move cluster Admin Access to controller

Ability enable the cluster admin access to deploy to the local cluster.
2019-10-16 12:16:06 -07:00 · 2019-10-16 12:16:06 -07:00 · e2215f864a
commit e2215f864a
parent 0f7aba1300
6 changed files with 14 additions and 13 deletions
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -49,6 +49,7 @@ $ helm install --name my-release argo/argo-cd
 | controller.affinity | Assign custom affinity rules to the deployment https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` |
 | controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` |
 | controller.args.statusProcessors | define the controller `--status-processors` | `"20"` |
+| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` |
 | controller.containerPort | Controller listening port. | `8082` |
 | controller.extraArgs | Additional arguments for the controller. | `[]` |
 | controller.image.repository | Repository to use for the controller | `global.image.repository` |
@ -135,7 +136,6 @@ $ helm install --name my-release argo/argo-cd
 | server.certificate.domain | Certificate manager domain | `"argocd.example.com"` |
 | server.certificate.enabled | Enables a certificate manager certificate. | `false` |
 | server.certificate.issuer | Certificate manager issuer | `{}` |
-| server.clusterAdminAccess.enabled | Enable RBAC for cluster admin access | `true` |
 | server.config | URL for Argo CD | `{}` |
 | server.containerPort | Server container port. | `8080` |
 | server.extraArgs | Additional arguments for the server | `[]` |
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
@ -1,3 +1,4 @@
+{{- if .Values.controller.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -20,3 +21,4 @@ rules:
  - '*'
  verbs:
  - '*'
+{{- end }}
--- a/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
@ -1,3 +1,4 @@
+{{- if .Values.controller.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -17,3 +18,4 @@ subjects:
 - kind: ServiceAccount
  name: {{ template "argo-cd.controllerServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrole.yaml
@ -1,4 +1,3 @@
-{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -32,4 +31,3 @@ rules:
      - pods/log
    verbs:
      - get
-{{- end }}
--- a/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-server/clusterrolebinding.yaml
@ -1,4 +1,3 @@
-{{- if .Values.server.clusterAdminAccess.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -18,4 +17,3 @@ subjects:
 - kind: ServiceAccount
  name: {{ template "argo-cd.serverServiceAccountName" . }}
  namespace: {{ .Release.Namespace }}
-{{- end -}}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -103,6 +103,11 @@ controller:
    #   namespace: monitoring
    #   additionalLabels: {}

+  ## Enable Admin ClusterRole resources.
+  ## Enable if you would like to grant rights to ArgoCD to deploy to the local kuberentes cluster.
+  clusterAdminAccess:
+    enabled: true
+
 ## Dex
 dex:
  enabled: true
@ -198,10 +203,6 @@ server:
  ## Argo server log level
  logLevel: info

-  ## Enable Admin ClusterRole resources
-  clusterAdminAccess:
-    enabled: true
-
  ## Annotations to be added to controller pods
  ##
  podAnnotations: {}