feat(argo-cd): add multi-namespace support for ApplicationSet controller RBAC (#2935)

* feat(argo-cd): support multiple namespaces in applicationsetcontroller Signed-off-by: leehosu <hosu4549@gmail.com> * fetch upstream Signed-off-by: leehosu <hosu4549@gmail.com> * update README Signed-off-by: leehosu <hosu4549@gmail.com> * change a values about namespace Signed-off-by: leehosu <hosu4549@gmail.com> --------- Signed-off-by: leehosu <hosu4549@gmail.com>
2024-09-26 00:17:55 +09:00 · 2024-09-26 00:17:55 +09:00 · 0afd9e66bf
commit 0afd9e66bf
parent edd04f6ec8
4 changed files with 14 additions and 3 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v2.12.3
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.6.2
+version: 7.6.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@ -26,5 +26,5 @@ annotations:
    fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
    url: https://argoproj.github.io/argo-helm/pgp_keys.asc
  artifacthub.io/changes: |
-    - kind: fixed
+    - kind: added
-      description: Remove namespace field from cluster scoped resources
+      description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller.
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -742,6 +742,7 @@ NAME: my-release
 | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
 | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
 | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
 | configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) |
 | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
 | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout |
 | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
@ -13,4 +13,12 @@ subjects:
  - kind: ServiceAccount
    name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
    namespace: {{ include "argo-cd.namespace" . }}
 {{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}}
 {{- range $namespace := (split "," $namespaces) }}
  {{- if $namespace }}
  - kind: ServiceAccount
    name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }}
    namespace: {{ $namespace | trim | quote }}
  {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -278,6 +278,8 @@ configs:
    applicationsetcontroller.policy: sync
    # -- Enables use of the Progressive Syncs capability
    applicationsetcontroller.enable.progressive.syncs: false
    # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`)
    applicationsetcontroller.namespaces: ""
    # -- Enables [Applications in any namespace]
    ## List of additional namespaces where applications may be created in and reconciled from.