feat(argocd-image-updater): update as following upstream

Signed-off-by: yu-croco <yu.croco@gmail.com>
2024-10-23 21:01:22 +09:00 · 2024-10-23 21:01:22 +09:00 · 7cce2bc701
commit 7cce2bc701
parent 9cf5e56843
3 changed files with 48 additions and 15 deletions
--- a/charts/argocd-image-updater/README.md
+++ b/charts/argocd-image-updater/README.md
@ -87,6 +87,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | config.logLevel | string | `"info"` | Argo CD Image Update log level |
 | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
 | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. |
+| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. |
 | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry |
 | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater |
 | extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater |
--- a/charts/argocd-image-updater/templates/rbac.yaml
+++ b/charts/argocd-image-updater/templates/rbac.yaml
@ -17,21 +17,6 @@ rules:
      - get
      - list
      - watch
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - applications
-    verbs:
-      - get
-      - list
-      - update
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@ -49,3 +34,45 @@ subjects:
  name: {{ include "argocd-image-updater.serviceAccountName" . }}
  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
 {{- end }}
+---
+{{- if and .Values.rbac.enabled .Values.createClusterRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "argocd-image-updater.labels" . | nindent 4 }}
+  name: {{ include "argocd-image-updater.fullname" . }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
+rules:
+  - apiGroups:
+    - ""
+    resources:
+      - events
+    verbs:
+      - create
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - applications
+    verbs:
+      - get
+      - list
+      - update
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "argocd-image-updater.labels" . | nindent 4 }}
+  name: {{ include "argocd-image-updater.fullname" . }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "argocd-image-updater.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "argocd-image-updater.serviceAccountName" . }}
+  namespace: {{ include "argocd-image-updater.namespace" . | quote }}
+{{- end }}
--- a/charts/argocd-image-updater/values.yaml
+++ b/charts/argocd-image-updater/values.yaml
@ -20,6 +20,11 @@ fullnameOverride: ""
 # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override
 namespaceOverride: ""

+# -- Create cluster roles for cluster-wide installation.
+## Used when you manage applications in the same cluster where Argo CD Image Updater runs.
+## If you want to use this, please set `.Values.rbac.enabled` true as well.
+createClusterRoles: true
+
 # -- Extra arguments for argocd-image-updater not defined in `config.argocd`.
 # If a flag contains both key and value, they need to be split to a new entry
 extraArgs: []