From 302dd2254c58fd823f5a6765f8c236e6685f0415 Mon Sep 17 00:00:00 2001
From: Liviu Costea <liviu.costea@mambu.com>
Date: Fri, 1 Feb 2019 14:41:22 +0200
Subject: [PATCH] Add service account, role and rolebinding for server
 deployment

---
 .../argo-cd/templates/argocd-server-role.yaml | 46 +++++++++++++++++++
 .../templates/argocd-server-rolebinding.yaml  | 20 ++++++++
 .../argo-cd/templates/argocd-server-sa.yaml   | 12 +++++
 3 files changed, 78 insertions(+)
 create mode 100755 charts/argo-cd/templates/argocd-server-role.yaml
 create mode 100755 charts/argo-cd/templates/argocd-server-rolebinding.yaml
 create mode 100755 charts/argo-cd/templates/argocd-server-sa.yaml

diff --git a/charts/argo-cd/templates/argocd-server-role.yaml b/charts/argo-cd/templates/argocd-server-role.yaml
new file mode 100755
index 00000000..d0765299
--- /dev/null
+++ b/charts/argo-cd/templates/argocd-server-role.yaml
@@ -0,0 +1,46 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "argo-cd.fullname" . }}-server
+  labels:
+    app: {{ include "argo-cd.name" . }}-server
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+    app.kubernetes.io/component: server
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - argoproj.io
+  resources:
+  - applications
+  - appprojects
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - update
+  - delete
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - list
diff --git a/charts/argo-cd/templates/argocd-server-rolebinding.yaml b/charts/argo-cd/templates/argocd-server-rolebinding.yaml
new file mode 100755
index 00000000..73f8e963
--- /dev/null
+++ b/charts/argo-cd/templates/argocd-server-rolebinding.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "argo-cd.fullname" . }}-server
+  labels:
+    app: {{ include "argo-cd.name" . }}-server
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+    app.kubernetes.io/component: server
+
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "argo-cd.fullname" . }}-server
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argo-cd.fullname" . }}-server
diff --git a/charts/argo-cd/templates/argocd-server-sa.yaml b/charts/argo-cd/templates/argocd-server-sa.yaml
new file mode 100755
index 00000000..7b29a38e
--- /dev/null
+++ b/charts/argo-cd/templates/argocd-server-sa.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "argo-cd.fullname" . }}-server
+  labels:
+    app: {{ include "argo-cd.name" . }}-server
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+    app.kubernetes.io/component: server