move cluster Admin Access to controller

Ability enable the cluster admin access to deploy to the local cluster.

charts/argo-cd/README.md

@@ -49,6 +49,7 @@ $ helm install --name my-release argo/argo-cd
 | controller.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
 | controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` |
 | controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
+| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
 | controller.containerPort | Controller listening port. | `8082` |
 | controller.extraArgs | Additional arguments for the controller. | `[]` |
 | controller.image.repository | Repository to use for the controller | `global.image.repository` |
@@ -135,7 +136,6 @@ $ helm install --name my-release argo/argo-cd
 | server.certificate.domain | Certificate manager domain | `"argocd.example.com"` |
 | server.certificate.enabled | Enables a certificate manager certificate. | `false` |
 | server.certificate.issuer | Certificate manager issuer | `{}` |
-| server.clusterAdminAccess.enabled | Enable RBAC for cluster admin access | `true` |
 | server.config | URL for Argo CD | `{}` |
 | server.containerPort | Server container port. | `8080` |
 | server.extraArgs | Additional arguments for the server | `[]` |

charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.controller.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -20,3 +21,4 @@ rules:
   - '*'
   verbs:
   - '*'
+{{- end }}

charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.controller.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -17,3 +18,4 @@ subjects:
 - kind: ServiceAccount
   name: {{ template "argo-cd.controllerServiceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+{{- end }}

charts/argo-cd/templates/argocd-server/clusterrole.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -32,4 +31,3 @@ rules:
       - pods/log
     verbs:
       - get
-{{- end }}

charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -18,4 +17,3 @@ subjects:
 - kind: ServiceAccount
   name: {{ template "argo-cd.serverServiceAccountName" . }}
   namespace: {{ .Release.Namespace }}
-{{- end -}}

charts/argo-cd/values.yaml

@@ -103,6 +103,11 @@ controller:
     #   namespace: monitoring
     #   additionalLabels: {}
 
+  ## Enable Admin ClusterRole resources.
+  ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
+  clusterAdminAccess:
+    enabled: true
+
 ## Dex
 dex:
   enabled: true
@@ -198,10 +203,6 @@ server:
   ## Argo server log level
   logLevel: info
 
-  ## Enable Admin ClusterRole resources
-  clusterAdminAccess:
-    enabled: true
-
   ## Annotations to be added to controller pods
   ##
   podAnnotations: {}