feat(argocd-image-updater): add a parameter to chose namespaced or clusterwide mode for AIU

Signed-off-by: Sebastien RIBIERE <sebastien.ribiere.ext@jellysmack.com>

charts/argocd-image-updater/README.md

@@ -85,6 +85,7 @@ The `config.registries` value can be used exactly as it looks in the documentati
 | config.gitCommitTemplate | string | `""` | Changing the Git commit message |
 | config.gitCommitUser | string | `""` | Username to use for Git commits |
 | config.logLevel | string | `"info"` | Argo CD Image Update log level |
+| config.namespaced | string | `"true"` | Check annotations in ArgoCD namespace only (if true) or in all namespaces (if false) |
 | config.registries | list | `[]` | Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/) |
 | config.sshConfig | object | `{}` | Argo CD Image Updater ssh client parameter configuration. |
 | extraArgs | list | `[]` | Extra arguments for argocd-image-updater not defined in `config.argocd`. If a flag contains both key and value, they need to be split to a new entry |

charts/argocd-image-updater/templates/clusterrole.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.rbac.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argocd-image-updater-clusterrole
+  labels:
+    {{ include "argocd-image-updater.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - delete
+      - get
+      - patch
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - applications
+      - applicationsets
+    verbs:
+      - get
+      - list
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+{{- end }}

charts/argocd-image-updater/templates/clusterrolebinding.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.rbac.enabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argocd-image-updater-clusterrolebinding
+  labels:
+    {{ include "argocd-image-updater.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argocd-image-updater-clusterrole
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "argocd-image-updater.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/argocd-image-updater/templates/configmap.yaml

@@ -46,3 +46,4 @@ data:
     registries:
       {{- toYaml . | nindent 6 }}
   {{- end }}
+  namespaced: {{ .Values.config.namespaced | quote }}

charts/argocd-image-updater/templates/deployment.yaml

@@ -118,6 +118,12 @@ spec:
                 key: git.commit-sign-off
                 name: argocd-image-updater-config
                 optional: true
+          - name: IMAGE_UPDATER_NAMESPACED
+            valueFrom:
+              configMapKeyRef:
+                key: namespaced
+                name: argocd-image-updater-config
+                optional: true
           {{- with .Values.extraEnv }}
             {{- toYaml . | nindent 10 }}
           {{- end }}

charts/argocd-image-updater/values.yaml

@@ -145,6 +145,9 @@ config:
   # -- Argo CD Image Update log level
   logLevel: "info"
 
+  # -- Check annotations in ArgoCD namespace only (if true) or in all namespaces (if false)
+  namespaced : "true"
+
   # -- Argo CD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)
   registries: []
     # - name: Docker Hub