DevFW-CICD/argocd-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(argo-cd): Consolidate cluster-wide RBAC (#1597)

Browse source 
Signed-off-by: Petr Drastil <petr.drastil@gmail.com>
This commit is contained in:
Petr Drastil 2023-01-10 09:58:45 +01:00 committed by GitHub
parent 7992b5d04b
commit c5648d5c9f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 70 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

27
charts/argo-cd/templates/argocd-application-controller/clusterrole.yaml
View file

@ -1,23 +1,24 @@
{{- if .Values.controller.clusterAdminAccess.enabled }}
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
rules:
{{- if .Values.controller.clusterRoleRules.enabled }}
{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 0 }}
{{- toYaml .Values.controller.clusterRoleRules.rules | nindent 2 }}
{{- else }}
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}

11
charts/argo-cd/templates/argocd-application-controller/clusterrolebinding.yaml
View file

@ -1,16 +1,17 @@
{{- if .Values.controller.clusterAdminAccess.enabled }}
{{- $config := .Values.controller.clusterAdminAccess | default dict -}}
{{- if hasKey $config "enabled" | ternary $config.enabled .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
labels:
{{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "argo-cd.controller.fullname" . }}
name: {{ include "argo-cd.controller.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "argo-cd.controllerServiceAccountName" . }}
name: {{ include "argo-cd.controllerServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}