +9,7 @@ retract v1.15.0 // Published accidentally.
 require (
 	cloud.google.com/go/compute/metadata v0.6.0
 	cloud.google.com/go/pubsub v1.48.0
+	dario.cat/mergo v1.0.1
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20221103172237-443f56ff4ba8
 	github.com/Azure/azure-event-hubs-go/v3 v3.6.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2
@@ -52,7 +53,6 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0
 	github.com/hamba/avro/v2 v2.28.0
-	github.com/imdario/mergo v0.3.16
 	github.com/itchyny/gojq v0.12.17
 	github.com/joncalhoun/qson v0.0.0-20200422171543-84433dcd3da0
 	github.com/ktrysmt/go-bitbucket v0.9.81
@@ -107,7 +107,6 @@ require (
 	cloud.google.com/go/auth v0.15.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
 	cloud.google.com/go/iam v1.4.1 // indirect
-	dario.cat/mergo v1.0.1 // indirect
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
 	github.com/99designs/keyring v1.2.1 // indirect
 	github.com/AthenZ/athenz v1.10.39 // indirect

@@ -504,8 +504,6 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/iancoleman/strcase v0.1.1/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE=
-github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/imkira/go-interpol v1.1.0 h1:KIiKr0VSG2CUW1hl1jpiyuzuJeKUUpC8iM1AIE7N1Vk=
 github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=

@@ -58,6 +58,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 		"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.ConditionsResetByTime":        schema_pkg_apis_events_v1alpha1_ConditionsResetByTime(ref),
 		"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.ConditionsResetCriteria":      schema_pkg_apis_events_v1alpha1_ConditionsResetCriteria(ref),
 		"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.ConfigMapPersistence":         schema_pkg_apis_events_v1alpha1_ConfigMapPersistence(ref),
+		"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.Container":                    schema_pkg_apis_events_v1alpha1_Container(ref),
 		"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.ContainerTemplate":            schema_pkg_apis_events_v1alpha1_ContainerTemplate(ref),
 		"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.CustomTrigger":                schema_pkg_apis_events_v1alpha1_CustomTrigger(ref),
 		"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.DataFilter":                   schema_pkg_apis_events_v1alpha1_DataFilter(ref),
@@ -1760,6 +1761,77 @@ func schema_pkg_apis_events_v1alpha1_ConfigMapPersistence(ref common.ReferenceCa
 	}
 }
 
+func schema_pkg_apis_events_v1alpha1_Container(ref common.ReferenceCallback) common.OpenAPIDefinition {
+	return common.OpenAPIDefinition{
+		Schema: spec.Schema{
+			SchemaProps: spec.SchemaProps{
+				Description: "Container defines customized spec for a container",
+				Type:        []string{"object"},
+				Properties: map[string]spec.Schema{
+					"resources": {
+						SchemaProps: spec.SchemaProps{
+							Default: map[string]interface{}{},
+							Ref:     ref("k8s.io/api/core/v1.ResourceRequirements"),
+						},
+					},
+					"imagePullPolicy": {
+						SchemaProps: spec.SchemaProps{
+							Type:   []string{"string"},
+							Format: "",
+						},
+					},
+					"securityContext": {
+						SchemaProps: spec.SchemaProps{
+							Ref: ref("k8s.io/api/core/v1.SecurityContext"),
+						},
+					},
+					"volumeMounts": {
+						SchemaProps: spec.SchemaProps{
+							Type: []string{"array"},
+							Items: &spec.SchemaOrArray{
+								Schema: &spec.Schema{
+									SchemaProps: spec.SchemaProps{
+										Default: map[string]interface{}{},
+										Ref:     ref("k8s.io/api/core/v1.VolumeMount"),
+									},
+								},
+							},
+						},
+					},
+					"env": {
+						SchemaProps: spec.SchemaProps{
+							Type: []string{"array"},
+							Items: &spec.SchemaOrArray{
+								Schema: &spec.Schema{
+									SchemaProps: spec.SchemaProps{
+										Default: map[string]interface{}{},
+										Ref:     ref("k8s.io/api/core/v1.EnvVar"),
+									},
+								},
+							},
+						},
+					},
+					"envFrom": {
+						SchemaProps: spec.SchemaProps{
+							Type: []string{"array"},
+							Items: &spec.SchemaOrArray{
+								Schema: &spec.Schema{
+									SchemaProps: spec.SchemaProps{
+										Default: map[string]interface{}{},
+										Ref:     ref("k8s.io/api/core/v1.EnvFromSource"),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		Dependencies: []string{
+			"k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeMount"},
+	}
+}
+
 func schema_pkg_apis_events_v1alpha1_ContainerTemplate(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
@@ -7905,7 +7977,7 @@ func schema_pkg_apis_events_v1alpha1_Template(ref common.ReferenceCallback) comm
 					"container": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Container is the main container image to run in the sensor pod",
-							Ref:         ref("k8s.io/api/core/v1.Container"),
+							Ref:         ref("github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.Container"),
 						},
 					},
 					"volumes": {
@@ -8008,7 +8080,7 @@ func schema_pkg_apis_events_v1alpha1_Template(ref common.ReferenceCallback) comm
 			},
 		},
 		Dependencies: []string{
-			"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.Metadata", "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.Container", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.Volume"},
+			"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.Container", "github.com/argoproj/argo-events/pkg/apis/events/v1alpha1.Metadata", "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.Volume"},
 	}
 }
 

@@ -4,7 +4,10 @@ import corev1 "k8s.io/api/core/v1"
 
 // ContainerTemplate defines customized spec for a container
 type ContainerTemplate struct {
-	Resources       corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,1,opt,name=resources"`
-	ImagePullPolicy corev1.PullPolicy           `json:"imagePullPolicy,omitempty" protobuf:"bytes,2,opt,name=imagePullPolicy,casttype=PullPolicy"`
-	SecurityContext *corev1.SecurityContext     `json:"securityContext,omitempty" protobuf:"bytes,3,opt,name=securityContext"`
+	// +optional
+	Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,1,opt,name=resources"`
+	// +optional
+	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty" protobuf:"bytes,2,opt,name=imagePullPolicy,casttype=PullPolicy"`
+	// +optional
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty" protobuf:"bytes,3,opt,name=securityContext"`
 }

@@ -709,12 +709,36 @@ message ConfigMapPersistence {
   optional bool createIfNotExist = 2;
 }
 
+// Container defines customized spec for a container
+message Container {
+  // +optional
+  optional .k8s.io.api.core.v1.ResourceRequirements resources = 1;
+
+  // +optional
+  optional string imagePullPolicy = 2;
+
+  // +optional
+  optional .k8s.io.api.core.v1.SecurityContext securityContext = 3;
+
+  // +optional
+  repeated .k8s.io.api.core.v1.VolumeMount volumeMounts = 4;
+
+  // +optional
+  repeated .k8s.io.api.core.v1.EnvVar env = 5;
+
+  // +optional
+  repeated .k8s.io.api.core.v1.EnvFromSource envFrom = 6;
+}
+
 // ContainerTemplate defines customized spec for a container
 message ContainerTemplate {
+  // +optional
   optional .k8s.io.api.core.v1.ResourceRequirements resources = 1;
 
+  // +optional
   optional string imagePullPolicy = 2;
 
+  // +optional
   optional .k8s.io.api.core.v1.SecurityContext securityContext = 3;
 }
 
@@ -3032,7 +3056,7 @@ message Template {
 
   // Container is the main container image to run in the sensor pod
   // +optional
-  optional .k8s.io.api.core.v1.Container container = 3;
+  optional Container container = 3;
 
   // Volumes is a list of volumes that can be mounted by containers in a workflow.
   // +patchStrategy=merge

@@ -1,6 +1,9 @@
 package v1alpha1
 
-import corev1 "k8s.io/api/core/v1"
+import (
+	"dario.cat/mergo"
+	corev1 "k8s.io/api/core/v1"
+)
 
 // Template holds the information of a deployment template
 type Template struct {
@@ -12,7 +15,7 @@ type Template struct {
 	ServiceAccountName string `json:"serviceAccountName,omitempty" protobuf:"bytes,2,opt,name=serviceAccountName"`
 	// Container is the main container image to run in the sensor pod
 	// +optional
-	Container *corev1.Container `json:"container,omitempty" protobuf:"bytes,3,opt,name=container"`
+	Container *Container `json:"container,omitempty" protobuf:"bytes,3,opt,name=container"`
 	// Volumes is a list of volumes that can be mounted by containers in a workflow.
 	// +patchStrategy=merge
 	// +patchMergeKey=name
@@ -59,3 +62,42 @@ type Template struct {
 	// +optional
 	Affinity *corev1.Affinity `json:"affinity,omitempty" protobuf:"bytes,11,opt,name=affinity"`
 }
+
+// Container defines customized spec for a container
+type Container struct {
+	// +optional
+	Resources corev1.ResourceRequirements `json:"resources,omitempty" protobuf:"bytes,1,opt,name=resources"`
+	// +optional
+	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty" protobuf:"bytes,2,opt,name=imagePullPolicy,casttype=PullPolicy"`
+	// +optional
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty" protobuf:"bytes,3,opt,name=securityContext"`
+	// +optional
+	VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty" protobuf:"bytes,4,rep,name=volumeMounts"`
+	// +optional
+	Env []corev1.EnvVar `json:"env,omitempty" protobuf:"bytes,5,rep,name=env"`
+	// +optional
+	EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty" protobuf:"bytes,6,rep,name=envFrom"`
+}
+
+// ApplyToContainer updates the Container with the values from the customized container
+func (c *Container) ApplyToContainer(cc *corev1.Container) {
+	if c == nil {
+		return
+	}
+	_ = mergo.Merge(&cc.Resources, c.Resources, mergo.WithOverride)
+	if cc.SecurityContext == nil {
+		cc.SecurityContext = c.SecurityContext
+	}
+	if cc.ImagePullPolicy == "" {
+		cc.ImagePullPolicy = c.ImagePullPolicy
+	}
+	if len(c.Env) > 0 {
+		cc.Env = append(cc.Env, c.Env...)
+	}
+	if len(c.EnvFrom) > 0 {
+		cc.EnvFrom = append(cc.EnvFrom, c.EnvFrom...)
+	}
+	if len(c.VolumeMounts) > 0 {
+		cc.VolumeMounts = append(cc.VolumeMounts, c.VolumeMounts...)
+	}
+}

@@ -0,0 +1,61 @@
+package v1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	resource "k8s.io/apimachinery/pkg/api/resource"
+)
+
+var (
+	testContainer = &Container{
+		Resources: corev1.ResourceRequirements{
+			Requests: corev1.ResourceList{
+				"cpu": resource.MustParse("100m"),
+			},
+		},
+	}
+)
+
+func Test_ApplyToContainer(t *testing.T) {
+	c := &corev1.Container{}
+	testContainer.ApplyToContainer(c)
+	assert.Equal(t, "", string(c.ImagePullPolicy))
+	assert.Equal(t, testContainer.Resources, c.Resources)
+	c.Resources.Limits = corev1.ResourceList{
+		"cpu": resource.MustParse("200m"),
+	}
+	testContainer.ApplyToContainer(c)
+	assert.Equal(t, resource.MustParse("200m"), *c.Resources.Limits.Cpu())
+	c.Resources.Limits = corev1.ResourceList{
+		"memory": resource.MustParse("32Mi"),
+	}
+	assert.Equal(t, resource.MustParse("32Mi"), *c.Resources.Limits.Memory())
+	testContainer.ImagePullPolicy = corev1.PullAlways
+	testContainer.ApplyToContainer(c)
+	assert.Equal(t, corev1.PullAlways, c.ImagePullPolicy)
+	c.ImagePullPolicy = corev1.PullIfNotPresent
+	testContainer.ApplyToContainer(c)
+	assert.Equal(t, corev1.PullIfNotPresent, c.ImagePullPolicy)
+	testContainer.SecurityContext = &corev1.SecurityContext{}
+	testContainer.ApplyToContainer(c)
+	assert.NotNil(t, c.SecurityContext)
+	testContainer.Env = []corev1.EnvVar{{Name: "a", Value: "b"}}
+	testContainer.EnvFrom = []corev1.EnvFromSource{{Prefix: "a", ConfigMapRef: &corev1.ConfigMapEnvSource{LocalObjectReference: corev1.LocalObjectReference{Name: "b"}}}}
+	testContainer.ApplyToContainer(c)
+	envs := []string{}
+	for _, e := range c.Env {
+		envs = append(envs, e.Name)
+	}
+	assert.Contains(t, envs, "a")
+	envFroms := []string{}
+	for _, e := range c.EnvFrom {
+		envFroms = append(envFroms, e.Prefix)
+	}
+	assert.Contains(t, envFroms, "a")
+	testContainer.VolumeMounts = []corev1.VolumeMount{{Name: "test", MountPath: "/test"}}
+	testContainer.ApplyToContainer(c)
+	assert.Equal(t, 1, len(c.VolumeMounts))
+	assert.Equal(t, "test", c.VolumeMounts[0].Name)
+}

@@ -909,6 +909,49 @@ func (in *ConfigMapPersistence) DeepCopy() *ConfigMapPersistence {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Container) DeepCopyInto(out *Container) {
+	*out = *in
+	in.Resources.DeepCopyInto(&out.Resources)
+	if in.SecurityContext != nil {
+		in, out := &in.SecurityContext, &out.SecurityContext
+		*out = new(v1.SecurityContext)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.VolumeMounts != nil {
+		in, out := &in.VolumeMounts, &out.VolumeMounts
+		*out = make([]v1.VolumeMount, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Env != nil {
+		in, out := &in.Env, &out.Env
+		*out = make([]v1.EnvVar, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.EnvFrom != nil {
+		in, out := &in.EnvFrom, &out.EnvFrom
+		*out = make([]v1.EnvFromSource, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Container.
+func (in *Container) DeepCopy() *Container {
+	if in == nil {
+		return nil
+	}
+	out := new(Container)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ContainerTemplate) DeepCopyInto(out *ContainerTemplate) {
 	*out = *in
@@ -4140,7 +4183,7 @@ func (in *Template) DeepCopyInto(out *Template) {
 	}
 	if in.Container != nil {
 		in, out := &in.Container, &out.Container
-		*out = new(v1.Container)
+		*out = new(Container)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.Volumes != nil {

@@ -39,38 +39,6 @@ func RegisterDefaults(scheme *runtime.Scheme) error {
 
 func SetObjectDefaults_EventSource(in *EventSource) {
 	if in.Spec.Template != nil {
-		if in.Spec.Template.Container != nil {
-			for i := range in.Spec.Template.Container.Ports {
-				a := &in.Spec.Template.Container.Ports[i]
-				if a.Protocol == "" {
-					a.Protocol = "TCP"
-				}
-			}
-			if in.Spec.Template.Container.LivenessProbe != nil {
-				if in.Spec.Template.Container.LivenessProbe.ProbeHandler.GRPC != nil {
-					if in.Spec.Template.Container.LivenessProbe.ProbeHandler.GRPC.Service == nil {
-						var ptrVar1 string = ""
-						in.Spec.Template.Container.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
-					}
-				}
-			}
-			if in.Spec.Template.Container.ReadinessProbe != nil {
-				if in.Spec.Template.Container.ReadinessProbe.ProbeHandler.GRPC != nil {
-					if in.Spec.Template.Container.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
-						var ptrVar1 string = ""
-						in.Spec.Template.Container.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
-					}
-				}
-			}
-			if in.Spec.Template.Container.StartupProbe != nil {
-				if in.Spec.Template.Container.StartupProbe.ProbeHandler.GRPC != nil {
-					if in.Spec.Template.Container.StartupProbe.ProbeHandler.GRPC.Service == nil {
-						var ptrVar1 string = ""
-						in.Spec.Template.Container.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
-					}
-				}
-			}
-		}
 		for i := range in.Spec.Template.Volumes {
 			a := &in.Spec.Template.Volumes[i]
 			if a.VolumeSource.ISCSI != nil {
@@ -136,38 +104,6 @@ func SetObjectDefaults_EventSourceList(in *EventSourceList) {
 
