fix(argo): Add RBAC permissions for v2.12. (#541)

Signed-off-by: Vlad Losev <vladimir.losev@sage.com> fix(argo): create roles instead of rolebindings when singleNamespace is true Signed-off-by: Alex Sears <me@alexsears.com> fix(argo-cd): correct repo for stable helm charts Signed-off-by: Alex Sears <me@alexsears.com>
2021-01-12 10:27:30 -08:00 · 2021-01-12 10:27:30 -08:00 · 93d8b226d1
commit 93d8b226d1
parent 391c439de6
6 changed files with 54 additions and 4 deletions
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -544,7 +544,7 @@ server:
    #       name: secret-name
    #       key: sshPrivateKey
    #   - type: helm
-    #     url: https://kubernetes-charts.storage.googleapis.com
+    #     url: https://charts.helm.sh/stable
    #     name: stable
    #   - type: helm
    #     url: https://argoproj.github.io/argo-helm
--- a/charts/argo/templates/server-cluster-roles.yaml
+++ b/charts/argo/templates/server-cluster-roles.yaml
@ -1,6 +1,10 @@
 {{- if .Values.server.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name }}
 rules:
@ -101,7 +105,11 @@ rules:
  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template
 rules:
--- a/charts/argo/templates/server-crb.yaml
+++ b/charts/argo/templates/server-crb.yaml
@ -2,16 +2,18 @@
 apiVersion: rbac.authorization.k8s.io/v1
 {{- if .Values.singleNamespace }}
 kind: RoleBinding
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name}}
 {{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}
-{{- end }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.server.name}}
 subjects:
 - kind: ServiceAccount
@ -19,12 +21,20 @@ subjects:
  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: RoleBinding
+{{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
 subjects:
 - kind: ServiceAccount
--- a/charts/argo/templates/workflow-aggregate-roles.yaml
+++ b/charts/argo/templates/workflow-aggregate-roles.yaml
@ -1,6 +1,10 @@
 {{- if .Values.createAggregateRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
@ -26,7 +30,11 @@ rules:
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
@ -57,7 +65,11 @@ rules:
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
--- a/charts/argo/templates/workflow-controller-cluster-roles.yaml
+++ b/charts/argo/templates/workflow-controller-cluster-roles.yaml
@ -1,5 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}
 rules:
@ -127,7 +131,11 @@ rules:
  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
 rules:
--- a/charts/argo/templates/workflow-controller-crb.yaml
+++ b/charts/argo/templates/workflow-controller-crb.yaml
@ -8,7 +8,11 @@ metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.controller.name }}
 subjects:
  - kind: ServiceAccount
@ -27,12 +31,20 @@ subjects:
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: RoleBinding
+{{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
 subjects:
  - kind: ServiceAccount