DevFW-CICD/argocd-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Parameterize the rbac configmap

Browse source
This commit is contained in:
Liviu Costea 2019-01-30 08:22:59 +02:00
parent c75e0ae85f
commit 13aa00e665
2 changed files with 32 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
charts/argo-cd/templates/argocd-rbac-cm.yaml Executable file
View file

@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "argo-cd.fullname" . }}-rbac-cm
data:
{{- if .Values.rbac.policy-default }}
policy.default: {{ .Values.rbac.policy-default }}
{{- end }}
{{- if .Values.rbac.policy-csv }}
policy.csv: |
{{ toYaml .Values.rbac.policy-csv | indent 4 }}
{{- end }}

21
charts/argo-cd/values.yaml
View file

@ -8,7 +8,8 @@ applicationController:
server: server:
containerPort: 8080 containerPort: 8080
servicePort: 8080 servicePortHttp: 80
servicePortHttps: 443
containerMetricsPort: 8082 containerMetricsPort: 8082
metricsPort: 8082 metricsPort: 8082
image: image:
@ -66,7 +67,25 @@ config:
orgs: orgs:
- name: your-github-org - name: your-github-org
teams: teams:
rbac:
# # An RBAC policy .csv file containing additional policy and role definitions.
# # See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies.
# policy.csv: |
# # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project"
# p, my-org:team-alpha, applications, sync, my-project/*, allow
# # Make all members of "my-org:team-beta" admins
# g, my-org:team-beta, role:admin
policy-csv: |
p, role:org-admin, applications, *, */*, allow
p, role:org-admin, clusters, get, *, allow
p, role:org-admin, repositories, get, *, allow
p, role:org-admin, repositories, create, *, allow
p, role:org-admin, repositories, update, *, allow
p, role:org-admin, repositories, delete, *, allow
g, your-github-org:your-team, role:org-admin
# The default role Argo CD will fall back to, when authorizing API requests
policy-default: role:readonly
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little