From 7cce2bc701606cfa155cd499508457a43a0ceeb6 Mon Sep 17 00:00:00 2001 From: yu-croco Date: Wed, 23 Oct 2024 21:01:22 +0900 Subject: [PATCH] feat(argocd-image-updater): update as following upstream Signed-off-by: yu-croco --- charts/argocd-image-updater/README.md | 1 + .../argocd-image-updater/templates/rbac.yaml | 57 ++++++++++++++----- charts/argocd-image-updater/values.yaml | 5 ++ 3 files changed, 48 insertions(+), 15 deletions(-) diff --git a/charts/argocd-image-updater/README.md b/charts/argocd-image-updater/README.md index 5e51a8cd..7a35b881 100644 --- a/charts/argocd-image-updater/README.md +++ b/charts/argocd-image-updater/README.md @@ -87,6 +87,7 @@ The `config.registries` value can be used exactly as it looks in the documentati | config.logLevel | string | `"info"` | Argo CD Image Update log level | | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) | | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. | +| createClusterRoles | bool | `true` | Create cluster roles for cluster-wide installation. | | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry | | extraEnv | list | `[]` | Extra environment variables for argocd-image-updater | | extraEnvFrom | list | `[]` | Extra envFrom to pass to argocd-image-updater | diff --git a/charts/argocd-image-updater/templates/rbac.yaml b/charts/argocd-image-updater/templates/rbac.yaml index 50d75876..b3fa182b 100644 --- a/charts/argocd-image-updater/templates/rbac.yaml +++ b/charts/argocd-image-updater/templates/rbac.yaml @@ -17,21 +17,6 @@ rules: - get - list - watch - - apiGroups: - - argoproj.io - resources: - - applications - verbs: - - get - - list - - update - - patch - - apiGroups: - - "" - resources: - - events - verbs: - - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -49,3 +34,45 @@ subjects: name: {{ include "argocd-image-updater.serviceAccountName" . }} namespace: {{ include "argocd-image-updater.namespace" . | quote }} {{- end }} +--- +{{- if and .Values.rbac.enabled .Values.createClusterRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - argoproj.io + resources: + - applications + verbs: + - get + - list + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "argocd-image-updater.labels" . | nindent 4 }} + name: {{ include "argocd-image-updater.fullname" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argocd-image-updater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-image-updater.serviceAccountName" . }} + namespace: {{ include "argocd-image-updater.namespace" . | quote }} +{{- end }} diff --git a/charts/argocd-image-updater/values.yaml b/charts/argocd-image-updater/values.yaml index 19291de9..4825833e 100644 --- a/charts/argocd-image-updater/values.yaml +++ b/charts/argocd-image-updater/values.yaml @@ -20,6 +20,11 @@ fullnameOverride: "" # -- Global namespace (argocd-image-updater.namespace in _helpers.tpl) override namespaceOverride: "" +# -- Create cluster roles for cluster-wide installation. +## Used when you manage applications in the same cluster where Argo CD Image Updater runs. +## If you want to use this, please set `.Values.rbac.enabled` true as well. +createClusterRoles: true + # -- Extra arguments for argocd-image-updater not defined in `config.argocd`. # If a flag contains both key and value, they need to be split to a new entry extraArgs: []