 func SetObjectDefaults_Sensor(in *Sensor) {
 	if in.Spec.Template != nil {
-		if in.Spec.Template.Container != nil {
-			for i := range in.Spec.Template.Container.Ports {
-				a := &in.Spec.Template.Container.Ports[i]
-				if a.Protocol == "" {
-					a.Protocol = "TCP"
-				}
-			}
-			if in.Spec.Template.Container.LivenessProbe != nil {
-				if in.Spec.Template.Container.LivenessProbe.ProbeHandler.GRPC != nil {
-					if in.Spec.Template.Container.LivenessProbe.ProbeHandler.GRPC.Service == nil {
-						var ptrVar1 string = ""
-						in.Spec.Template.Container.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
-					}
-				}
-			}
-			if in.Spec.Template.Container.ReadinessProbe != nil {
-				if in.Spec.Template.Container.ReadinessProbe.ProbeHandler.GRPC != nil {
-					if in.Spec.Template.Container.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
-						var ptrVar1 string = ""
-						in.Spec.Template.Container.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
-					}
-				}
-			}
-			if in.Spec.Template.Container.StartupProbe != nil {
-				if in.Spec.Template.Container.StartupProbe.ProbeHandler.GRPC != nil {
-					if in.Spec.Template.Container.StartupProbe.ProbeHandler.GRPC.Service == nil {
-						var ptrVar1 string = ""
-						in.Spec.Template.Container.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
-					}
-				}
-			}
-		}
 		for i := range in.Spec.Template.Volumes {
 			a := &in.Spec.Template.Volumes[i]
 			if a.VolumeSource.ISCSI != nil {

@@ -13,7 +13,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1"
-	aev1 "github.com/argoproj/argo-events/pkg/apis/events/v1alpha1"
 	"github.com/argoproj/argo-events/pkg/shared/logging"
 )
 
@@ -38,7 +37,7 @@ func NewReconciler(client client.Client, scheme *runtime.Scheme, eventSourceImag
 }
 
 func (r *reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	eventSource := &aev1.EventSource{}
+	eventSource := &v1alpha1.EventSource{}
 	if err := r.client.Get(ctx, req.NamespacedName, eventSource); err != nil {
 		if apierrors.IsNotFound(err) {
 			r.logger.Warnw("WARNING: eventsource not found", "request", req)
@@ -67,7 +66,7 @@ func (r *reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 }
 
 // reconcile does the real logic
-func (r *reconciler) reconcile(ctx context.Context, eventSource *aev1.EventSource) error {
+func (r *reconciler) reconcile(ctx context.Context, eventSource *v1alpha1.EventSource) error {
 	log := logging.FromContext(ctx)
 	if !eventSource.DeletionTimestamp.IsZero() {
 		log.Info("deleting eventsource")
@@ -96,7 +95,7 @@ func (r *reconciler) reconcile(ctx context.Context, eventSource *aev1.EventSourc
 	return Reconcile(r.client, args, log)
 }
 
-func (r *reconciler) needsUpdate(old, new *aev1.EventSource) bool {
+func (r *reconciler) needsUpdate(old, new *v1alpha1.EventSource) bool {
 	if old == nil {
 		return true
 	}

@@ -8,10 +8,8 @@ import (
 	"sort"
 
 	"github.com/argoproj/argo-events/pkg/apis/events/v1alpha1"
-	aev1 "github.com/argoproj/argo-events/pkg/apis/events/v1alpha1"
 	controllerscommon "github.com/argoproj/argo-events/pkg/reconciler/common"
 	sharedutil "github.com/argoproj/argo-events/pkg/shared/util"
-	"github.com/imdario/mergo"
 	"go.uber.org/zap"
 	appv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -26,15 +24,15 @@ import (
 // AdaptorArgs are the args needed to create a sensor deployment
 type AdaptorArgs struct {
 	Image       string
-	EventSource *aev1.EventSource
+	EventSource *v1alpha1.EventSource
 	Labels      map[string]string
 }
 
