feat(argo-cd): support multiple namespaces in applicationsetcontroller

Signed-off-by: leehosu <hosu4549@gmail.com>

charts/argo-cd/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: v2.12.3
 kubeVersion: ">=1.25.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 7.6.1
+version: 7.6.3
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -26,5 +26,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: fixed
-      description: Remove unwanted newline on redis-init-secret job's imagepullsecrets
+    - kind: added
+      description: Add conditional handling of multiple namespaces in ClusterRoleBinding for ApplicationSet controller.

charts/argo-cd/README.md

@@ -742,6 +742,7 @@ NAME: my-release
 | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring |
 | configs.params."application.namespaces" | string | `""` | Enables [Applications in any namespace] |
 | configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability |
+| configs.params."applicationsetcontroller.namespaces" | string | `""` | A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`) |
 | configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` |
 | configs.params."controller.ignore.normalizer.jq.timeout" | string | `"1s"` | JQ Path expression timeout |
 | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors |
@@ -1417,7 +1418,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | applicationSet.affinity | object | `{}` (defaults to global.affinity preset) | Assign custom [affinity] rules |
-| applicationSet.allowAnyNamespace | bool | `false` | Enable ApplicationSet in any namespace feature |
+| applicationSet.allowAnyNamespace | bool | `true` | Enable ApplicationSet in any namespace feature |
 | applicationSet.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account into the pod. |
 | applicationSet.certificate.additionalHosts | list | `[]` | Certificate Subject Alternate Names (SANs) |
 | applicationSet.certificate.annotations | object | `{}` | Annotations to be applied to the ApplicationSet Certificate |

charts/argo-cd/templates/argocd-applicationset/clusterrolebinding.yaml

@@ -14,4 +14,12 @@ subjects:
   - kind: ServiceAccount
     name: {{ template "argo-cd.applicationSet.serviceAccountName" . }}
     namespace: {{ include "argo-cd.namespace" . }}
+{{- $namespaces := index .Values.configs.params "applicationsetcontroller.namespaces" -}}
+{{- range $namespace := (split "," $namespaces) }}
+  {{- if $namespaces }}
+  - kind: ServiceAccount
+    name: {{ include "argo-cd.applicationSet.serviceAccountName" $ }}
+    namespace: {{ $namespace | trim | quote }}
+  {{- end }}
+{{- end }}
 {{- end }}

charts/argo-cd/values.yaml

@@ -278,6 +278,8 @@ configs:
     applicationsetcontroller.policy: sync
     # -- Enables use of the Progressive Syncs capability
     applicationsetcontroller.enable.progressive.syncs: false
+    # -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"namespace1, namespace2"`)
+    applicationsetcontroller.namespaces: ""
 
       # -- Enables [Applications in any namespace]
     ## List of additional namespaces where applications may be created in and reconciled from.
@@ -3133,7 +3135,7 @@ applicationSet:
       #   hosts:
       #     - argocd-applicationset.example.com
   # -- Enable ApplicationSet in any namespace feature
-  allowAnyNamespace: false
+  allowAnyNamespace: true
 ## Notifications controller
 notifications:
   # -- Enable notifications controller