From 5e3e0df5586b7c9c1c93b4d2a1f40a4805cbd6e7 Mon Sep 17 00:00:00 2001
From: Tuan Nguyen <nmtuan.dev@gmail.com>
Date: Wed, 12 Feb 2020 18:49:08 +0800
Subject: [PATCH] Make clusterrole & clusterrolebinding optional for
 argocd-server

---
 charts/argo-cd/templates/argocd-server/clusterrole.yaml      | 4 +++-
 .../argo-cd/templates/argocd-server/clusterrolebinding.yaml  | 4 +++-
 charts/argo-cd/values.yaml                                   | 5 +++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/charts/argo-cd/templates/argocd-server/clusterrole.yaml b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
index d14fcca6..4570454b 100644
--- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -30,4 +31,5 @@ rules:
       - pods
       - pods/log
     verbs:
-      - get
\ No newline at end of file
+      - get
+{{- end }}
\ No newline at end of file
diff --git a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
index 2cf4765e..3bbd5a0d 100644
--- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -16,4 +17,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ template "argo-cd.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
\ No newline at end of file
+  namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index df42b9c1..afe9432e 100755
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -507,6 +507,11 @@ server:
   #   orphanedResources: {}
   #   roles: []
 
+  ## Enable Admin ClusterRole resources.
+  ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
+  clusterAdminAccess:
+    enabled: true
+
 ## Repo Server
 repoServer:
   name: repo-server