From 800318e74073ed52e76848954ce98a818b68e2b7 Mon Sep 17 00:00:00 2001 From: Liviu Costea Date: Sat, 2 Feb 2019 09:03:05 +0200 Subject: [PATCH] Enable cluster admin accessby default Default installation will allow installing apps in the current cluster without inputted credentials. For other clusters inputted credentials will be needed --- ...cd-application-controller-clusterrole.yaml | 24 +++++++++++++++++++ ...ication-controller-clusterrolebinding.yaml | 21 ++++++++++++++++ charts/argo-cd/values.yaml | 8 +++++++ 3 files changed, 53 insertions(+) create mode 100644 charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml create mode 100644 charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml diff --git a/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml b/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml new file mode 100644 index 00000000..9e366975 --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-clusterrole.yaml @@ -0,0 +1,24 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +{{- end }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml new file mode 100644 index 00000000..f3b5e12d --- /dev/null +++ b/charts/argo-cd/templates/argocd-application-controller-clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.clusterAdminAccess.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argo-cd.fullname" . }}-application-controller + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-application-controller + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: {{ include "argo-cd.name" . }} + app.kubernetes.io/component: application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argo-cd.fullname" . }}-application-controller +subjects: +- kind: ServiceAccount + name: {{ include "argo-cd.fullname" . }}-application-controller + namespace: {{ .Release.Namespace }} +{{- end -}} }} \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 1b14c7c4..4a99e294 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -29,6 +29,14 @@ repoServer: tag: v0.11.0 pullPolicy: Always +# Standard Argo CD installation with cluster-admin access. +# Set this true if you plan to use Argo CD to deploy applications in the same cluster that +# Argo CD runs in (i.e. kubernetes.svc.default). +# Will still be able to deploy to external clusters with inputted credentials. + +clusterAdminAccess: + enabled: true + config: helmRepositories: - name: privateRepo