chore(argo-cd): create roles instead of rolebindings when singleNamespace is true (#530)

Co-authored-by: Vlad Losev <vladlosev@users.noreply.github.com> Co-authored-by: Sean Johnson <seanson@users.noreply.github.com>
2021-02-16 18:06:11 -05:00 · 2021-02-16 18:06:11 -05:00 · 97e896126c
parent 5b89b5d852
commit 97e896126c
8 changed files with 56 additions and 6 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 1.8.4
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 2.14.2
+version: 2.14.3
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 keywords:
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -549,7 +549,7 @@ server:
    #       name: secret-name
    #       key: sshPrivateKey
    #   - type: helm
-    #     url: https://kubernetes-charts.storage.googleapis.com
+    #     url: https://charts.helm.sh/stable
    #     name: stable
    #   - type: helm
    #     url: https://argoproj.github.io/argo-helm
--- a/charts/argo/Chart.yaml
+++ b/charts/argo/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.12.5
 description: A Helm chart for Argo Workflows
 name: argo
-version: 0.16.0
+version: 0.16.1
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
--- a/charts/argo/templates/server-cluster-roles.yaml
+++ b/charts/argo/templates/server-cluster-roles.yaml
@ -1,6 +1,10 @@
 {{- if .Values.server.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name }}
 rules:
@ -107,7 +111,11 @@ rules:
  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name }}-cluster-template
 rules:
--- a/charts/argo/templates/server-crb.yaml
+++ b/charts/argo/templates/server-crb.yaml
@ -2,16 +2,18 @@
 apiVersion: rbac.authorization.k8s.io/v1
 {{- if .Values.singleNamespace }}
 kind: RoleBinding
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.server.name}}
 {{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}
-{{- end }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.server.name}}
 subjects:
 - kind: ServiceAccount
@ -19,12 +21,20 @@ subjects:
  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: RoleBinding
+{{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.server.name}}-cluster-template
 subjects:
 - kind: ServiceAccount
--- a/charts/argo/templates/workflow-aggregate-roles.yaml
+++ b/charts/argo/templates/workflow-aggregate-roles.yaml
@ -1,6 +1,10 @@
 {{- if .Values.createAggregateRoles }}
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
@ -26,7 +30,11 @@ rules:
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
@ -57,7 +65,11 @@ rules:
  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{ else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  annotations:
    helm.sh/hook: pre-install
--- a/charts/argo/templates/workflow-controller-cluster-roles.yaml
+++ b/charts/argo/templates/workflow-controller-cluster-roles.yaml
@ -1,5 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}
 rules:
@ -127,7 +131,11 @@ rules:
  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: Role
+{{- else }}
 kind: ClusterRole
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
 rules:
--- a/charts/argo/templates/workflow-controller-crb.yaml
+++ b/charts/argo/templates/workflow-controller-crb.yaml
@ -8,7 +8,11 @@ metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.controller.name }}
 subjects:
  - kind: ServiceAccount
@ -27,12 +31,20 @@ subjects:
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+{{- if .Values.singleNamespace }}
+kind: RoleBinding
+{{ else }}
 kind: ClusterRoleBinding
+{{- end }}
 metadata:
  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
 roleRef:
  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.singleNamespace }}
+  kind: Role
+  {{ else }}
  kind: ClusterRole
+  {{- end }}
  name: {{ .Release.Name }}-{{ .Values.controller.name }}-cluster-template
 subjects:
  - kind: ServiceAccount