 // Reconcile does the real logic
 func Reconcile(client client.Client, args *AdaptorArgs, logger *zap.SugaredLogger) error {
 	ctx := context.Background()
 	eventSource := args.EventSource
-	eventBus := &aev1.EventBus{}
+	eventBus := &v1alpha1.EventBus{}
 	eventBusName := v1alpha1.DefaultEventBusName
 	if len(eventSource.Spec.EventBusName) > 0 {
 		eventBusName = eventSource.Spec.EventBusName
@@ -161,12 +159,12 @@ func getDeployment(ctx context.Context, cl client.Client, args *AdaptorArgs) (*a
 	return nil, apierrors.NewNotFound(schema.GroupResource{}, "")
 }
 
-func buildDeployment(args *AdaptorArgs, eventBus *aev1.EventBus) (*appv1.Deployment, error) {
+func buildDeployment(args *AdaptorArgs, eventBus *v1alpha1.EventBus) (*appv1.Deployment, error) {
 	deploymentSpec, err := buildDeploymentSpec(args)
 	if err != nil {
 		return nil, err
 	}
-	eventSourceCopy := &aev1.EventSource{
+	eventSourceCopy := &v1alpha1.EventSource{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace: args.EventSource.Namespace,
 			Name:      args.EventSource.Name,
@@ -340,7 +338,7 @@ func buildDeployment(args *AdaptorArgs, eventBus *aev1.EventBus) (*appv1.Deploym
 		},
 		Spec: *deploymentSpec,
 	}
-	if err := controllerscommon.SetObjectMeta(args.EventSource, deployment, aev1.EventSourceGroupVersionKind); err != nil {
+	if err := controllerscommon.SetObjectMeta(args.EventSource, deployment, v1alpha1.EventSourceGroupVersionKind); err != nil {
 		return nil, err
 	}
 
@@ -356,10 +354,8 @@ func buildDeploymentSpec(args *AdaptorArgs) (*appv1.DeploymentSpec, error) {
 			{Name: "metrics", ContainerPort: v1alpha1.EventSourceMetricsPort},
 		},
 	}
-	if args.EventSource.Spec.Template != nil && args.EventSource.Spec.Template.Container != nil {
-		if err := mergo.Merge(&eventSourceContainer, args.EventSource.Spec.Template.Container, mergo.WithOverride); err != nil {
-			return nil, err
-		}
+	if x := args.EventSource.Spec.Template; x != nil && x.Container != nil {
+		x.Container.ApplyToContainer(&eventSourceContainer)
 	}
 	eventSourceContainer.Name = "main"
 	podTemplateLabels := make(map[string]string)

@@ -23,7 +23,6 @@ import (
 	"fmt"
 	"sort"
 
-	"github.com/imdario/mergo"
 	"go.uber.org/zap"
 	appv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -317,10 +316,8 @@ func buildDeploymentSpec(args *AdaptorArgs) (*appv1.DeploymentSpec, error) {
 			{Name: "metrics", ContainerPort: v1alpha1.SensorMetricsPort},
 		},
 	}
-	if args.Sensor.Spec.Template != nil && args.Sensor.Spec.Template.Container != nil {
-		if err := mergo.Merge(&sensorContainer, args.Sensor.Spec.Template.Container, mergo.WithOverride); err != nil {
-			return nil, err
-		}
+	if x := args.Sensor.Spec.Template; x != nil && x.Container != nil {
+		x.Container.ApplyToContainer(&sensorContainer)
 	}
 	sensorContainer.Name = "main"
 	podTemplateLabels := make(map[string]string)

@@ -52,7 +52,7 @@ var (
 						Name: "test",
 					},
 				},
-				Container: &corev1.Container{
+				Container: &v1alpha1.Container{
 					VolumeMounts: []corev1.VolumeMount{
 						{
 							MountPath: "/test-data",

@@ -22,7 +22,7 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/imdario/mergo"
+	"dario.cat/mergo"
 	"go.uber.org/zap"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

@@ -94,7 +94,7 @@ func fakeSensor() *aev1.Sensor {
 						Name: "test",
 					},
 				},
-				Container: &corev1.Container{
+				Container: &aev1.Container{
 					VolumeMounts: []corev1.VolumeMount{
 						{
 							MountPath: "/test-data",