argocd-helm/charts/argo-cd/templates/argocd-server/clusterrole.yaml

{{- if .Values.createClusterRoles }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ include "argo-cd.server.fullname" . }}
  labels:
    {{- include "argo-cd.labels" (dict "context" . "component" .Values.server.name "name" .Values.server.name) | nindent 4 }}
rules:
  - apiGroups:
      - '*'
    resources:
      - '*'
    verbs:
      - delete
      - get
      - patch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - list
      {{- if (index .Values.configs.params "application.namespaces") }}
      - create
      {{- end }}
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/log
    verbs:
      - get
  {{- if eq (toString (index .Values.configs.cm "exec.enabled")) "true" }}
  - apiGroups:
      - ""
    resources:
      - pods/exec
    verbs:
      - create
  {{- end }}
  - apiGroups:
      - argoproj.io
    resources:
      - applications
      - applicationsets
    verbs:
      - get
      - list
      - update
      - watch
  - apiGroups:
      - batch
    resources:
      {{/* supports triggering jobs from UI */}}
      - jobs
    verbs:
      - create
  - apiGroups:
      - argoproj.io
    resources:
      - workflows
    verbs:
      {{/* supports triggering workflows from UI */}}
      - create
{{- end }}