Make clusterrole & clusterrolebinding optional for argocd-server

charts/argo-cd/templates/argocd-server/clusterrole.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -30,4 +31,5 @@ rules:
       - pods
       - pods/log
     verbs:
-      - get
+      - get
+{{- end }}

charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -16,4 +17,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ template "argo-cd.serverServiceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -507,6 +507,11 @@ server:
   #   orphanedResources: {}
   #   roles: []
 
+  ## Enable Admin ClusterRole resources.
+  ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
+  clusterAdminAccess:
+    enabled: true
+
 ## Repo Server
 repoServer:
   name: repo-server