diff --git a/charts/argo-cd/templates/argocd-server-clusterrole.yaml b/charts/argo-cd/templates/argocd-server-clusterrole.yaml new file mode 100644 index 00000000..703e953e --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-clusterrole.yaml @@ -0,0 +1,35 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - delete + - get + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +{{- end }} diff --git a/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml new file mode 100644 index 00000000..34a92829 --- /dev/null +++ b/charts/argo-cd/templates/argocd-server-clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argocd-server + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-server +subjects: + - kind: ServiceAccount + name: argocd-server + namespace: {{ .Release.Namespace }} +{{- end -}}