From df4beaa962c44318ef83d992eeb2473a09bd3c61 Mon Sep 17 00:00:00 2001
From: leehosu <hosu4549@gmail.com>
Date: Tue, 24 Sep 2024 23:37:47 +0900
Subject: [PATCH] feat(argo-cd): support multiple namespaces in
 applicationsetcontroller

Signed-off-by: leehosu <hosu4549@gmail.com>
---
 charts/argo-cd/Chart.yaml                                 | 6 +++---
 charts/argo-cd/README.md                                  | 3 ++-
 .../argocd-applicationset/clusterrolebinding.yaml         | 8 ++++++++
 charts/argo-cd/values.yaml                                | 6 ++++--
 4 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index a3335e3b..128c408a 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: v2.12.3
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.6.1
+version: 7.6.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -26,5 +26,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: fixed
-      description: Remove unwanted newline on redis-init-secret job's imagepullsecrets
+    - kind: added
+      description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller.
diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index 5ed80a40..800cd3fd 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -742,6 +742,7 @@ NAME: my-release
 | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
 | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
 | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
+| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) |
 | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
 | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout |
 | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
@@ -1417,7 +1418,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
-| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature |
+| applicationSet.allowAnyNamespace | bool | `true` | Enable ApplicationSet in any namespace feature |
 | applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
 | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
 | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |
diff --git a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
index af6d5297..34626b81 100644
--- a/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml
@@ -14,4 +14,12 @@ subjects:
   - kind: ServiceAccount
     name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
     namespace: {{ include "argo-cd.namespace" . }}
+{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}}
+{{- range $namespace := (split "," $namespaces) }}
+  {{- if $namespaces }}
+  - kind: ServiceAccount
+    name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }}
+    namespace: {{ $namespace | trim | quote }}
+  {{- end }}
+{{- end }}
 {{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 8e1b8c39..9d8c54a8 100644
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -278,8 +278,10 @@ configs:
     applicationsetcontroller.policy: sync
     # -- Enables use of the Progressive Syncs capability
     applicationsetcontroller.enable.progressive.syncs: false
+    # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`)
+    applicationsetcontroller.namespaces: ""
 
-    # -- Enables [Applications in any namespace]
+      # -- Enables [Applications in any namespace]
     ## List of additional namespaces where applications may be created in and reconciled from.
     ## The namespace where Argo CD is installed to will always be allowed.
     ## Set comma-separated list. (e.g. app-team-one, app-team-two)
@@ -3133,7 +3135,7 @@ applicationSet:
       #   hosts:
       #     - argocd-applicationset.example.com
   # -- Enable ApplicationSet in any namespace feature
-  allowAnyNamespace: false
+  allowAnyNamespace: true
 ## Notifications controller
 notifications:
   # -- Enable notifications controller