diff --git a/charts/argo-cd/templates/_helpers.tpl b/charts/argo-cd/templates/_helpers.tpl index 2c892a75..714e4a83 100644 --- a/charts/argo-cd/templates/_helpers.tpl +++ b/charts/argo-cd/templates/_helpers.tpl @@ -92,6 +92,17 @@ Create the name of the ArgoCD server service account to use {{- end -}} {{- end -}} +{{/* +Create the name of the controller service account to use +*/}} +{{- define "argo-cd.repoServerServiceAccountName" -}} +{{- if .Values.repoServer.serviceAccount.create -}} + {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.repoServer.serviceAccount.name }} +{{- end -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml index 9c54d0dd..ea9ccfab 100644 --- a/charts/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -105,6 +105,7 @@ spec: affinity: {{- toYaml .Values.repoServer.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }} volumes: {{- if .Values.repoServer.volumes }} {{- toYaml .Values.repoServer.volumes | nindent 8}} diff --git a/charts/argo-cd/templates/argocd-repo-server/role.yaml b/charts/argo-cd/templates/argocd-repo-server/role.yaml new file mode 100644 index 00000000..9beefcd0 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +rules: +{{- if .Values.repoServer.rbac }} +{{toYaml .Values.repoServer.rbac }} +{{- end }} diff --git a/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml new file mode 100644 index 00000000..f028b064 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "argo-cd.repoServer.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "argo-cd.repoServer.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "argo-cd.repoServerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml new file mode 100644 index 00000000..885ea321 --- /dev/null +++ b/charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "argo-cd.repoServerServiceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }} + helm.sh/chart: {{ include "argo-cd.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: {{ .Values.repoServer.name }} \ No newline at end of file diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 5fbf7fe3..06442895 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -478,6 +478,21 @@ repoServer: # namespace: monitoring # additionalLabels: {} + serviceAccount: + create: true + name: argocd-repo-server + + ## Repo server rbac rules + #rbac: + #- apiGroups: + # - argoproj.io + # resources: + # - applications + # verbs: + # - get + # - list + # - watch + ## Argo Configs configs: knownHosts: