feat(argo-cd): Ability to provide cluster role to repo-server

Signed-off-by: Roman Rudenko <3kmnazapad@gmail.com>
2021-09-02 17:18:20 +03:00 · 2021-09-02 17:18:20 +03:00 · fd38ac25b7
commit fd38ac25b7
parent 32a6aa70ed
5 changed files with 40 additions and 2 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 2.1.1
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 3.17.5
+version: 3.17.6
 home: https://github.com/argoproj/argo-helm
 icon: https://argoproj.github.io/argo-cd/assets/logo.png
 keywords:
@ -21,4 +21,4 @@ dependencies:
    condition: redis-ha.enabled
 annotations:
  artifacthub.io/changes: |
-    - "[Changed]: Make AWS ALB GRPC backend protocol version configurable"
+    - "[Added]: Ability to provide cluster role to repo-server"
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@ -241,6 +241,7 @@ NAME: my-release
 | repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` |
 | repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
 | repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` |
+| repoServer.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `false` |
 | repoServer.containerPort | Repo server port | `8081` |
 | repoServer.extraArgs | Additional arguments for the repo server. A  list of flags. | `[]` |
 | repoServer.env | Environment variables for the repo server. | `[]` |
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrole.yaml
@ -0,0 +1,14 @@
+{{- if .Values.repoServer.serviceAccount.create }}
+{{- if .Values.repoServer.clusterAdminAccess.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "argo-cd.repoServer.fullname" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+rules:
+{{- if .Values.repoServer.rbac }}
+{{toYaml .Values.repoServer.rbac }}
+{{- end }}
+{{- end }}
+{{- end }}
--- a/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
+++ b/charts/argo-cd/templates/argocd-repo-server/clusterrolebinding.yaml
@ -0,0 +1,18 @@
+{{- if .Values.repoServer.serviceAccount.create }}
+{{- if .Values.repoServer.clusterAdminAccess.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "argo-cd.repoServer.fullname" . }}
+  labels:
+    {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "argo-cd.repoServer.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "argo-cd.repoServerServiceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -982,6 +982,11 @@ repoServer:
    #   namespace: monitoring
    #   additionalLabels: {}

+  ## Enable Admin ClusterRole resources.
+  ## Enable if you would like to grant cluster rights to ArgoCD repo-server.
+  clusterAdminAccess:
+    enabled: false
+
  ## Repo server service account
  ## If create is set to true, make sure to uncomment the name and update the rbac section below
  serviceAccount: