diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 90cde221..2def2ed8 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.0.5 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.11.5 +version: 3.12.0 home: https://github.com/argoproj/argo-helm icon: https://argoproj.github.io/argo-cd/assets/logo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Fixed]: Can't login when using configs.secret.argocdServerAdminPassword" + - "[Added]: Support for aggregation clusterroles" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 5672d677..c73299f9 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -148,6 +148,7 @@ NAME: my-release | fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | | apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` | | apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` | +| createAggregateRoles | Create clusterroles that extend aggregated roles to use argo-cd crds | `false` | | configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | | configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` | | configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) | diff --git a/charts/argo-cd/templates/argocd-aggregate-roles.yaml b/charts/argo-cd/templates/argocd-aggregate-roles.yaml new file mode 100644 index 00000000..d11329a3 --- /dev/null +++ b/charts/argo-cd/templates/argocd-aggregate-roles.yaml @@ -0,0 +1,67 @@ +{{- if .Values.createAggregateRoles }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-view + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-edit + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argo-cd.fullname" . }}-aggregate-to-admin + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "argo-cd.labels" (dict "context" .) | nindent 4 }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +{{- end }} diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 6edc9201..4a6172ef 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -31,6 +31,10 @@ apiVersionOverrides: certmanager: "" # cert-manager.io/v1 ingress: "" # networking.k8s.io/v1beta1 +## Create clusterroles that extend existing clusterroles to interact with argo-cd crds +## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles +createAggregateRoles: false + ## Controller controller: name: application-controller