Added Role and service account to repo-server

charts/argo-cd/templates/_helpers.tpl

@@ -92,6 +92,17 @@ Create the name of the ArgoCD server service account to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create the name of the controller service account to use
+*/}}
+{{- define "argo-cd.repoServerServiceAccountName" -}}
+{{- if .Values.repoServer.serviceAccount.create -}}
+    {{ default (include "argo-cd.fullname" .) .Values.repoServer.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.repoServer.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}

charts/argo-cd/templates/argocd-repo-server/deployment.yaml

@@ -105,6 +105,7 @@ spec:
       affinity:
 {{- toYaml .Values.repoServer.affinity | nindent 8 }}
     {{- end }}
+      serviceAccountName: {{ template "argo-cd.repoServerServiceAccountName" . }}
       volumes:
       {{- if .Values.repoServer.volumes }}
 {{- toYaml .Values.repoServer.volumes | nindent 8}}

charts/argo-cd/templates/argocd-repo-server/role.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "argo-cd.repoServer.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: {{ .Values.repoServer.name }}
+rules:
+{{- if .Values.repoServer.rbac }}
+{{toYaml .Values.repoServer.rbac }}
+{{- end }}

charts/argo-cd/templates/argocd-repo-server/rolebinding.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "argo-cd.repoServer.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: {{ .Values.repoServer.name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "argo-cd.repoServer.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "argo-cd.repoServerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}

charts/argo-cd/templates/argocd-repo-server/serviceaccount.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "argo-cd.repoServerServiceAccountName" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}-{{ .Values.repoServer.name }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: {{ .Values.repoServer.name }}

charts/argo-cd/values.yaml

@@ -478,6 +478,21 @@ repoServer:
     #   namespace: monitoring
     #   additionalLabels: {}
 
+  serviceAccount:
+    create: true
+    name: argocd-repo-server
+    
+  ## Repo server rbac rules
+  #rbac:   
+  #- apiGroups:
+  #  - argoproj.io
+  #  resources:
+  #  - applications
+  #  verbs:
+  #  - get
+  #  - list
+  #  - watch
+  
 ## Argo Configs
 configs:
   knownHosts: